Security Intelligence: Should We Send A Guy With A Gun Or A Wrench?

Andras Cser

We are kicking off research on security and identity intelligence, which is about understanding risk and detecting abnormal behavior.  One thing is clear: companies don't even *know* what kind of security (SIM, data,  identity, email, etc.) information they should be inspecting to detect security threats and where they should start eating the giant elephant of risk. They clearly need intelligent and automated systems to establish what a normal baseline means in user behaviors and events and then alert on any anomalies - and when they see any changes to normal patterns, understand whether they should send a guy with a gun or a guy with a wrench.  In this research (which will also be the topic of my Security Forum keynote speech) we will look at the interdisciplinary areas between enterprise fraud management, risk based authentication, data protection and identity management. I want to hear about your concerns, issues, and early case studies/solutions in this area.

To Better Compete Into 2012, Infrastructure And Operations Leaders Must Do Things Differently

Doug Washburn

As the saying goes, “If you’re not different from your competition, by definition you can’t be better.” IT infrastructure and operations (I&O) leaders should take this to heart.

In 2012, we enter the "the age of the customer" where increased global competition combined with technology-led disruption erodes traditional competitive barriers across all industries. At the same time, it's easier than ever for empowered employees and application developers to circumvent the I&O group to take advantage of new desktop, mobile, and tablet devices as well as cloud-based software and infrastructure you don’t support. They're creating their own "greenfield" environments without your help.

 It's time for I&O leaders to do things differently. This starts by dispelling the notion that greenfield opportunities require significant financial investment and organizational change or are limited to startups and build-outs in emerging markets. Greenfield opportunities present themselves in every corner of even the most established and mature businesses, and those greenfields can be small, iterative, and agile.

This year, we will dedicate Forrester's Infrastructure & Operations Forums to the theme of "Leapfrog Your Global Competition: Design Your Greenfield Infrastructure Today." Join us May 24 to 25 in Las Vegas and June 19 to 20 in Paris as we tackle everything you need to capitalize on your greenfield opportunities of every scale across data center, desktop, mobile, and IT operations environments.
 

Read more

Security & Risk Professionals: Leapfrog Your Global Competition. Rethink Security; Run At The Threat.

Laura Koetzle

One of the highest-stakes parts of my job as the leader of our Security & Risk business is the in-depth business review that I present to Forrester’s executive team twice a year.  And I always start those presentations with a single slide in which I attempt to capture the Security & Risk profession in as few words as possible.  My current formulation is: “We protect our company’s brand – and our Security & Risk program allows our company to pursue new business opportunities safely.”

Our CEO, George F. Colony, sat bolt upright and said, “Wow – I didn’t know that CISOs saw their roles in such business-centric terms!”  To which I replied, “And that’s exactly the problem.  Strong CISOs are generally all action and very little talk – they put the brand and business opportunity at the center of everything they do, but they don’t brag about it.  And thus they don’t get the recognition they deserve.”

And my team and I are on a mission to help you change that.  Because we know that a strong security & risk program can be a competitive differentiator.  We can help our businesses win on the global stage by enabling our firms to accept more (and different!) risks than others can afford.  Rethinking your security assumptions and your security infrastructure means that you will have the skills, processes, and tools your business needs to seize new opportunities.  So now you just have to get the word out that you can help.

Read more

Telefonica Leadership Conference: Effective Repositioning

Dan Bieler

Last week I attended Telefónica’s leadership event, which is held annually in Miami, reflecting its very strong basis in the Americas. This year’s event attracted around 700 visitors from 130 countries, comprising Telefónica’s customers, vendor partners, and analysts. There were several external keynote speakers, like the CIO of the US government, futurologist Michio Kaku, and the chief economist of the Economist Intelligence Unit, that outlined the macro context for society and the economy over the coming 10 to 20 years. Presentations by partners like Huawei, Microsoft, Nokia, amdocs, and Samsung highlighted visions of the future from a vendor angle. Telefónica itself used the opportunity to present its own vision of how technological progress will affect society and business — and how it intends to address the opportunities and challenges ahead.

Telefónica stands out from its peer group of incumbent telcos by having revamped its overall organizational structure. The firm had already announced this new structure last fall; it effectively sets up one division that focuses on global internal administration and procurement (Global Resources), one division that focuses on emerging Internet-based solutions (Digital), and two geographically focused go-to-market-facing business lines (Americas and Europe). Telefónica Multinational Solutions is part of Global Resources and is the division dedicated to delivering services to the MNC segment.

Read more

Should You Be Using Service Level Management Tools?

Bill Martorelli

A couple of years ago, my then-colleague Patrick Connaughton wrote a market overview about service-level management tools, which included a discussion of specific toolsets intended to help customers manage both internal and external services-based relationships. Among the technologies in this space include Digital Fuel, Oblicore, Compuware’s APM, Enlighta, Appirio, and others. Such service-level management tools, as we described them then, reflects one key aspect of toolsets like Digital Fuel and Oblicore, to monitor service levels for both internal and outsourced delivery. But the technologies also have other capabilities, including the ability to create catalogs and manage financial implications of services consumption, both internal and external.

Since that time, challenges in service consumption, including measuring and managing services relationships, have only gotten harder, complicated by the widespread trend toward multisourcing and multi-supplier relationships and new categories of cloud-based services like IaaS on the other. Given these challenges, tools like those described above would seem to have some possible value. Big industry suppliers sure seem to think so: Since we wrote our last report, NewScale has been snapped up by Cisco and Digital Fuel was bought out by VMware, with the goal in part to help customers of virtual solutions and cloud services meter their usage and help charge back for consumption. In addition, KPMG acquired Equaterra, meaning that KPMG also took ownership of Equaterra’s EquaSiis, an outsourcing governance suite developed in conjunction with Microsoft. Oblicore was acquired by Computer Associates just months prior to our report. The acquisitions have in some cases meant a change in focus for the technologies acquired, to fit more cleanly to the broader product and services agenda of the acquirer.

Read more

A View Of VERGE From An IT Expert's Perspective

Chris Mines

Part of my role managing the Business Technology Futures team at Forrester is to keep an eye on "what's next" for CIOs and their business partners.

My team is chartered to create an early-warning radar screen of new technologies, new business models and new demands from customers that will change technology's role and impact on business.

That's where the VERGE conference comes in. I spent two very engaging days at this GreenBiz event earlier in March, soaking in the conVERGEnce of energy, transport, buildings and information.

And what a great event! I am an experienced consumer of industry conferences and this was one of the best I've attended. The mix of topics, speakers, and formats really clicked for me, because the event featured:
 

  • Multidisciplinary thinking. Not just across the four big domains, but across three dimensions of convergence taking place within them: technology (analytics meets network meets social), organizational (HR meets marketing meets facilities) and ecosystem (suppliers meet distributors meet customers). Holding this 4 X 3 Rubik's cube in one's head is daunting but also mind-expanding.
Read more

The Consumerization Conundrum: Why Virtual Machines Won't Work On Mobile Devices

Frank Gillett

In Forrester’s Forrsights Workforce Employee Survey, Q4 2011, we learned that 60% of information workers use their devices for work and personal tasks. This dual use of PCs, smartphones, and tablets is a growing concern. One common idea is to create a virtual machine on mobile devices, in the same way that Citrix, Microsoft, and VMware products enable hosted virtual desktops on PCs. But this idea of having a “virtual smartphone for work” within your personal smartphone simply won’t work; it’s just as bad and impractical an idea as having two separate physical smartphones! Both approaches create separate spheres of work and personal that simply don’t reflect the seamless way that many people have to switch back and forth between work and personal tasks (excluding top-secret government work, of course).

I heard about a better idea this week. What if mobile device OSes enabled separate containers or sandboxes, under the covers, for enterprise applications and their data?

The idea is to have low-level separation in the OS architecture, supported and controlled by enteprise policy and certificates, that is transparent to the user. So the screen full of icons would allow us to mix work and personal icons any way we please, but they’d be separate under the covers. So the experience would be like that of looking at the overall address book on your smartphone, which on iOS, Android, and Windows Phone all integrate your contacts from different sources into one seamless list — even though they are separate on the back end.

Read more

Deloitte To Acquire Workday Implementation Specialist Aggressor

Liz Herbert

Deloitte continues to ramp up its software-as-a-service (SaaS) consulting practice, both through organic growth as well as acquisition. Today, Deloitte announced plans to acquire Workday implementation specialist Aggressor. Aggressor has been one of a very small set of Workday integrators (along with Deloitte), which means Deloitte now further boosts its already-impressive Workday practice.

This move furthers Deloitte’s Workday practice, as well as Deloitte’s overall practice in SaaS implementation and integration work. Deloitte also has strategic partnerships with other leading SaaS vendors, most notably salesforce.com.

For buyers, this means a stronger and deeper bench of consultants at Deloitte. But, on the downside, it removes a boutique/specialist option from the market, which appealed to some because of its laser focus, smaller size, and (perceived or real) ability to be more nimble, flexible, and price competitive.

Are you an Aggressor or Deloitte client or prospect? We would love to hear your thoughts!

Categories:

Don’t Forbid Employees From Using The Escalator, Give Them Reasons To Use The Stairs

Chris McClean

Guest post from Researcher Nick Hayes.

If you had to go up one level in a train station, would you take the stairs or use the escalator? Most people would choose the escalator. But what if the staircase played musical notes like an interactive piano? This may change things, right? A couple of years ago, Volkswagen began sponsoring an initiative called The Fun Theory that tested the degree to which they could change people’s behavior for the better by introducing an element of fun. In one example, they found that by adding a unique element to the stairs – transforming it into an interactive piano – they were able to increase staircase use by 66%. You can watch the short video here.

You can apply this same principle to your training and awareness programs -- find your own piano staircase, and use it to begin guiding people to choose the right thing on their own. Chris and I have been working on a report that stresses the importance of organizational culture in the development of risk and compliance programs. Throughout the research process, we asked risk and compliance professionals and vendors in the space the same question: “How are you influencing and promoting positive behavior?”

You can create new technical controls and policies, and you can require employees to sign attestations all day, but these efforts have minimal value (or worse) when there’s no positive reinforcement. When compliance and risk management are considered obligatory tasks, rather than meaningful efforts that the company values, it diminishes the perceived importance of ethical behavior.

Read more

End Users: Should We Put Them In Padded Cells?

David Johnson

If you're an I&O professional, what comes to mind when you say "end user"? If you're like most of us, your mind has a conjured-up impression of a cosmically clueless person who actually gave you a hard time once, and the picture is now your mind's own avatar for everyone you support. It's not usually a positive image, is it? I used to picture a middle-aged, BMW-driving executive with his hair parted on one side wearing an LL Bean sweater, probably an Ivy-league grad, who couldn't be bothered to actually take responsibility for his own personal computing destiny…he always had servants to take care of trivialities…and hence he was ruining my day with his incompetence. Let's call him Ascot Rothschild III.

An image like that is a powerful thing, and the painful memory of this individual's willful, arrogant ignorance then pervades our future thinking about what we're up against when we set IT policy like BYOC. Ascot becomes the poster child - in our minds anyway - for every garden-variety corporate doofus that we'll have to deal with if we give people any more rope than we already do. They also give us plenty of reasons to take more rope away. In my case, I used to sit on a helpdesk for Remedy customers, and my team had a collection of "special" customers we wondered how they managed to get dressed and find their car keys in the morning. As I later designed Remedy and Peregrine applications, I did so with these "edge cases" in mind.

Read more