Yesterday, Proofpoint announced it will acquire social risk and compliance (SRC) vendor Nexgate for approximately $35 million.
The Acquisition Signals The SRC Market Is Maturing
This acquisition points to a budding and rapidly evolving SRC market. With the proliferation of social media, organizations face a slew of emerging regulatory challenges, brand threats, and security vulnerabilities – just look at recent incidents with Cole Haan, Zarbee’s, US Airways, British Gas, among countless others, even including our own US military. While once a niche market helping financial services firms meet FINRA obligations, SRC solutions now offer more than just compliance support, helping organizations better manage today’s wide gamut of social risks with social threat detection, account protection, and risk monitoring.
Proofpoint Has To Prove The Sum Is Greater Than Its Parts
Last week Salesforce.com (SFDC) hosted its annual Dreamforce Conference in San Francisco, and for the first time, the cloud giant’s products could soon have some major implications in the governance, risk, and compliance (GRC) market.
Amidst the chaos of keynotes, partner sessions, guest speakers like Hilary Clinton, wil.i.am, Al Gore, and our very own George Colony, two of SFDC’s major announcements demonstrated how its new offerings and future strategy will position the company to compete in the very big business intelligence market:
As we predicted in May 2012, user directories are moving into the cloud. Cloud workloads require that users who are authorized to access them are stored near the cloud workload and not just on-premises. While this offering announced now by AWS is not necessary technically groundbreaking (Cloud IAM vendors and Microsoft Azure have been offering AD integration for a relatively long time), obviously this announcement is relevant because of AWS's broad presence in IaaS. We urge Forrester's clients that plan to use AWS AD service to ask AWS the following questions:
1. What safeguards are there to protect information (user, computer, etc.) in AWS AD?
2. How does AWS integrate in real time with on-premises AD and shared folder infrastructures?
3. What types of true identity management (access governance and provisioning) services does AWS offer to complement this new AD service?
Check AWS's blog entry at http://aws.amazon.com/blogs/aws/new-aws-directory-service/ for more details.
Each year, Forrester Research and the Disaster Recovery Journal team up to launch a study examining the state of business resiliency. Each year, we focus on a particular resiliency domain: business continuity, IT disaster recovery, crisis communications, or overall enterprise risk management. The studies provide BC and other risk managers an understanding of how they compare to the overall industry and to their peers. While each organization is unique due to its size, industry, long-term business objectives, and tolerance for risk, it's helpful to see where the industry is trending, and I’ve found that peer comparisons are always helpful when you need to understand if you’re in line with industry best practices and/or you need to convince skeptical executives that change is necessary.
This year’s study will focus on business continuity. We’ll examine the overall state of BC maturity, particularly in process maturity (business impact analysis, risks assessment, plan development, testing, maintenance, etc.), but we’ll also examine how social, mobile, analytics, and cloud trends are positively and negatively affecting BC preparedness. In the last BC survey, one of the statistics that disturbed me the most was that very few firms assessed the BC preparedness of their strategic partners beyond asking for a copy of their BC plan. And we all know plans are always up to date, tested and specific enough to address the risk scenarios that the partner is most likely to experience (please note the tone of sarcasm in this sentence). I hope this year’s survey shows an improvement; otherwise, most of the industry is in mucho trouble.
Yesterday, Symantec announced that it too was ordering up a bowl of the organizational strategy du jour and splitting itself into two independent, publicly traded companies, one focusing on security and the other on information management.
I have doubts whether simply splitting in two can spark innovation after nine years of gobbling up gargantuan (I still miss you, Veritas) and small vendors alike with little to show for it but operational indigestion. But I suppose anything is better than changing CEOs as frequently as I change the oil in my car and standing by and watching CISOs turn to completely new security brands as their trusted advisor. And there is this little matter of how mobile, social, cloud, and big data are completely transforming not only the way digital businesses compete and serve their customers but how technology vendors themselves deliver their own solutions and engage with their clients -- and Symantec isn't leading the charge in any of those market shifts.
Each month we use our newsletter and a podcast to highlight one of the many talented and hardworking analysts and researchers on Forrester's Security & Risk team. If you're not signed up for our newsletters, I highly encourage you to do so; please email email@example.com for additional details. In the meantime, click below to listen to our analyst spotlight on senior analyst Renee Murphy, one of our leading analysts on governance, risk, and compliance. You'll hear some great insights from Renee on clients' top challenges and requirements, surprising research findings, and upcoming research and vendors to watch. To download the MP3 version of the podcast, please click here.
The mobile mind shift: what is it? Forrester defines the mobile mind shift as the expectation that any desired information or service is available, on any appropriate device, in context, at a person's moment of need. It’s the reality that your customers (and employees!) live in today, where mobility isn’t just about devices or apps anymore but more about a change in attitude (e.g., individuals don’t just expect the availability of information/services, they demand it). With this mind shift comes a few other attitude shifts, notably around privacy and security of personal information and devices. In our 2013 surveys, Forrester saw that:
Given a choice of how to address security concerns on the devices they use for work, 38% of North American and European information workers prefer to do it themselves, while 20% would take action based on guidance from their employer.
When doing things online, 59% of US consumers are concerned about identity theft, 33% do not want their information permanently recorded and accessible to others, and 22% are concerned that their data will be sold to another company.
By all accounts, we’re approaching a new order of integration between technology and medicine. Real-time medical diagnostic data obtained from our mobile phones will soon be integrated directly into our electronic medical records where clinicians can use the data to make more-accurate (and potentially dynamic) treatment plans. Hospital staff can communicate and react to changing patient conditions faster and with less disruption to the patient experience than ever before, thanks to increasingly integrated mobile messaging systems and other mobile applications (for both the patients and clinical staff).
Applying big data analytics to PHI promises to improve patient outcomes and lead to more efficient —and less costly — patient care. It’s hard not to feel a level of excitement as this convergence of healthcare, mobile technology, and big data progresses at an accelerated rate. However, with all of this new patient data being collected by insurance payers, medical providers, and third-party services, healthcare employee endpoints have become an especially vulnerable source of data loss.
■Healthcare records are five times as likely to be lost due to device theft/loss.¹ If you’re a CISO at a healthcare organization, endpoint data security must be a top priority in order to close this faucet of sensitive data. Consequences will increasingly be more than just a mere slap on the wrist with fines, as consumers fight back.
The Forrester S&R team has doubled in size during the last several years. Today, we're 17 analysts and researchers across the US, Europe, and India, 19 if you count the research associates that support every project. Given the size of the team and the degree to which analysts have been able to specialize, we decided that we'd take a little time each month to highlight each member of the team in one of our bi-monthly newsletters and in a short podcast. If you're not signed up for our newsletters, I highly encourage you to do so, please email firstname.lastname@example.org for additional details. In the meantime, click below to listen to our analyst spotlight on Senior Analyst, Tyler Shields.
S&R Podcast Listening Options
Click here to download the MP3 file of this episode.
On the heels of the CrossIdeas acquisition (about which we have recently published a QuickTake), IBM today acquired another IAM cloud provider, Lighthouse Security Group. Its product and service, Lighhouse Gateway, is a small cloud provider that appeared in our Cloud IAM Wave and we were impressed by the "slickness" and ease-of-use of its customer interface for administration (policy management) and also for end users (Lighthouse Gateway provides its own front-end to ISIM and ISAM).
Now we recommend that IAM security and risk professionals should ask IBM the following questions about the acquisition:
1) How will IBM offer Lighthouse Gateway? Will it be an add-on to ISIM and ISAM licenses or will it be a standalone offering or both?
2) How will IBM integrate the beautiful user interface of Lighthouse Gateway into ISIM and ISAM on-premises offerings?
3) How will the new IBM IAM access governance ecosystem of ISIM+CrossIdeas be merged with Lighthouse Gateway?