For Security & Risk Professionals

Know Your Code: How Static Analysis Tools Make Applications More Secure

by Chenxi Wang, Ph.D., Andrew Jaquith, November 20, 2009

Many companies, besieged by audit findings and application vulnerabilities, recognize the benefits of eliminating security vulnerabilities early in the software life cycle. For this reason, static analysis technologies for analyzing code-level security . . .

For Security & Risk Professionals

Case Study: Baker Tilly Virchow Krause Builds Trust With Strong Authentication

Customer Data Is Accessible Yet Safe Whether Users Are Connected Or Not

by Bill Nagel, November 16, 2009

Matt Jennings at Baker Tilly Virchow Krause needed to overhaul the accounting and advisory firm's security processes and technologies to ensure ongoing regulatory compliance and customer confidence. Replacing the company's use of a single password as . . .

For Security & Risk Professionals

Selecting Data Protection Technologies

Answer Four Key Questions Before Spending Time And Treasure

by Andrew Jaquith, October 28, 2009

Forrester enterprise customers have increasing needs to protect their enterprise data. Not every data protection challenge requires technology to address it. But when effective protection cannot be guaranteed by process compliance alone, technology can . . .

For Security & Risk Professionals

PCI X-Ray: File Integrity Monitoring

by John Kindervag, October 26, 2009

To effectively deal with the broad and complex requirements of Payment Card Industry (PCI) data security, you need to break the elements apart to provide enhanced clarity. We've designed the PCI X-Ray series to provide actionable information to help Forrester . . .

For Security & Risk Professionals

Fear Of A Hyperjacked Planet

Hypervisor Security Flaws Get Press, But Operational Risks Matter More

by Andrew Jaquith, October 16, 2009

Asked to do more with less, CIOs are using virtualization to pack more services into fewer physical boxes, reduce energy consumption, and provide greater flexibility. But security and risk professionals worry that in the headlong rush to embrace virtualization, . . .

For Security & Risk Professionals

Market Overview: Firewall Auditing Tools

by John Kindervag, July 30, 2009

In the battle to protect your organization's information and assets, firewalls are the first line of defense for preventing attacks against the network. And for the most part, they've succeeded at keeping the enemy at bay — that is, when the firewall . . .

For Security & Risk Professionals

Healthcare Security: Ready Or Not, Here It Comes

Applying Five Cardinal Rules Of Information Security To Healthcare Companies

by Khalid Kark, July 24, 2009

The US Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) in 1996. The security and privacy rules took effect in 2003, but none of this really improved the overall state of information security across the healthcare industry. . . .

For Security & Risk Professionals

Case Study: The Smart Card Is King At Deloitte Ireland

A Multifunctional Authentication Credential Is Now Integral To Employees' Daily Lives

by Bill Nagel, July 23, 2009

John Gray at Deloitte Ireland had a vision for a multifunctional second-factor authentication credential that would not only address the company's need to better protect its data, network, and facilities but also become a positive aspect of the firm's . . .

For Security & Risk Professionals

Case Study: For Avaya, Customers Are Not A Token Consideration

A Plug-And-Go Smart Token Combines With PKI For Security And Auditability

by Bill Nagel, July 23, 2009

Rick Robinson at Avaya had a vision for a multifunctional second-factor authentication credential that would satisfy customer compliance requirements without significant adverse effects on his engineering and technical support staff. By testing how well . . .

For Security & Risk Professionals

TechRadar™ For SRM Professionals: Application Security, Q3 2009

Application Security Comes Of Age Despite A Slowdown In Security Spend

by Chenxi Wang, Ph.D., July 8, 2009

As application-level exploits continue to generate headline news, security professionals increasingly look to application security measures to protect their organizations. To succeed, security professionals must understand the maturity of the various . . .

For Security & Risk Professionals

IT Security's Critical Role During Layoffs

How To Safeguard Company Data In Difficult Times

by Andrew Jaquith, July 2, 2009

The Gateway Recession of 2009 has brought the prospect of slowing sales and profits — and job losses. Although layoffs are never desirable, they are often necessary. Much of the responsibility for keeping company data safe during layoffs falls to security . . .

For Security & Risk Professionals

TechRadar™ For SRM Professionals: Database And Server Data Security, Q2 2009

Database Monitoring Tools Thrive; Classification Tools Try To Survive

by Andrew Jaquith, June 9, 2009

The risks of theft, corruption, and abuse have made securing data stored on servers and in databases much harder. To help security and risk professionals plan their next decade of investments in server data security, Forrester investigated the current . . .

For Security & Risk Professionals

Market Overview: Security Information Management (SIM)

PCI Gives The SIM Market Its Second Wind, But The Field Will Thin Out In The Years Ahead

by John Kindervag, Andrew Jaquith, April 30, 2009

The security information management (SIM) market has undergone a dramatic transformation in the past five years. After growing to a respectable size in a short period in the early 2000s, the SIM market stagnated until the Payment Card Industry Data Security . . .

For Security & Risk Professionals

Identity And Access Management Adoption In Europe: 2008

by Bill Nagel, April 16, 2009

Interest in and adoption of identity and access management (IAM) technologies has been growing steadily over the past few years, fueled both by the desire to streamline processes relating to employee, contractor, partner, and customer access to company . . .

For Security & Risk Professionals

The Forrester Wave™: Content Security Suites, Q2 2009

Websense Leads, With Symantec, McAfee/Secure Computing, And Trend Micro Close Behind

by Chenxi Wang, Ph.D., April 16, 2009

Forrester evaluated content security suite vendors, using a 41-criteria evaluation, partially based on the results of The Forrester Wave™: Email Filtering, Q2 2009 and The Forrester Wave™: Web Filtering, Q2 2009. We found that Websense . . .

For Security & Risk Professionals

The Forrester Wave™: Web Filtering, Q2 2009

Websense And McAfee/Secure Computing Lead, With Trend Micro, Cisco, Symantec/MessageLabs, And McAfee Trailing As Strong Performers

by Chenxi Wang, Ph.D., April 16, 2009

Forrester evaluated leading Web filtering technology vendors across 53 criteria and found that Websense and McAfee/Secure Computing lead the pack because of their broad functionality and focused strategy vision. Trend Micro, Cisco Systems, Symantec/MessageLabs, . . .

For Security & Risk Professionals

The Forrester Wave™: Email Filtering, Q2 2009

Symantec, Cisco Systems, And McAfee/Secure Computing Lead, With Google, Symantec/MessageLabs, And Microsoft Close Behind

by Chenxi Wang, Ph.D., April 16, 2009

In late 2008, Forrester conducted an in-depth evaluation of email security filtering, based on 57 criteria. Despite the flurry of recent market acquisitions, we found that this market is still characterized by strong appliance vendors with upstart cloud . . .

For Security & Risk Professionals

Privacy Policies And Drivers 2008  (201 KB PPT)

by Chris McClean, April 9, 2009

Privacy programs in North America and Europe typically include policies for protecting corporate intellectual property and sensitive data. Although government regulation is by far the biggest driver for privacy programs in public sector organizations, . . .

For Security & Risk Professionals

Building The Proactive Case For Full Disk Encryption

Case Study: A Leading Hospitality And Gambling Firm Proactively Implements Full Disk Encryption

by Natalie Lambert, April 8, 2009

In today's economy of tighter budgets and increased scrutiny over requests for investment, security professionals are struggling to make the business case for full disk encryption (FDE). Unfortunately, despite highly publicized data leaks, the business . . .

For Security & Risk Professionals

Incident Response Policies And Processes 2008  (400 KB PPT)

by Robert Whiteley, April 7, 2009

The current economic environment requires that today’s security and risk executives ensure their incident response policies are in place and accurate. The business cannot tolerate significant downtime or unnecessary cost associated with an outdated incident . . .

For Security & Risk Professionals

Data Security Challenges And Technology Adoption In 2008  (214 KB PPT)

by Andrew Jaquith, April 7, 2009

Data security is the number one priority for today's CISO. The current economic downturn - and the need to protect data from abuse, theft, and corruption - has only heightened the emphasis. But protecting data is a broad challenge and requires that organizations . . .

For Security & Risk Professionals

Vendors Tailor Product Offerings To Security's Needs

Market Momentum: IT Security Product Market, H1 2008

by Robert Whiteley, March 4, 2009

To investigate the IT security software market, Forrester examined a set of 20 representative IT security vendors and tracked more than 200 different activities in the market. These activities included mergers and acquisitions (M&A), partnerships, . . .

For Security & Risk Professionals

Inquiry Spotlight: Data Leak Prevention, Q1 2009

by Natalie Lambert, Andrew Jaquith, February 10, 2009

Data security in general and data leak prevention (DLP) in particular are growing concerns among security professionals. Forrester's data indicates that while firms are interested in DLP's future, they are taking a "wait and see" approach to adoption. . . .

For Security & Risk Professionals

Inquiry Spotlight: Content Security, Q1 2009

by Chenxi Wang, Ph.D., January 29, 2009

Content security is an issue that is consistently on the minds of IT security professionals. As organizations increasingly move toward collaboration, Web 2.0, and open architectures, content security takes on a renewed importance. Between October 2007 . . .

For Security & Risk Professionals

Top Data Security Predictions For 2009

Economic Turmoil Will Increase Need For Surveillance, Data Protection Tools

by Andrew Jaquith, Natalie Lambert, January 9, 2009

The economic turmoil in the United States will have resounding consequences for security and risk professionals in 2009. The prospect of laying off an additional 1.4 million workers means that CISOs will clamor for data protection tools to keep their . . .