Andras Cser

VP, Principal Analyst

Forrester Bio

Author Insights

Blog

The CISA Promotes Cloud Visibility And Security With Its SCuBA TRA

Andras Cser April 22, 2022
Get ready for the semi-nationalization of public cloud security in the US. The Secure Cloud Business Applications Technical Reference Architecture (SCuBA TRA) from the Cybersecurity and Infrastructure Security Agency (CISA) provides a wide-ranging set of cloud security requirements for civilian agencies that have thus far been outside the boundaries of the FedRAMP program. The proposed […]
Blog

SailPoint To Be Acquired By Private Equity Firm Thoma Bravo For $6.9 Billion

Andras Cser April 13, 2022
On Monday, April 11, 2022, identity management and governance (IMG) vendor SailPoint announced that it was being bought by private equity (PE) firm Thoma Bravo for $6.9 billion. This is not the first rodeo for Thoma Bravo with SailPoint; in 2014, the PE firm bought out SailPoint’s original venture capital investors and remained an owner […]
Blog

Okta Lapsus$ Compromise: How To Make Sure You’re Protected

Merritt Maxim March 24, 2022
On Tuesday, March 22, 2022, identity-as-a-service (IDaaS) provider Okta announced that it had detected an attempt to compromise the account of a partner in January 2022. The announcement came after the hacking group Lapsus$ posted screenshots of a computer used by one of Okta’s third-party customer support engineers. As one of the largest IDaaS providers with […]
Blog

Don’t Hit The Curb — Instead, Curb The Risk Of Emerging Technologies In 2022!

Andras Cser February 4, 2022
Find out why these five technology categories are causing security decision-makers the most concern.
Blog

OMB’s Zero Trust Strategy: Government Gets Good

David Holmes February 1, 2022
What a time to be alive! Hot on the heels of Forrester’s release of our definition of modern Zero Trust (ZT), the US Office of Management and Budget (OMB) released a memo entitled Moving the US Government Toward Zero Trust Cybersecurity Principles. Coincidence? Yes. A big deal? Also, yes. If executed as mandated, not only […]
Blog

Facebook Shuts Down Face Recognition System On Its Platform

Merritt Maxim November 4, 2021
Facebook's recently announced its decision to no longer use facial recognition in its platform. What does that mean for the long-term?
Blog

Forcepoint Acquires Bitglass

Andras Cser October 22, 2021
In its quest to add to its Zero Trust edge (ZTE), also known as secure access service edge (SASE), portfolio, Forcepoint acquired cloud security gateway (CSG), also known as cloud access security broker (CASB), provider Bitglass for a Forrester-estimated $200-300 million last week. Beyond the usual criteria (ability to retain marketing and development talent of Bitglass), […]
Blog

Perspectives On One Identity’s Acquisition Of OneLogin

Merritt Maxim October 8, 2021
On October 4, 2021, identity and access management (IAM) vendor One Identity announced plans to acquire identity-as-a-service (IDaaS) vendor OneLogin for an undisclosed amount. Founded in 2009, OneLogin is an established pure-play IDaaS vendor that primarily serves midmarket enterprises, with a unified platform for employees, partners, and customers, and has raised over $170 million in […]
Blog

KubeCon And The (Partial) Emergence Of Enterprise Kubernetes

Lee Sustar May 18, 2021
KubeCon events can be hard to assess. Whether live or virtual, they’ve become a sprawling mix of old-school tech trade show, open source project maintainer meetup, and independent user group. KubeCon + CloudNativeCon Europe 2021 was no different. My colleague Brent Ellis led Forrester’s initial appraisal of the online event, noting greater maturity in Kubernetes […]
Blog

It’s Time For E-Commerce And Security Pros To Collaborate To Combat Bot Fraud

Sandy Carielli May 6, 2021
Bots are bigger than the security team. Conversations with security professionals concerned about bots often start with credential stuffing attacks, but the bot landscape is much broader and can directly impact your top line. Even the defenses have business impacts: A bot management solution that slows down traffic on the biggest shopping day of the […]
Blog

Okta Acquires Identity Orchestration And CIAM Vendor Auth0 For $6.5B

Andras Cser March 4, 2021
Forrester analysts take a detailed look at what's driving the unprecedented premium being paid in this acquisition.
Blog

CyberArk Scoops Up Idaptive

Sean Ryan May 14, 2020
Read Forrester's take on CyberArk announcing its acquisition of identity-as-a-service vendor Idaptive.
Blog

Look Beyond Compliance When Choosing An Anti-Money Laundering Solution

Andras Cser September 24, 2019
When looking for an AML services provider, there are three primary factors organizations need to keep in mind.
Blog

Broadcom Buys Symantec’s Enterprise Biz: Good News For Investors, Bad News For Enterprises

Merritt Maxim August 9, 2019
Yesterday, Broadcom announced a definitive deal to acquire the enterprise business of Symantec for $10.7 billion in cash. This deal caps weeks of speculation that Symantec was in play, initiated in May 2019 following the sudden resignation of Symantec CEO Greg Clarke in May and a downward revision to Symantec’s FY 2020 revenue guidance earlier […]
Blog

Cisco Acquires Duo, Or How Should You Do Two-Factor Authentication (2FA)?

Andras Cser August 2, 2018
The National Institute of Standards and Technology (NIST) has not been recommending SMS OTP 2FA for a while precisely because of SMS inbox takeovers, MITM attacks, etc. From the license cost perspective, the price of moving away from SMS (to Google Authenticator, for example) is minimal. Google publishes guides on how to do this. From […]
Blog

Bank Of America Lowers Security, Removes One-Time Passwords At Payee Add/Change

Andras Cser April 24, 2018
With the latest change to the BofA online banking bill pay service (which added all sorts of unnecessary and distracting icons and ugly fonts), the bank decided to remove the one-time password two-factor authentication (OTP 2FA) requirement to force the customer to perform a one-time password-based step-up authentication before allowing the change. Instead, by default, […]
Blog

Palo Alto Networks Acquires Cloud Monitoring And Workload Management Specialist Evident.io

Andras Cser March 14, 2018
Palo Alto Networks (PAN) today announced plans to acquire Evident.io, a predominantly API-based cloud monitoring vendor for $300 million in cash. Evident.io has a large mind share among Forrester’s end user clients and is also regularly mentioned by other cloud workload security management (CWS) vendors as a viable competitor. With PAN expanding Aperture into a […]
Blog

McAfee acquires CSG / CASB vendor SkyHigh Networks – two years too late?

Andras Cser November 27, 2017
In the light of large network security vendors (Cisco, Palo Alto, Symantec, Zscaler, etc.) acquiring or building Cloud Security Gateway (CSG, also known CASB) vendors, it comes as little to no surprise that McAfee also invested in this area. In Forrester’s estimates, SkyHigh annual revenues were around USD $40-45 million/year. Looking at similar deals, Forrester […]
Blog

SAP Buys CIAM Vendor Gigya

Merritt Maxim September 25, 2017
Today, SAP announced it has acquired Mountain View, CA based Customer Identity and Access (CIAM) provider Gigya. Several media outlets placed the purchase price in the $350M range. Gigya has been a CIAM vendor since 2010 and raised ~$105M in venture capital, so if the purchase price is accurate, it reflects a good return for […]
Blog

Cisco buys Cloud Security Gateway vendor CloudLock for $293M

Andras Cser June 28, 2016
Given Symantec's recent acquisiton of BlueCoat (and with it BlueCoat's earlier acquired Elastica and Perspecsys cloud security gateway (CSG) assets), and IBM's organic buildout of its Cloud Security Enforcer CSG solution it comes hardly as a surprise that Cisco today announced its intent to acquire CloudLock for US$293M (in Forrester's estimation this purchase price represents […]
More posts