To help security pros plan their next decade of investments in data security, last year myself, John Kindervag, and Heidi Shey, researched and assessed 20 of the key technologies in this market using Forrester's TechRadar methodology. The resulting report, TechRadar™: Data Security, Q2 2014, became one of the team’s most read research for the year. However, it’s been a year since we finalized and published our research and it’s time for a fresh look.
One can argue that the entirety of the information security market – its solutions, services, and the profession itself – focuses on the security of data. While this is true, there are solutions that focus on securing the data itself or securing access to the data itself – regardless of where data is stored or transmitted or the user population that wants to use it. As S&R pros continue to pursue a shift from a perimeter and device-specific security approach to a more data- and identity-centric security approach, it’s worthwhile to hyper focus on the technology solutions that allow you to do just that….
Last year, we included the following 20 technologies in our research:
- Backup encryption
- Cloud encryption gateways
- Data classification
- Data discovery
- Data loss prevention (DLP)
- Database encryption and masking
- Database monitoring and auditing
- Email encryption
- Enterprise key management
- Enterprise rights management
- File-level encryption
- Full-disk encryption
- Identity and access management
- Managed file transfer
- Network analysis & visibility (NAV)
- Secure file sharing and collaboration
- Security information management (SIM)
- Storage area network encryption
Already, John, Heidi, and I have identified several changes we think we should make:
- We’re renaming Cloud encryption gateways to Cloud data protection solutions to be consistent with the rest of our cloud security research
- We’re adding a new category, Cloud workload security management (CWS). These are solutions that enable security pros to monitor and maintain a consistent set of security policies for workloads in multiple cloud provider platforms. These solutions provide a number of different security capabilities, several of which are data-centric like anti-malware protection based on file activity and file integrity monitoring using cryptographic checksums.
- We’re adding another new category, Network encryption. Network encryption applies crypto services between networking devices. Data is encrypted only while in transit, existing as plain text on the originating and receiving hosts. It's most often used to encrypt traffic over WAN connections between corporate locations such as regional offices, remotes office, data centers etc. but can also be employed in local area networks.
- We’re merging two categories, NAV and SIM, into a single category, Security Analytics (SA). SA is the convergence of the correlating and reporting functions of SIM together with information feeds from DLP solutions, NAV solutions, endpoint visibility and control (EVC), IAM solutions,and even fraud solutions. SA gives security pros context and situational awareness regarding the threats to sensitive data.
I'm asking for your thoughts, opinions, complaints, and suggestions before we embark on the exhaustive qualitative and quantitative research for this year’s refresh. You have two ways to do this, you can:
- Take our survey!
- Email me (email@example.com) your manifesto….I mean passionate ideas.
Your feedback is invaluable to this process so I look forward to hearing from you and engaging in an exciting conversation.