Symantec No Longer Wants To Be The Company Where Good Software Goes To Live A Life Of Quiet Desperation

Stephanie Balaouras

Yesterday, Symantec announced that it too was ordering up a bowl of the organizational strategy du jour and splitting itself into two independent, publicly traded companies, one focusing on security and the other on information management.

I have doubts whether simply splitting in two can spark innovation after nine years of gobbling up gargantuan (I still miss you, Veritas) and small vendors alike with little to show for it but operational indigestion. But I suppose anything is better than changing CEOs as frequently as I change the oil in my car and standing by and watching CISOs turn to completely new security brands as their trusted advisor. And there is this little matter of how mobile, social, cloud, and big data are completely transforming not only the way digital businesses compete and serve their customers but how technology vendors themselves deliver their own solutions and engage with their clients -- and Symantec isn't leading the charge in any of those market shifts.

Read more

Analyst Spotlight Podcast With Renee Murphy

Stephanie Balaouras

Each month we use our newsletter and a podcast to highlight one of the many talented and hardworking analysts and researchers on Forrester's Security & Risk team. If you're not signed up for our newsletters, I highly encourage you to do so; please email srfl@forrester.com for additional details. In the meantime, click below to listen to our analyst spotlight on senior analyst Renee Murphy, one of our leading analysts on governance, risk, and compliance. You'll hear some great insights from Renee on clients' top challenges and requirements, surprising research findings, and upcoming research and vendors to watch. To download the MP3 version of the podcast, please click here

Read more

S&R Pros: Use The Mobile Mind Shift And Consumer Tools To Drive The Privacy Discussion

Heidi Shey

The mobile mind shift: what is it? Forrester defines the mobile mind shift as the expectation that any desired information or service is available, on any appropriate device, in context, at a person's moment of need. It’s the reality that your customers (and employees!) live in today, where mobility isn’t just about devices or apps anymore but more about a change in attitude (e.g., individuals don’t just expect the availability of information/services, they demand it). With this mind shift comes a few other attitude shifts, notably around privacy and security of personal information and devices. In our 2013 surveys, Forrester saw that:

  • Given a choice of how to address security concerns on the devices they use for work, 38% of North American and European information workers prefer to do it themselves, while 20% would take action based on guidance from their employer.
  • When doing things online, 59% of US consumers are concerned about identity theft, 33% do not want their information permanently recorded and accessible to others, and 22% are concerned that their data will be sold to another company. 
Read more

It’s Time For Healthcare CISOs To Close The Faucet Of Data Loss

Christopher Sherman

By all accounts, we’re approaching a new order of integration between technology and medicine. Real-time medical diagnostic data obtained from our mobile phones will soon be integrated directly into our electronic medical records where clinicians can use the data to make more-accurate (and potentially dynamic) treatment plans. Hospital staff can communicate and react to changing patient conditions faster and with less disruption to the patient experience than ever before, thanks to increasingly integrated mobile messaging systems and other mobile applications (for both the patients and clinical staff).

Applying big data analytics to PHI promises to improve patient outcomes and lead to more efficient —and less costly — patient care. It’s hard not to feel a level of excitement as this convergence of healthcare, mobile technology, and big data progresses at an accelerated rate. However, with all of this new patient data being collected by insurance payers, medical providers, and third-party services, healthcare employee endpoints have become an especially vulnerable source of data loss.

In our recently published brief, “Stolen And Lost Devices Are Putting Personal Healthcare Information At Risk,” we present a number of findings related to healthcare data loss from our latest Forrester surveys as well as those from our data partners. Most notably:

Healthcare records are five times as likely to be lost due to device theft/loss.¹ If you’re a CISO at a healthcare organization, endpoint data security must be a top priority in order to close this faucet of sensitive data. Consequences will increasingly be more than just a mere slap on the wrist with fines, as consumers fight back.

Read more

Analyst Spotlight Podcast With Tyler Shields

Stephanie Balaouras

Introducing The New S&R Monthly Podcast!

The Forrester S&R team has doubled in size during the last several years. Today, we're 17 analysts and researchers across the US, Europe, and India, 19 if you count the research associates that support every project. Given the size of the team and the degree to which analysts have been able to specialize, we decided that we'd take a little time each month to highlight each member of the team in one of our bi-monthly newsletters and in a short podcast. If you're not signed up for our newsletters, I highly encourage you to do so, please email srfl@forrester.com for additional details. In the meantime, click below to listen to our analyst spotlight on Senior Analyst, Tyler Shields.

S&R Podcast Listening Options

Click here to download the MP3 file of this episode. 

IBM Doubles Down Cloud IAM And Acquires Lighthouse Gateway

Andras Cser

On the heels of the CrossIdeas acquisition (about which we have recently published a QuickTake), IBM today acquired another IAM cloud provider, Lighthouse Security Group. Its product and service, Lighhouse Gateway, is a small cloud provider that appeared in our Cloud IAM Wave and we were impressed by the "slickness" and ease-of-use of its customer interface for administration (policy management) and also for end users (Lighthouse Gateway provides its own front-end to ISIM and ISAM).

 

Now we recommend that IAM security and risk professionals should ask IBM the following questions about the acquisition:

1) How will IBM offer Lighthouse Gateway? Will it be an add-on to ISIM and ISAM licenses or will it be a standalone offering or both?

2) How will IBM integrate the beautiful user interface of Lighthouse Gateway into ISIM and ISAM on-premises offerings?

3) How will the new IBM IAM access governance ecosystem of ISIM+CrossIdeas be merged with Lighthouse Gateway?

Forrester’s 2014 Data Privacy Heat Map Highlights Rampant Government Surveillance And Increased Regulation Around The Globe

Christopher Sherman

Corporations spend a lot of time and money to ensure their employee- and customer-facing technologies are compliant with all local and regional data privacy laws. However, this task is made challenging by the patchwork of data privacy legislation around the world, with countries ranging from holding no restrictions on the use of personal data to countries with highly restrictive frameworks. To help our clients address these challenges, Forrester developed a research and planning tool called the Data Privacy Heat Map (try the demo version here). Originally published in 2010, the tool leverages in-depth analyses of the privacy-related laws and cultures of 54 countries around the world, helping our clients better strategize their own global privacy and data protection approaches. 

 

              
 

The most recent update to the tool, which published today, highlights two opposing trends affecting data privacy over the past 12 months:

  • Increased government surveillance continues to impede the free flow of information. Corporations worry that storing or processing data within the borders of a country with high levels of governmental surveillance could place their intellectual property at risk. Notable additions to the tool's growing list of countries with lowered barriers to government surveillance include the US, Germany, and the UK.
Read more

The Militarization Of Information Security

Rick Holland

Does something like this sound familiar? "We need to find, fix, finish, exploit, analyze, & disseminate this intrusion set along the kill chain via force multipliers so we can observe, orient, decide, and act according to tactical, operational, and strategic priority intelligence requirements." I bet that part of it does. 

These days it seems that we cannot escape military concepts making their way into information security strategy. Firms are attempting to implement the kill chain, and vendor-marketing headlines these concepts. I've contributed to it as well. See: "Force Multipliers - What Security & Risk Professionals Can Learn From Special Forces.

I think that it is important to keep in mind that we aren't the military and don't have the resources of the military. While military concepts can be useful, buzzwords won't secure your environment; you could become distracted and utilize your limited resources in the wrong manner. As I was sorting out my Black Hat calendar tonight, I fortuitously saw a talk that is very applicable to this topic: "The Library of Sparta," with David Raymond, Greg Conti, and Tom Cross. Here is part of their abstract: 

Read more

Say “Small Footprint” Again. I Dare You, I Double Dare You.

Rick Holland

During the past 18 months or so, we have seen the emergence of innovative endpoint security solutions. The list is long; it is hard to keep track of all the solutions in the space. In no particular order, here is a sampling:  Bromium, Invincea, IBM Trusteer, Cylance, Palo Alto Networks Next-Gen Endpoint Protection (Cyvera), Microsoft Enhanced Mitigation Experience Toolkit (EMET), Bit9 + Carbon Black, Confer, CounterTack Sentinel, Cybereason, CrowdStrike Falcon Host, Guidance Software Cybersecurity, Hexis HawkEye G, FireEye HX, Triumfant, Tanium, and Verdasys Digital Guardian. 

I take many briefings from these types of vendors (primarily the ones I cover in Forrester’s Endpoint Visibility and Control category) and within the first 5 minutes of the conversation, the vendor mentions that their solution has a “small footprint.”  The use of this phrase is the equivalent of nails scratching their way across a chalkboard for me. When was the last time you heard anyone say that they have a “large footprint?” Please provide more information: Do you run in user or kernel land? What are the impacts to utilization? Even if a vendor truly has a “small footprint,” when that new agent is deployed to a host that already has four or five agents running, the collective footprint is far from small.

Read more

Protect Your Brand Today Through Comprehensive Risk Intelligence

Nick Hayes

We all know that securing your perimeter and your internal assets only gets you so far today. The crux of the issue is that your brand, and potential threats to it, are now often external and out of your direct area of control. The number of places and channels online where your brand appears and where malicious actors discuss how to take down your organization is expanding rapidly today.

Websites, media outlets, search engines, marketplaces, social networks, forums, mobile apps, online ads, and more – these are all places where your brands, products, workers, and affiliates and other associated third parties can be mentioned in inappropriate or malevolent contexts: They increase opportunities for brand defamation and data leakage; they act as discreet places to conspire or collude; they open the door to new security vulnerabilities; they decrease your control over your products; and they make it harder to spot contract violations and breaches.

 

The good news is: You’re not powerless either.

Read more