Vote For Forrester's IT Forum 2011 Theme

Stephanie Balaouras

It's that time of year when we begin planning our spring Forums. Our Security & Risk Forum EMEA will take place in London, March 17th and 18th. Planning and content creation for that Forum is already well underway and we're looking forward to another great event. But I also wanted to highlight our spring IT Forum. Mark your calendars for May 25-27 in Las Vegas and June 8-10 in Barcelona.  Not only is there a dedicated track for Security and Risk professionals at IT Forum but there is an opportunity for Security & Risk pros to learn about broad IT  challenges and trends. I believe this is critical because in order for security organizations to become much more proactive and less reactive, they have to understand what's happening across IT and not just narrowly within security. We need to be ready for the next major business or IT shift before it happens.

We've come up with three potential draft themes and need your vote for the best IT Forum 2011 theme:

1. Unleash your empowered enterprise.

As technology becomes more accessible through mediums beyond IT's control, you have but one choice: Get proactive by empowering employees, or swim against the current. Successful BT leaders will react not by blocking access but by lending their expertise to increase the chances of technology success and empowering the users to solve customer and business problems. This year's IT Forum will provide a blueprint for reaping the benefits of your empowered organization — complete with case studies, methodologies, and step-by-step advice tailored to each IT role.

Read more

Oracle Acquires Passlogix -- A Signal That eSSO Is No Longer A Separate Market

Andras Cser

In a rather unsurprising move, Oracle acquired its longtime OEM partner of eSSO solutions, Passlogix. The sale has closed after a relatively long courtship – the eSSO market has been consolidating for a long time: Novell’s OEM agreement with ActivIdentity, IBM’s acquisition of Encentuate all signal IAM stack consolidation. Beyond the obvious — 1) eSSO integration with Oracle Access Manager and Oracle Adaptive Access Manager to integrate with web single sign on, 2) a multitude of second factor and adaptive authentication mechanisms using v-GO User Access Manager, and 3) using v-GO SSO’s screenscraping technology to create Oracle Identity Manager connectors to arcane, no-CLI systems — large tasks remain for Oracle: a) providing access management for mobile devices and b) getting to be a credible player in Privileged User Management (where Passlogix’s v-GO Shared Accounts Manager is a second-tier player).

Join Forrester's New Online Community For Security & Risk Professionals!

Stephanie Balaouras

Here at Forrester, we like to eat our own dog food. Hot on the heels of the book launch of Empowered, Forrester has launched an online community for security and risk professionals. The community is a place for security and risk professionals to exchange ideas, opinions, and real-world solutions with each other. Forrester analysts will also be part of the community, helping facilitate the discussions and sharing their views.

The community is open to all security and risk professionals, whether you’re a Forrester client or not. Do you want to know if your peers plan to support new consumer mobile devices in the workplace? Do you want to know how your peers are promoting cyber awareness? You can post these and other questions, thoughts, and ideas to the community.

I’m excited to announce the launch of this community. At our recent Security Forum in Boston, the topic of better information sharing and collaboration — among security and risk professionals and between the public and private sector — came up on numerous occasions. In this new era of advanced threats from well-organized and well-funded crime and state sponsored agents, together with the rapid pace of innovation from mobile to social to cloud, I believe the active exchange of best practices and solutions is a critical need for the security community.

Here’s what else you’ll find in the community:

  • A simple platform on which you can pose your questions and get advice from peers
  • Insight from our analysts, who weigh in frequently on the issues.
  • Fresh perspective from peers, who share their success stories and best practices.
  • Content on the latest technologies and trends  — from Forrester and other thought leaders.
Read more

Security Forum 2010: Day 2 Keynotes-At-A-Glance

Stephanie Balaouras

Last week, I wrote a blog post summarizing the Day 1 opening keynotes at Forrester’s Security Forum.  This week, I’d like to recap the Day 2 opening keynotes. The second or last day at any event is always a challenge; attendees are always tempted to leave early or to stay in their hotel rooms to get some work done or if the event is in Vegas, squeeze in some craps (my favorite) or drop a few coins in a nearby slot. Luckily, we held the event in Boston and the lobsters have nowhere to run, so most attendees were happy to stick around until the end of the day. Not only did we have great attendance on Day 2, but there was a palpable buzz in the air. The audience asked tough questions and no one was spared — Forrester analysts, industry guest speakers, and vendors. While the main topic of Day 1 seemed to focus on risk and overall strategy, governance, and oversight, Day 2 focused on coming up with the specifics — the specific plans, the specific policies. As Andrew Jaquith stated in his keynote, to provide better data security, “you don’t need more widgets, what you need is a plan.”

Below are some of the highlights from the Day 2 keynotes: 

Read more

Live Streaming From Forrester's Security Forum 2010 - Day Two

Stephanie Balaouras

Today's Live Stream
8:30 a.m.-8:45 a.m. EST
Day 2 Opening Remarks
Stephanie Balaouras
, Principal Analyst, Research Director, Forrester

8:45 a.m.-9:30 a.m. EST
Forrester Keynote:
Moving To Information Control: Forrester's Maturity Model For Data Security
Andrew Jaquith
, Senior Analyst, Forrester

Live Streaming From Forrester's Security Forum 2010 - Day One

Stephanie Balaouras

Today's Live Stream
8:30 a.m.-8:45 a.m. EST
Day 1 Opening Remarks
Stephanie Balaouras
, Principal Analyst, Research Director, Forrester

8:45 a.m.-9:30 a.m. EST
Forrester Keynote:
Maturing The Security Organization
Khalid Kark
, Vice President, Principal Analyst, Forrester

Security Forum 2010: Day 1 Keynotes At-A-Glance

Stephanie Balaouras

Security Forum 2010 is upon us, and the stage has been set. After my welcome remarks this morning, Forrester’s own VP & Principal Analyst Khalid Kark kicked us off with a fantastic keynote: “Maturing The Security Organization.” Next up, Malcolm Harkins, CISO of Intel, spoke about the misperception of risk as “The Most Significant Vulnerability We Face." After Malcolm, Forrester was happy to welcome a quartet of IBM security experts and customers for a panel discussion on “Smart Security." Daniel Barriuso, CISO of Credit Suisse, finished up our morning keynotes with a presentation outlining the essential steps to build a “Holistic IT Security Management organization”.

Even though each of these presentations addressed different security challenges, in the end they delivered many common recommendations. For example, the need for strong governance and oversight and the ability to objectively identify and assess future risks. There were a few other key points that I want to highlight:

Read more

IBM Announces Plans To Acquire OpenPages . . . Top GRC Vendors Are Charting Very Different Courses

Chris McClean

Rarely does vendor consolidation reflect such fragmentation of a market.

Picking up on the recent acquisition trend of independent market leaders, IBM today announced plans to acquire long-time GRC heavyweight OpenPages to strengthen its business analytics offerings, including Cognos and SPSS. It's a good fit for both companies and certainly won't surprise anyone who has been following the space... the OpenPages platform leans on Cognos for its reporting capabilities, so they already have a head start on product integration. The two have also proven successful in the past by combining forces on large risk management implementations, so there are already established use cases to reference.

This deal is most interesting, however, when you consider the other acquisitions of top GRC vendors. Less than two years ago, Paisley was acquired by Thomson Reuters to strengthen its tax and accounting business and content delivery, while EMC acquired Archer Technologies earlier this year as a dashboard (at least initially) to pull together IT risk data and processes as part of its RSA security offerings. While OpenPages has historically competed with Paisley in financial controls management and has recently been moving more into Archer's core IT risk and compliance domain, this acquisition will likely turn the company more toward higher-level corporate performance and enterprise risk management. The GRC vendors will still compete regularly, but their unique selling propositions are starting to look more and more unique all the time.

Read more

Q&A With Credit Suisse's Daniel Barriuso

Stephanie Balaouras

I had the chance to sit down with Credit Suisse’s CISO and Head of IT Risk, Daniel Barriuso, to ask him a few questions about his role at Credit Suisse and his approach to security. Daniel will be keynoting this week at Forrester’s Security Forum, which kicks off this Thursday, September 16th. Here’s a sample of our Q&A below:

Why is a more holistic approach to IT security so important today? 

[Barriuso]: Given the complex and fast changing IT security landscape, a holistic approach is key to being able to effectively understand the end-to-end threat landscape and manage it proactively. This entails planning for both current and emerging threats, identifying future trends, and making conscious decisions on the security investments required.

What were some of the most important lessons that you learned over the last several years?

[Barriuso]: A key lesson that I have learned through my career is that governance is the foundation for a strong IT security organization. Often organizations focus on technology and technical controls as the main driver to secure data. Instead, a top-down approach is required, beginning with the policy, governance bodies, and risk management framework.

What advice would you give to other senior security leaders who want to move to this more holistic approach?

Read more

CA Acquires Arcot, VMWare Buys TriCipher

Andras Cser

How  Authentication-as-a-Service becomes a part of leading IAM stacks and why virtualization is no longer a viable technology without identity and access management.

CA’s acquisition of Arcot signals that partnering with an adaptive authentication vendor is no longer enough to offer a comprehensive access management strategy: you’d also have to have an adaptive authentication product to allow your customers to retire costly physical tokens. But this is not the primary reason  CA picked up Arcot. It is Arcot’s thriving hosted authentication and fraud management services that were the most lucrative assets to CA. Adaptive authentication is part of any organization’s fraud management strategy — however, CA’s inexperience here leaves a few questions to be answered. Will CA keep and grow Arcot’s fraud prevention service? If so, how will it integrate fraud management with IAM? The requirement for integration is clearly highlighted by Forrester’s conversations with its FinServ and other verticals’ customers.

Read more