Chris Sherman

Senior Analyst Serving Security & Risk Professionals

Read Chris's blog posts

Chris is a senior analyst serving Security & Risk (S&R) Professionals. His research focuses on helping S&R pros make strategic decisions regarding endpoint security (laptops, PCs, smartphones, and tablets) and data privacy, such as how to secure employee-owned devices while meeting industry compliance standards. Chris also leads Forrester's healthcare infosec coverage and has published multiple reports on budgets, priorities, and best practices within the areas of healthcare security and medical device security.

Previous Work Experience

Prior to his role as an analyst, Chris was a researcher on the S&R team, where he helped Forrester clients with insights and best practices in endpoint security, mobile security, cloud security, and data privacy. Chris joined Forrester from Harvard Medical School, where he served as a research associate based at Massachusetts General Hospital. He brings with him an extensive background in scientific research, quantitative analysis, and project management.

Education

Chris received his B.A. degree in psychology from the University of Maine.

Print Bio

Chris Sherman

Senior Analyst Serving Security & Risk Professionals

Read Chris's blog posts

Previous Work Experience

Education

Chris received his B.A. degree in psychology from the University of Maine.

Research Coverage

Chris Sherman's Research

Most RecentMost Popular

For CIO Professionals

REPORT: Predictions 2020: The Internet Of Things

IoT Will Propel Smart Displays, 5G, Product Ransomware Attacks, Supply Chains, And New Business Models

November 1, 2019 Frank E. Gillett, Michele Pelino, Paul Miller, Chris Sherman, Heidi Shey, Julie A. Ask, Thomas Husson, Charlie Dai, Andre Kindness

This report shares Forrester's five 2020 predictions to help CIOs and their business counterparts tackle the rapidly changing internet-of-things (IoT) landscape to deliver and enable connected products and business operations.
For Security & Risk Professionals

REPORT: The Forrester Wave™: Endpoint Security Suites, Q3 2019

The 15 Providers That Matter Most And How They Stack Up

September 23, 2019Chris Sherman

In our 25-criterion evaluation of endpoint security suite providers, we identified the 15 most significant ones — Bitdefender, BlackBerry Cylance, Carbon Black, Check Point, Cisco, CrowdStrike, ESET, FireEye, Kaspersky, McAfee, Microsoft, Palo Alto Networks, Sophos, Symantec, and Trend Micro — and researched, analyzed, and scored them. This report shows how each provider measures up and helps security and risk professionals select the right one for their needs.
For Security & Risk Professionals

REPORT: Lessons Learned From The Latest HIPAA Security And Privacy Incidents

As Fines Reach Into The Millions, It's Time For Healthcare To Move Beyond Minimal Compliance Efforts

July 31, 2019Chris Sherman

The healthcare industry experienced several high-profile data breaches and security incidents in 2018, leading to the loss of personal information on millions of patients and millions in fines. We reviewed the details of these incidents and derived several key practices security and risk (S&R) professionals in the healthcare industry can adopt today. Our goal is to help healthcare security leaders learn from their peers to more effectively prevent, detect, and respond to data breaches while meeting the requirements in a growing list of healthcare compliance regulations.
For Security & Risk Professionals

REPORT: The US Healthcare Security Benchmark, 2018 To 2019

Healthcare Pros Must Spend Wisely To Counter Increasing Complexity

July 5, 2019Chris Sherman, Salvatore Schiano, Jeff Becker

In the past, IT security teams within US healthcare providers had much smaller budgets than those within other industries. This is no longer the case, as budget increases in healthcare have come as a result of years of devastating data breaches and revenue loss directly attributed to poor security. This report helps healthcare security pros learn from their peers and provides recommendations for addressing critical technology risks.
For Security & Risk Professionals

REPORT: Best Practices: Medical Device Security

Control Your Hospital's Expanding Device Risk Exposure

May 21, 2019Chris Sherman, Salvatore Schiano

Healthcare providers struggle to understand and mitigate medical device risk, particularly devices connected to the hospital network and directly involved in patient care. Meanwhile, patients themselves are worried about the increasing reports of cyberattacks on healthcare organizations. As connected medical devices multiply, they open up lethal vulnerabilities that put patient lives at risk. But what are the real risks and what is hype? This report gives security pros a medical-device risk heat map that explains the real risks and offers mitigation best practices.

For Security & Risk Professionals

REPORT: Define A Compelling Strategy To Secure And Protect Mobile Moments

February 14, 2017 Laura Koetzle, Chris Sherman, Michele Pelino

This report helps security and risk (S&R) leaders develop comprehensive strategic mobile security plans to secure and protect both employees' and customers' mobile moments — without degrading the quality of those experiences. Developing a comprehensive mobility strategy requires S&R leaders to: 1) collaborate with executives and decision-makers across the business; 2) communicate the need for a comprehensive mobile strategy; 3) understand current and future mobility requirements; and 4) develop and document a future road map. This is an update of a previously published report; Forrester reviews and updates it periodically for continued relevance and accuracy.
For Security & Risk Professionals

REPORT: Forrester's 2017 Interactive Data Privacy Heat Map

September 14, 2017 Enza Iannopollo, Chris Sherman, Heidi Shey, Alexander Spiliotes

To help S&R professionals navigate the complex landscape of privacy laws around the world, Forrester created the Data Privacy Heat Map, which explains the data protection guidelines and practices for 54 countries. It also covers government surveillance, cross-border data transfers, regulatory enforcement, and data center locations around the globe. Due to the dynamic nature of data protection legislation, we update the interactive tool whenever there are significant changes to relevant legislation. We also conduct an annual comprehensive review and update.
For Security & Risk Professionals

REPORT: Ransomware Protection: Five Best Practices

Harden Your Defenses Now For This Growing Threat

July 27, 2017Chris Sherman, Salvatore Schiano

Ransomware is holding enterprises hostage. Recent outbreaks from variants such as WannaCry and Petya have many security and risk (S&R) pros wondering if they can prevent this growing threat. By focusing on the basics and implementing proper controls, however, S&R pros can slow the ransomware spread. This report explains the rise of ransomware and examines strategies for preventing it — or recovering from it if you become a victim. Learn best practices to avoid facing an unnerving decision of whether to negotiate with cyberterrorists.
For Security & Risk Professionals

REPORT: Define A Road Map For Mobile Security And Operations

May 16, 2012Benjamin Gray, Chenxi Wang, Christian Kane, Chris Sherman

This report outlines the road map of Forrester's solution for security and risk (S&R) executives working with their counterparts in infrastructure and operations (I&O) to build a five-year technology road map for mobile security and operations. The emergence of smartphones and tablets in the enterprise is completely changing IT's relationship with the business, moving from a technology-centric to a user-centric point of view. In this new world, user experience and self-service become fundamental tenets of any mobile strategy to enable bring-your-own-device (BYOD) programs and combat rogue IT initiatives. This report focuses on how IT professionals from both S&R and I&O can adapt to this significant shift and how to build an effective five-year road map for mobility.
For Security & Risk Professionals

REPORT: Twelve Recommendations For Your Security Program In 2014

Customer Trust And Digital Disruption Are Key Considerations For Your 2014 Security Strategy

February 5, 2014Andrew Rose, Stephanie Balaouras, John Kindervag, Ed Ferrara, Eve Maler, Andras Cser, Heidi Shey, Rick Holland, Tyler Shields, Chris Sherman

Every winter Forrester outlines 12 important recommendations for your security and risk management strategy for the coming year. These recommendations stem from our understanding of the current state of the industry, major upcoming shifts in the security technology landscape, and the anticipated business and technology changes that will affect organizations around the world, all based on thousands of client inquiries and engagements. Our 2014 recommendations fall into four major themes: 1) building customer trust; 2) securing mobile experiences; 3) coping with big data; and 4) paving the way for successful digital disruption. This report outlines each recommendation and explains how to take advantage of these trends to elevate your position in the organization.