 |
One of the most important ways we provide value to our clients is by helping you understand where the security industry is headed. Here are some recent reports detailing these directions.
We've recently used the Forrester Wave to evaluate enterprise antispyware solutions. And we'll show you How to choose an SSL VPN in three easy steps.
In January 2006, Forrester surveyed 149 technology decision-makers at North American organizations about their approaches to IT security. Thirty percent were likely to purchase or implement a security information management (SIM) solution this year. However, almost two-thirds of respondents want SIM for reasons other than detecting and alerting them to attacks on their infrastructure. Rather, a primary interest in SIM is to help with a variety of issues, including incident response, compliance, and measuring security effectiveness.
In January 2006, Forrester surveyed 149 technology decision-makers at North American small and medium-size businesses (SMBs) and enterprises about their approaches to IT security. Security chiefs' cups will continue to overflow in 2006, with malicious code wreaking havoc, information thieves violating customer confidentiality, and hackers infiltrating corporate networks.
The general theme of concern is that information assets are vulnerable to many avenues of attack, both external and internal.
|
|
|
"Securing The Business For Tomorrow's Challenges"
That's the tag line for our first ever security event, Security Forum 2006, taking place September 7-8, 2006, in Atlanta. This event comes about as a reflection of the critical role IT security serves in your business and Forrester's own commitment to delivering tailored, action-oriented, and practical advice in the security area. The Security Forum 2006 will help you select the right security governance strategies and technologies to defend against the next generation of threats. We hope to see you there!
"How Am I Doing?" -- Measuring The Effectiveness Of Your Security Operations
When people say that "security is like quality," they usually mean that it's everyone's job. However, security is like quality in another way: People believe that it is very difficult to measure. The result? Most companies don't try. So in the past three months, Forrester has published several reports on security metrics.
When it comes to security metrics, the elephant in the room is the fact that security often lacks the support of senior management. This is because security managers are not able to quantify their programs' benefits in a language that management understands. This thinking is clouded by five key myths of information security reporting.
Many security managers respond by pulling in the reams of data being churned out in today's enterprise environment and then struggling to make sense of it all. But the real challenge is not only to identify what is important but also to be able to tie this information from disparate tools into business-centric metrics. This allows senior executives to understand the information, take action, and be confident that the enterprise is secure.
So where are you on the metrics maturity scale? If you assess your firm's level of security metrics maturity, it will fall somewhere between stage one, at which you're too busy fighting fires to know what to measure, and the nirvana of stage four, at which security, IT, and line-of-business executives use security metric data to drive risk management decisions.
The Forrester Wave™: User Account Provisioning, Q1 2006
User account provisioning -- the administration and auditing of users' accounts and privileges -- is a core element of security hygiene and compliance efforts. Provisioning solutions improve the efficiency of both users and IT by automating processes like resetting passwords and granting new access rights. However, CISOs and other executives are primarily funding user account provisioning projects to comply with regulations like Sarbanes-Oxley (SOX), HIPAA, and the Payment Card Industry (PCI) Data Security Standard. Moreover, the increased focus on information risk management elevates the priority of data privacy and intellectual property protection, and you can't do either of these things without proper user account administration.
|
To assess the state of the provisioning market and to see how the vendors stack up against each other, Forrester evaluated the strengths and weaknesses of the top provisioning vendors across more than 125 criteria. Sun Microsystems, BMC, IBM, CA, and Novell each qualified as Leaders in our evaluations, with Courion, Thor (now part of Oracle), and HP as Strong Performers.
We'd Like To Hear From You
Tell us about topics you'd like to see us cover, data you need, or technologies you want assessed. Drop me a line at securityFL@forrester.com.
Jonathan Penn
Principal Analyst, Security
EMAIL: Email this issue to a colleague.
PRINT: View a printer-friendly version of this issue.
VIEW ARCHIVE: View past issues of First Look.
TECHNICAL SUPPORT: Call the Client Resource Center
1 866/FORRESTER (1 866/367-7378) or +1 617/613-5730.
EMAIL SUBSCRIPTIONS: If you'd like to subscribe or unsubscribe to First Look, please go to your Email Subscriptions page.
|
|
|
Entire contents © 1997-2006, Forrester Research, Inc. All rights
reserved. Forrester, Forrester Wave, Forrester's Ultimate Consumer Panel,
WholeView 2, Technographics, TechRankings, and Total Economic Impact are
trademarks of Forrester Research, Inc. All other trademarks are the
property of their respective companies. Forrester clients may make one
attributed copy or slide of each figure contained herein. Additional
reproduction is strictly prohibited. For additional reproduction rights and
usage information, go to www.forrester.com. Information is based on best
available resources. Opinions reflect judgment at the time and are subject
to change.
Forrester Research, Inc., 400 Technology Square, Cambridge, MA 02139
|
