David Holmes
Principal Analyst

Author Insights
Blog
VMware Customers: Brace For Impact
With the VMware-Broadcom deal set for closing, what should you know? Learn five key things VMware customers can expect in the coming years.
Blog
Forrester’s Impressions: VMware Explore 2023
In recent years, VMware has faced major headwinds: It migrated its clients from on-premises to public cloud, changed to a cloud-native application development paradigm, shifted to subscription licensing, had frequent cycles of M&A activities, and experienced unfavorable macroeconomic environments. Despite these, VMware registered modest revenue growth. Even though it grew, it knows it is vulnerable. […]
Blog
A Deep Dive Into The Forrester Wave™: Zero Trust Edge Solutions, Q3 2023
Get an inside look at the industry’s first evaluation of all-in-one Zero Trust Edge (ZTE) solutions, which some vendors call secure software-defined WAN (SD-WAN) and others call secure access service edge (SASE).
Blog
The Big Three Hyperscalers All Have Cloud-Native ZTNA Now
The big three public cloud providers all now offer cloud-native ZTNA services. Learn more about the ZTNA service offered by each of the hyperscalers in this post.
Blog
The Microsegmentation Plot Thickens
Inquiries about microsegmentation (also called Zero Trust segmentation) have been rising steadily, especially since the start of the year. This is great, because it means people are getting serious about Zero Trust (microsegmentation is the super-serious part). All these phone calls are prompting me to share my latest thoughts on the subject, so here we […]
Blog
Insights From The 2023 RSA Conference: Generative AI, Quantum, And Innovation Sandbox
There's growing hype around generative AI in the security world, some of it warranted, some of it not so much. Learn more by reading the Forrester security and risk team’s key perspectives from RSAC 2023.
Blog
Decoding The New Zero Trust Terminology
Over the last year, I’ve been scared of two things. Our research teams have been planning and publishing a ton of research around Zero Trust, and since we’re analysts, new terminology, and comorbid acronyms, have emerged. My first fear was that all these new terms would confuse both the readers and the market. The second […]
Blog
All Aboard: Chart Your Course To Zero Trust Intermediate
Organizations around the world are embarking on their Zero Trust journeys. Often, these voyages are undertaken without a complete understanding of the destination: Zero Trust maturity. Reaching a level of Zero Trust maturity requires careful planning and a steady course to get there. Forrester recently published a report to help security and IT pros achieve […]
Blog
Enterprise Firewalls: The Security Tech That Keeps On Ticking
Learn the three approaches enterprise firewall vendors are taking to work around a shortage of network security techs.
Blog
Has Zero Trust Killed Defense in Depth? Or “DiD” It Refine It?
Zero Trust (ZT) continues to make waves (no pun intended), with US federal agencies now publishing guidance, such as the OMB’s M-22-09 or the DoD’s ZT strategy, for effective implementations, allowing for the government to be viewed as a source of trust in cybersecurity — although ZT is still mired in myths, and these can […]
Blog
SentinelOne Secures Identity First, Deception Second, In Attivo Acquisition
Endpoint security and extended detection and response (XDR) vendor SentinelOne today announced the acquisition of Attivo Networks for just over $600 million. Attivo was a darling of deception technology, but SentinelOne was really after its Active Directory protection portfolio, including ADAssessor and ADSecure. Enterprise identity plays a critical role in the Zero Trust world mandated […]
Blog
Nontraditional DDoS Attacks Are On The Rise
If you have never heard of “DDoS amplification factor” prior to this week, you’re not alone. A new zero-day attack surfaced a vulnerability from an unlikely source: an internet-facing PBX (private branch exchange) system. Bad actors seized upon this opportunity to create a 4,294,967,296:1 amplification load. Yes, that’s 4 billion to one. This is a […]
Blog
OMB’s Zero Trust Strategy: Government Gets Good
What a time to be alive! Hot on the heels of Forrester’s release of our definition of modern Zero Trust (ZT), the US Office of Management and Budget (OMB) released a memo entitled Moving the US Government Toward Zero Trust Cybersecurity Principles. Coincidence? Yes. A big deal? Also, yes. If executed as mandated, not only […]
Blog
The Definition Of Modern Zero Trust
Zero Trust faces a bizarre dichotomy. Learn what it is — and perhaps more importantly what it isn't today.
Blog
Forcepoint Acquires Bitglass
In its quest to add to its Zero Trust edge (ZTE), also known as secure access service edge (SASE), portfolio, Forcepoint acquired cloud security gateway (CSG), also known as cloud access security broker (CASB), provider Bitglass for a Forrester-estimated $200-300 million last week. Beyond the usual criteria (ability to retain marketing and development talent of Bitglass), […]
Blog
Zero Trust Doesn’t Mean Zero Breaches
We occasionally get asked this question: “Would Zero Trust have prevented [insert high-profile breach]?” The breach in question could be Equifax, SolarWinds, or the United States Office of Personnel Management. We haven’t been asked (yet) about the announcement from Microsoft this month, where they acknowledged that they were a target of, and indeed had an […]
Blog
DDoS Protection Vendors Introduce Welcome Pricing Innovations
A few weeks back, in our DDoS Wave launch blog, we promised you a whole blog dedicated just to DDoS protection pricing innovations. Forrester recently published “The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021,” in which we evaluated the 11 most significant distributed denial-of-service (DDoS) vendors on the planet. During our research, we found some […]
Blog
Key Insights From The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021
The summer before I joined Forrester, I volunteered briefly in the local prison library. The work was fulfilling, but it definitely had its prose and cons. Speaking of prose, you’re about to be treated to a lot of it, because we just published “The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021,” and there’s a whole […]
Blog
Take Security To The Zero Trust Edge
Senior Analyst David Holmes introduces Forrester’s new model for security and networking services.
More posts