Forrester's Security & Risk Research Spotlight -- Don't Let Cloud Go Over Your Head

Stephanie Balaouras

With great convenience comes great responsibility...

Once a month I use my blog to highlight some of S&R’s latest and greatest. The cloud is attractive for many reasons -- the possibility of working from home, the vast array of performance and analytical capabilities available, knowing that your backups are safe from that fateful coffee spill, etc. Although the cloud is not a new concept, the security essentials behind it unfortunately remain a mystery to practically all users. What’s worse, the security professionals tasked with protecting corporate data rarely have visibility into all the risk -- it’s simply too easy for users to make critical cloud decisions without process or oversight.   

Underestimating or neglecting the necessary security practices that a cloud requires can lead to hacks, breaches, and horrendous data leaks. We’ve seen our fair share of security embarrassments that range from Hollywood execs to the US government, and S&R pros know that these are far from done.

Read more

The Technology Skills Needed To Deliver In A Customer-Obsessed Organization

Sharyn Leaver

Digital technologies have shifted control into the hands of your customers. Your customers are now independent, active agents in everything, from selecting the channels and platforms they prefer, to the very definition of your brands. As CIO, you’re in an enviable position and are more essential to your firm’s success than ever. You have the technology know-how to tap into these digital technologies. And together with your CMO, you can lead your firm to become customer obsessed and create the digital experiences that win, serve, and retain customers. But you have to be willing to change the way you work.

CIOs of customer obsessed firms must embrace an accelerated pace of change and reinvention, for themselves and their organizations. But years of radical IT outsourcing have denuded many technology management organizations. In fact, Forrester's Q1 2015 Digital Experience Delivery Survey found that the top barrier to success was a lack of resources. So your first order of business as CIO?  Invest heavily in new skills:

  • Software engineering.Software (and how well it does or doesn’t perform) underpins the brand for digital businesses, making core software development and delivery skills paramount to your firm’s future success.  Agile methods, continuous-delivery techniques, and product management skills will be critical – not just in pockets, but scaled up to address all software engineering needs.
Read more

Introduction

John M. Wargo

As a recent addition to the Forrester Application Development and Delivery (AD&D) team, I thought I’d use my first post here to introduce myself.

I’ve been a professional software developer, in one capacity or another, for the entirety of my professional career. Like many others on this team, I’m a geek (not a nerd; yes, there is a difference) and very interested in anything related to software development, gadgets and especially mobile.

As part of the AD&D team, I’ll be focusing on Mobile development topics alongside my colleagues Jeffrey Hammond and Michael Facemire. Because of my experience with open source software, described below, I will be focusing some of my efforts on that space as well. Currently I’m working on updating some of the existing reports in the Mobile App Dev Playbook, the first of which will be published soon.

Before coming to Forrester, I was a product manager at SAP responsible for part of the SAP Mobile Platform (SMP) SDK. I owned the SMP Hybrid SDK (called Kapsel) and the SAP Fiori Client, a native mobile runtime for SAP Fiori. In the last ten years, I’ve held positions at BlackBerry, BoxTone (now part of Good Technology) and AT&T. While at AT&T, I focused primarily on mobile application platforms, achieving developer certification for several products in this space.

Read more

A Travel Nightmare: How To Ignore Data, Remain Clueless, And Anger Your Customers

Brian  Hopkins

Firms are blowing opportunities to engender their customers’ lifelong loyalty. Here’s an example from my own recent experience:

As an analyst, I fly 100,000-plus miles with a preferred airline every year, and I’m a mobile mind-shifted consumer; therefore, I have made some assumptions that have led to an expectation. Assumption — weather delays are not a new phenomenon in travel; assumption — the technology to analyze data and communicate with passengers has been around for a while now, and my big airline that is bleeding money out of its ears should have invested in it; expectation — my airline is going to use my mobile device to understand and take care of me because I’m important to them.

Here’s a summary of how that turned out not to be the case and how my airline could have used systems of insight to handle a bad situation and secure my lifetime loyalty:

Data they had access to: Weather projections over Chicago.

  • Insight they should have had: My aircraft had a high probability of flying right into a bad system.
  • Action they could have taken: They could have rebooked me before I got on the plane.
  • What actually happened: I was stranded in Chicago when a tornado touched down at about the same time I did.
Read more

Samsung keyboard bug highlights vulnerability of passwords

Andras Cser

Here's a new exploit on Samsung Galaxy S4, S4 and S6 Swiftkey: remote code execution is possible which can lead to root access to the device, data loss, password sniffing and keylogging, Man-in-the-Middle attacks and compromised passwords. Another reason why we need to think about 'What's beyond passwords?'. We will shortly publish a report on this topic. Stay tuned.

Yellow Elephants and Pink Unicorns Don't Tell The Real Big Data Story

Michele Goetz

Big data and Hadoop (Yellow Elephants) are so synonymous that you can easily overlook the vast landscape of architecture that goes into delivering on big data value. Data scientists (Pink Unicorns) are also raised to god status as the only real role that can harness the power of big data -- making insights obtainable from big data as far away as a manned journey to Mars. However, this week, as I participated at the DGIQ conference in San Diego and colleagues and friends attended the Hadoop Summit in Belgium, it has become apparent that organizations are waking up to the fact that there is more to big data than a "cool" playground for the privileged few.

The perspective that the insight supply chain is the driver and catalyst of actions from big data is starting to take hold. Capital One, for example, illustrated that if insights from analytics and data from Hadoop were going to influence operational decisions and actions, you need the same degree of governance as you established in traditional systems. A conversation with Amit Satoor of SAP Global Marketing talked about a performance apparel company linking big data to operational and transactional systems at the edge of customer engagement and that it had to be easy for application developers to implement.

Hadoop distribution, NoSQL, and analytic vendors need to step up the value proposition to be more than where the data sits and how sophisticated you can get with the analytics. In the end, if you can't govern quality, security, and privacy for the scale of edge end user and customer engagement scenarios, those efforts to migrate data to Hadoop and the investment in analytic tools cost more than dollars; they cost you your business.

Read more

Where Are You On The BT Transformation Journey?

Leonard Couture

The age of the customer offers a unique opportunity for CIOs to own their destiny.  The role of technology and information in helping enterprises win, serve and retain clients has never been more important.  As the leaders of the digital agenda for their enterprises, CIO and CTOs are the key drivers in improving how customers engage with your enterpriseWe call this focus the Business Technology (BT) agenda and there is a major shift going on to invest in both human and technical capital to address it. 

There are some simple guidelines to help measure where you are on the journey:

  • Where is your innovation happening?  Innovate at the point of customer interactions – digital value is determined by how used the innovation is.  There is no better way for CIOs to be part of the age of the customer than to deliver digital innovation when and where the customer needs it.  The complexity of how to build enterprise-wide digital engagement can only be answered by having a strong BT agenda powered by BT professionals who think and act in an agile, iterative manner.  Your customers will engage your enterprise in many different ways: if you are not building an adaptive experience for them they will move on no matter how good your products may be.  This type of measurement approach is critical to realizing the effect of the digital experience you are building. In the end, the only thing that truly matters is how your customers are engaging your enterprise.
Read more

The API Management Solutions Market Will Quadruple By 2020 As Business Goes Digital

Michael Yamnitsky
Often considered the poster child of digital transformation, APIs are proliferating at enterprises making industry-leading investments in mobile, IoT, and big data. As these initiatives mature, CIOs, CTOs, and heads of development are coming together with business leaders to manage and secure companywide use of APIs using API management solutions
 
Forrester recently released a report that sizes and projects annual spending on API management solutions. We predict US companies alone will spend nearly $3 billion on API management over the next five years. Annual spend will quadruple by the end of the decade, from $140 million in 2014 to $660 million in 2020. International sales will take the global market over the billion dollar mark.
 
In interviewing vendors for this piece of research, we discovered a vast and fertile landscape of participants:
Startups have taken $430 million in venture funding, and so far have realized $335 million in acquisition value. In April 2015, pure-play vendor Apigee went IPO and currently trades at a valuation north of $400 million. 
 
Read more

What is DevOps?

Amy DeMartine

Everywhere I turn, I hear about how some product or service is geared towards DevOps.  It feels like the “cloud washing” we all just went through.  “Cloud washing” continues to cause problems as even today it remains difficult to understand how products and services really affect our ability to create and manage clouds and applications in the cloud.  This “DevOps washing” is causing the same problems and it becomes harder and harder to understand what DevOps really is and how it applies.  I spent a morning breakfast presentation just talking about the definition of DevOps with a group of technology management folks for over an hour! 

 

I’ve spent the past year being the Ops part of the Forrester DevOps story.  We have been hard at work and released a playbook called Modern Service Delivery (to match the Modern Application Delivery playbook coming from my Dev partner Kurt Bittner) and we are approaching the end of creating the foundation of the DevOps story from planning to optimization.  We define DevOps as:

 

“DevOps is a set of practices and cultural changes — supported by the right tools — that creates an automated software delivery pipeline, enabling organizations to win, serve, and retain customers.”

 

If you are serious about DevOps, you can cut through the noise of the “DevOps washing” and start with several practical tips to get you moving in the right direction:

Read more

The FCC is the Most Powerful Privacy Regulator in the Land...What Will Happen Next?

Renee Murphy

Since the bulk collection of telephone metadata began, the NSA has been keeping those records in a vast database and maintaining and querying that data for 5 years before being required to purge it. Now that the data will be back in the hands of the telecom companies, the Federal Communications Commission’s regulations will determine the retention of the metadata.

Prior to the 1980's, the FCC retention schedule was 6 months, but in the 1980’s, during the war on drugs, the Department of Justice asked the FCC to change that requirement to 18 months to make it easier to get RICO convictions for the drug cartels and the FCC complied. Since then, telephone data has been used to convict many organized crime syndicates with great success. Now that the NSA is also an agency that would like access to the same data that they FBI has been using since the 1970’s, will they ask the FCC to maintain the data for five yeas as they had been?

Read more