This is my first post as the new Research Director for the Security and Risk team here at Forrester. During my first quarter as RD, I spent a lot of time listening to our clients and working with the analysts and researchers on my team to create a research agenda for the rest of the year that will help our clients tackle their toughest challenges. It was a busy Q1 for the team. We hosted our Security Forum in London, fielded more than 443 end client inquiries, completed more than 18 research reports, and delivered numerous custom consulting engagements.

In the first quarter of 2010, clients were still struggling with the security ramifications of increased outsourcing, cloud computing, consumer devices and social networking. Trends have created a shift in data and device ownership that is usurping traditional IT control and eroding traditional security controls and protections.

We’re still dealing with this shift in 2010 — there’s no easy fix. This year there is a realization that the only way that the Security Organization can stay one step ahead of whatever business or technology shift happens next is to transform itself from a silo of technical expertise that is reactive and operationally focused to one that is focused on proactive information risk management. This requires a reexamination of the security program itself (strategy, policy, roles, skills, success metrics, etc.), its security processes, and its security architecture. In short, taking a step back and looking at the big picture before evaluating and deploying the next point protection product. Not surprisingly, our five most read docs since January 1, 2010 to today are having less to do with specific security technologies:


Some of our research published in just the last week is quickly shooting up to the top of the list including CISO Handbook: Presenting To The Board, To Facebook Or Not To Facebook and Market Overview: Managed Security Services. One technology-focused report that is quickly becoming popular with our clients is the two-part report, Demystifying Tokenization And Transaction Encryption.

We have an ambitious research agenda for Q2 that includes the publication of Forrester’s Security Maturity Model and another major event, Forrester’s IT Forum. We’ll have an entire Security and Risk focused track at the event with more than 7 sessions and 6 analysts presenting. We’ll have content dealing with organizational and process maturity, as well as content covering another emerging technology shift – the shift to Smart Critical Infrastructure and Grids (more on that in another post).

I hope you can join us at this event. If you can’t, I hope you’ll take the time to tell us what your toughest challenges are and if they line up with what we’re seeing from our clients and research.