Alla Valente

Senior Analyst

Forrester Bio

Author Insights

Blog

Employee Vaccination Mandates: Indecision Is The Riskiest Decision Of All

Alla Valente October 14, 2021
Whether it's the carrot or the stick approach, the key to a decision on vaccination mandates is to make a definitive decision. Failing to do so constitutes a risk in itself. Find out why in this post.
Read More
Blog

Halloween Comes Early For Syniverse, FB, And Twitch — What We Can Learn From Their Spooky Outages Plus Breaches

Jeff Pollard October 7, 2021
As renowned ghost hunter and solver of mysteries Scooby-Doo would say, “Ruh roh, Raggy!” It looks like more than ghosts are wreaking havoc on haunted networks. We’re less than a full week into October, and Cybersecurity Awareness Month isn’t quite taking shape the way we expected. Ostensibly, orgs decided to pivot and use this time […]
Read More
Blog

Facebook’s Outage: Breaking The Ad Empire — For A Day?

Mike Proulx October 4, 2021
The Facebook ecosystem outage should remind advertisers to have proactive risk mitigation plans in place.
Read More
Blog

GRC Platforms Morph From Maslow’s Hammer To The Swiss Army Knife

Alla Valente September 22, 2021
Winston Churchill said it best — “Never let a good crisis go to waste” — and governance, risk, and compliance (GRC) vendors have heeded the advice not once but twice. In 2002, after the Sarbanes-Oxley Act intended to protect investors from fraudulent accounting activities by corporations, vendors turned GRC technologies into a Maslow’s hammer of […]
Read More
Blog

Zero Trust For Healthcare Orgs Is Just What The Doctor Ordered

Christopher Sherman July 29, 2021
Healthcare data is low-hanging fruit for hackers. Learn how adopting a Zero Trust strategy can help keep your data safe.
Read More
Blog

It’s Time For The Infosec Industry To Address Gender Bias And Bullying Head On

Jinan Budge July 11, 2021
The week of June 28 was a big one (not in a good way) for showcasing the persistence and depth of harassment and exclusion for women in cybersecurity. Those on infosec social media were flooded with bikini selfies protesting the harassment that a woman received for posting her own bikini selfie. Men and women took […]
Read More
Blog

The Cyber Insurance Roller Coaster: As Demand Speeds Up, Some Insurers Disembark

Heidi Shey June 28, 2021
The first half of 2021 has been anything but quiet for cyber insurance. Forrester has seen a steady flow of client inquiries on the topic, with questions coming in not just from the private sector but also from the public sector. Some are trying to navigate acquiring a cyber insurance policy for the first time, […]
Read More
Blog

Trusted Third-Party Phish Is The Catch Of The Day

Joseph Blankenship June 2, 2021
We warn users not to click on suspicious emails and not to open emails from untrusted senders to prevent users from being phished. Sender identity is one of the filtering mechanisms in email security solutions. But what happens when a trusted sender’s email account is compromised and an attacker uses that access to send emails […]
Read More
Blog

New TSA Cybersecurity Directive Signals That The Era Of Self-Regulation Is Over (If There Ever Was One)

Alla Valente June 2, 2021
On the heels of the Executive Order on Improving the Nation’s Cybersecurity signed by the President after a ransomware attack forced the shutdown of Colonial Pipeline, the Department of Homeland Security’s Transportation Security Administration (TSA), the agency responsible for overseeing pipeline security, on May 27, 2021, has announced its own Security Directive of new cybersecurity […]
Read More
Blog

GRC Platforms: What You Need To Know Before You Buy

Alla Valente April 13, 2021
Businesses always need to adapt their operations to changing circumstances, and the pandemic has only exacerbated the need to rethink risk management strategies. COVID-19 has simultaneously highlighted the necessity of risk management and exposed the gaps that exist in many governance, risk, and compliance (GRC) programs today. The pandemic also accelerated digital strategy and transformation […]
Read More
Blog

National Poetry Month And The Case For Whimsy In Security & Risk

Sandy Carielli April 5, 2021
We all need a bit of whimsy in our lives. This is not just an excuse for a whimsical blog post, though there is that. Whimsy and laughter build bridges. And in the security world, where empathy is a critical resource, whimsy can be a first and recurring step in connecting with the teams outside […]
Read More
Blog

Announcing The Forrester New Wave™: Cybersecurity Risk Ratings Platforms, Q1 2021

Paul McKay February 25, 2021
The cybersecurity risk ratings (CSR) market is a bit like Marmite or SPAM (the pork product in a can, not the unwelcome emails) — some customers love it, others hate it. We see examples of both extremes in our customer interactions, interviews, and research on this market. Our responsibility as analysts is to highlight where […]
Read More
Blog

GRC And IAM — Better Together

Sean Ryan February 11, 2021
Struggling to define where GRC ends and IAM begins? Get a clear breakdown of how the two functions should work together in a broader risk management strategy.
Read More
Blog

Make COVID-19 The Supply Chain’s Final Cautionary Tale

Alla Valente February 3, 2021
2020 taught us that we underestimate the role of the supply chain until we're inconvenienced. It also taught us that supply chain risk is business risk.
Read More
Blog

It’s Time To Put Security And Privacy Front And Center For Virtual Care

Arielle Trzcinski December 22, 2020
(Written with Benjamin Corey, senior research associate at Forrester) Telehealth (virtual care) usage has skyrocketed during the pandemic. When you roll back the tape a few months, healthcare providers were able to (very quickly) stand up virtual care capabilities without having to go through the intensive HIPAA compliance protocols required in the healthcare industry. Some […]
Read More
Blog

The SolarWinds And US Government Breach Is Not A Marketing Opportunity

Jeff Pollard December 14, 2020
The size and scope of SolarWinds as an IT software provider and the nature of the breach announced on December 13 rocked the IT and security world — rightfully so. We’ve provided immediate, actionable advice for security and risk pros and IT leaders in our report here. While security leaders guide their companies to respond, […]
Read More
Blog

Oracle Sort Of Buys TikTok (But Not Really)

Jeff Pollard September 14, 2020
Larry Ellison proves that customer acquisition cost (CAC) is no barrier in Oracle’s conquest to expand its cloud credibility and market share. The announcement is murky at the moment, but the particulars indicate that Oracle and ByteDance will enter into a technology partnership to host the US operations of TikTok. This allows TikTok to escape […]
Read More
Blog

It’s Never The Data Breach — It’s Always The Cover-Up

Jeff Pollard August 21, 2020
What CISOs can learn from the case against Uber's former chief security officer.
Read More
Blog

Third-Party Risk Management: You Can’t Outsource Your Way Out Of Accountability

Alla Valente August 5, 2020
Firms have been outsourcing systems, business processes, and data processing activities to third-party service providers (TSPs) for years, but they are only one category of relationships that introduce risk into the enterprise. Now, firms are more dependent than ever on the vast network of third-party relationships, from vendors and suppliers to digital marketing agencies and […]
Read More
Blog

FORRward: A Weekly Read For Tech And Marketing Execs

Emily Collins July 13, 2020
How Poor Pandemic Management Destroys A Brand As the rest of the UK started emerging from lockdown, the city of Leicester saw local restrictions reimposed due to a second wave of infections. Leicester’s garment factories, many of which are suppliers to UK-based online fashion retailer boohoo, were identified as the most likely cause of the new outbreak. An investigation into employee conditions found that factory workers were forced to work without any social […]
Read More
More posts