Forrester

For Security & Risk Professionals

Blog:Participating In Markets For Portable Identities In The Cloud: What’s The Coin Of Your Realm?

Many IT security pros are moving toward disruptive new authentication and authorization practices to integrate securely with cloud apps at scale. If you’re considering such a move yourself,...

For Security & Risk Professionals

Report:Work With Marketing Pros To Prevent Breaches

How To Protect Your Email Data

In facing security woes such as the Epsilon breach, email marketing professionals have received a wake-up call: Security failures can cost a lot — not just a lot of money but also goodwill with...

• Downloads: 168

For Security & Risk Professionals

Blog:The Mobile-Cloud Axis Needs A Modern Authorization System. XACML 3 Isn’t It

Andras Cser probed a sore spot in IAM last week with his post, “XACML Is Dead.” It’s a necessary conversation (though I did see a glint in his eye at the Forrester BT Forum after he...

For Security & Risk Professionals

Report:TechRadar™ For Security Pros: Strong Authentication, Q1 2012

Traditional Methods Start To Sag, While Mobile-Fueled Methods Surge

The strong authentication landscape has undergone tremendous churn in recent years as new mobile-fueled technologies have come online and as RSA, the premier vendor of hardware one-time password...

• Downloads: 985

For Security & Risk Professionals

Report:Introducing Forrester's 2013 Data Privacy Heat Map

To help security and risk professionals navigate the complex landscape of privacy laws around the world, Forrester created a data privacy heat map that highlights the data protection guidelines and...

• Downloads: 658

For Security & Risk Professionals

Client Inquiry:What Are The E-Signature Authentication Methods And Mechanisms, And Who Are The Providers?

Our employees are being asked to electronically sign documents from outside our organization. We want to educate these employees on various aspects of the e-signature process. One area is...

For Security & Risk Professionals

Blog:Zero Trust Identity: Go From "Identity-As-A-Service" To "IAM-As-An-API"

I just love the theme of our upcoming Forrester Security Forum (Las Vegas in May, and Paris in June -- check out Laura Koetzle's definitive blog post). Leapfrog Your Global Competition. Rethink...

For Security & Risk Professionals

Blog:Fast Cloud Identity Provisioning

Back in July, I wrote about a new RESTful API that cloud providers and provisioning vendors are working on for doing identity provisioning and synching: Simple Cloud Identity Management, or SCIM...

For Security & Risk Professionals

Report:The Forrester Wave™: Enterprise Cloud Identity And Access Management, Q3 2012

Six Vendors That Matter Most And How They Stack Up

In Forrester's 15-criteria evaluation of cloud identity and access management (IAM) vendors, we identified the six most significant solution providers in this category — Covisint, Lighthouse...

• Downloads: 1174
• Rating:

For Security & Risk Professionals

Blog:More Holiday Cheer: SCIM Cloud Provisioning Standard Reaches A Big Milestone

I've blogged and published research before about the emerging Simple Cloud Identity Management (SCIM) standard. The SCIM group has just approved Version 1.0. No, it's not your imagination:...

For Security & Risk Professionals

Blog:Strong Authentication: Bring-Your-Own-Token Is Number Three With A Bullet

In approaching the research for my recently published TechRadar™ on strong authentication, at first I struggled a bit with overlapping concepts and terminology (as can be seen in the lively...

For Security & Risk Professionals

Client Inquiry:Should We Use OAuth For A Single Security Domain?

My organization is just beginning to externally expose services for our first native mobile application. We currently have a single sign-on (SSO) security infrastructure for our web applications....

For Security & Risk Professionals

Report:Protecting Enterprise APIs With A Light Touch

By 2012, OAuth Will Be The Incumbent Cloud API Security Solution

Enterprises face a tension between the cloud-friendly software environment promoted by the Web, with its easy-to-use REST interface style and proliferation of lightweight services, and the security...

• Downloads: 648

For Security & Risk Professionals

Blog:In Cloud-Friendly Web Services Security, "There Is No Enterprise." Wait. What?

“There is no enterprise — the work we do is a collection of people that dynamically changes through a mix of organization control.” That’s what I heard from one venerable old...

For Security & Risk Professionals

Client Inquiry:Best Practices In Single Sign-On For eCommerce Sites

We would like to discuss single sign-on and OAuth (like Facebook Connect) for an eCommerce site that has a public user base of roughly 10 million. What are the pros and cons of out-of-box solutions...

For Security & Risk Professionals

Report:The Forrester Wave™: Risk-Based Authentication, Q1 2012

The Six Vendors That Matter Most And How They Stack Up

In Forrester's 16-criteria evaluation of risk-based authentication vendors, we identified the six significant vendors in this category — CA Technologies, Entrust, iovation, RSA, Symantec, and...

• Downloads: 1067

For Security & Risk Professionals

Report:Navigate The Future Of Identity And Access Management

Future Look: The Identity And Access Management Playbook

This report outlines the future look of Forrester's solution for security and risk (S&R) executives working on building an identity and access management strategy for the extended enterprise. We...

• Downloads: 1407
• Rating:

For Security & Risk Professionals

Report:Top 15 Trends S&R Pros Should Watch: Q2 2013

From frantic security operations problems to the changing threat landscape, CISOs, senior security leaders, and other IT risk management leaders consistently have trouble keeping up with key trends...

• Downloads: 313
• Rating:

For Security & Risk Professionals

Report:Understanding Simple Cloud Identity Management

With The SCIM Specifications, User Provisioning Goes "Zero Trust"

Business owners are jumping on SaaS services to get quicker wins, and CIOs are finding these services attractive for cutting costs as well. Since it's relatively quick and easy to hook up these...

• Downloads: 778

For Security & Risk Professionals

Tool:Maximum Potential Impacts For Each Assurance Level

For Security & Risk Professionals

Report:Inquiry Spotlight: Consumer-Facing Identity, Q4 2012 To Q1 2013

The challenges of consumer-facing identity management, access management, and authentication differ in ways subtle and dramatic from those of the employee-facing variety. In fact, several vendors in...

• Downloads: 194

For Security & Risk Professionals

Report:TechRadar™ For Security Pros: Zero Trust Identity Standards, Q3 2012

Road Map: The Identity And Access Management Playbook

This report outlines Forrester's solution to help security and risk (S&R) leaders develop their road map of IAM processes using Forrester's TechRadar™ methodology. The extended enterprise...

• Downloads: 456
• Rating:

For Security & Risk Professionals

Client Inquiry:What Is Forrester's Perspective On Voice-As-PIN And Retinal Security?

Do you have any thoughts on using voice-as-PIN and retinal security, from a security perspective as well as an end user customer-experience perspective?

For Security & Risk Professionals

Report:Evolve Your Identity Strategy For The Extended Enterprise

Executive Overview: The Identity And Access Management Playbook

The rapid adoption of mobile devices and cloud services, together with a multitude of new partnerships and customer-facing applications, has "extended" the identity boundary of today's enterprise....

• Downloads: 480

For Security & Risk Professionals

Blog:Can You Join The API Economy While Maintaining Top-Notch Security?

If anything exemplifies the extended enterprise, it's the notion of the "API economy": Unlocking value in your organization's unique data and services by publishing open APIs (application...