Alla Valente

Senior Analyst

Author Insights

Blog

Spotting Reputational Risk In Nontraditional Third-Party Relationships Ain’t So Yeezy

Alla Valente March 14, 2023
Third-party risk management efforts typically focus on software vendors and managed services providers. It's time to broaden that perception.
Blog

Get A Head Start On The National Cybersecurity Strategy

Jeff Pollard March 2, 2023
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog

The Third-Party Risk Questionnaire Equation Doesn’t Add Up: Right Intention, Wrong Execution

David Levine February 23, 2023
Perspectives From A Former CISO/CSO For my second blog in this series, I wanted to share my thoughts on one of my favorite subjects: third-party risk management (TPRM). More specifically, I’m going to primarily focus on the receiving side of the equation — i.e., responding to and dealing with external inquiries about your organization as […]
Blog

Introducing The CLM Landscape, 2023: Contract Management Gets A Dose Of Digitalization

Alla Valente February 23, 2023
All businesses rely on contracts. Unlike customer-facing functions, however, the software that powers the creation, execution, and management of these commercial obligations hasn’t made the shift toward digital … until now! In my new report, The Contract Lifecycle Management Landscape, Q1 2023, I looked at the 26 notable contract lifecycle management (CLM) vendors that procurement, […]
Blog

Make The Case For Concentrating On Concentration Risk

Alla Valente February 21, 2023
Unless you’re a floppy disk aficionado, Tom Persky isn’t likely to be a familiar name. Tom is what you’d call a “last man standing,” as he’s the only bulk seller of floppy disks left, and his business of recycling, stripping, and reselling floppy disks is booming. You may be thinking, so what? Do they still […]
Blog

The SEC’s Proposed Rule On Climate Disclosure Has Teeth, Leaving Supporters And Opponents Simultaneously Unhappy

Alla Valente February 16, 2023
The proposed pivot from suggestion to regulation will require companies to take climate risk seriously — and do a lot of math. All corporations that file with the SEC will need to be prepared.
Blog

NIST AI Risk Management Framework 1.0 — What It Means For Enterprises

Michele Goetz February 7, 2023
Forrester provides guidance on how to succeed with AI governance with the NIST’s AI RMF 1.0.
Blog

Groundhog Day, SEC Style: Proposed Rule On Cybersecurity Risk Governance Has All The Pain Of SOX With Fewer Financial Penalties

Alla Valente February 2, 2023
There’s a significant shift ahead for how public firms and their boards treat cybersecurity risk. The last two years increased the amount of cybersecurity oversight in terms of regulations and guidelines. Voluntary “recommendations” such as the National Institute of Standards and Technology’s guidelines for AI offer a starting point for safer use of artificial intelligence, […]
Blog

Supply Chain Shortage Of Transformers: More Than Meets The Eye

Alla Valente January 18, 2023
They say the most inopportune time to buy an umbrella is when it’s raining. That’s exactly what’s happening now to US utilities companies scrambling to procure a critical component required to beef up or repair power lines just as the US hurricane season arrives. At the heart of the headache, for the fourth year in […]
Blog

Uneven Innovation At AWS re:Invent 2022

Lee Sustar December 8, 2022
Some 14 Forrester analysts attended this year’s AWS re:Invent in Las Vegas. The conference was a mix of innovation in some areas — particularly compute and networking, along with a co-engineering approach to industry cloud — but plateaus in others, such as hybrid and edge. Efficiency and consolidation were underlying themes, from amping up AI/ML […]
Blog

How To Avoid The Ill-Fated Quest To “Fix” Global Supply Chains

Alla Valente November 3, 2022
Learn why “fixing” supply chain issues is less important than reducing the long-term risks that create the issues in this Security & Risk event preview.
Blog

Misguided Fear Of AI And Automation: A Classic Horror Story

Carlos Casanova October 25, 2022
Classic horror movie quirks closely resemble what we’re seeing in firms looking to innovate and differentiate yet are running from rather than toward AI and advanced automation.
Blog

The State Of Third-Party Risk In 2022: The Not-So-Subtle Art Of Keeping All Balls In The Air

Alla Valente October 20, 2022
New business priorities, strategic initiatives, and a plethora of new risks mean that security, risk, and compliance professionals must master the art of juggling.
Blog

North American Firms Are Filling Roles But Flail On Climate Action

Alla Valente October 18, 2022
Learn the two key differences in the sustainability goals of the top 50 North American corporations as compared to peers in other geographies.
Blog

Apply Critical Thinking And Culture To Reduce Insider Risk

Joseph Blankenship September 27, 2022
Learn how to reduce the three most common types of insider threats in this Security & Risk event preview.
Blog

Amazon’s Success In Healthcare Hinges On Patient Experience And Trust

Natalie Schibell September 9, 2022
Amazon’s planned acquisition of One Medical presents a serious question surrounding patient data privacy.
Blog

Forget Quiet Quitting — Tech Whistleblowers Go Out With A Bang

Sara M. Watson August 26, 2022
When tech companies select people with ideals and integrity, they get people with ideals and integrity. When they behave in ways that betray those employees, they can expect rebellion.
Blog

Meta Pixel Fiasco Underscores Why Marketing And Risk Must Work Together

Stephanie Liu August 5, 2022
Marketing and risk share a common goal: building customer trust. By partnering, marketers and S&R pros can use the growing momentum around consumer privacy to grow customer trust.
Blog

Who’s Responsible For Cyber Insurance Policy Misrepresentations? It Depends.

Alla Valente July 14, 2022
On July 6, 2022, the Travelers Property Casualty Company of America (Travelers Insurance) filed a suit in an Illinois federal court against International Control Services, Inc. (ICS) asking for policy rescission and declaratory judgment against ICS. Travelers alleges that ICS misrepresented its use of multifactor authentication (MFA) on its policy application, which should be sufficient […]
Blog

Practice Empathy To Reduce Insider Risk

Joseph Blankenship June 15, 2022
Companies announcing layoffs need to pay attention to insider risk. Showing compassion and communicating openly can help.
More posts