David Holmes

Principal Analyst

Forrester Bio

David Holmes

Author Insights

Blog

Forrester’s RSAC 2024 Themes, Takeaways, And Observations

Jeff Pollard 5 days ago
More than 41,000 attendees, 600 exhibitors, and 425 sessions. Get some of the key themes and takeaways from the Forrester security & risk analysts who attended RSA Conference (RSAC) 2024.
Blog

Key Learnings From The First-Ever Forrester Wave™ On Security Service Edge Solutions

David Holmes March 21, 2024
Get a preview of Forrester's first-ever Wave for Security Service Edge Solutions evaluating the 11 most important vendors in this space.
Blog

Get Ready For Takeoff: Microsoft Copilot For Security

Jeff Pollard March 13, 2024
Microsoft announced the launch date of Copilot for Security. Find out what this means for security professionals and how you can prepare.
Blog

VMware Customers: Brace For Impact

Tracy Woo November 22, 2023
With the VMware-Broadcom deal set for closing, what should you know? Learn five key things VMware customers can expect in the coming years.
Blog

Forrester’s Impressions: VMware Explore 2023

Naveen Chhabra September 6, 2023
In recent years, VMware has faced major headwinds: It migrated its clients from on-premises to public cloud, changed to a cloud-native application development paradigm, shifted to subscription licensing, had frequent cycles of M&A activities, and experienced unfavorable macroeconomic environments. Despite these, VMware registered modest revenue growth. Even though it grew, it knows it is vulnerable. […]
Blog

A Deep Dive Into The Forrester Wave™: Zero Trust Edge Solutions, Q3 2023

David Holmes August 29, 2023
Get an inside look at the industry’s first evaluation of all-in-one Zero Trust Edge (ZTE) solutions, which some vendors call secure software-defined WAN (SD-WAN) and others call secure access service edge (SASE).
Blog

The Big Three Hyperscalers All Have Cloud-Native ZTNA Now

David Holmes August 7, 2023
The big three public cloud providers all now offer cloud-native ZTNA services. Learn more about the ZTNA service offered by each of the hyperscalers in this post.
Blog

The Microsegmentation Plot Thickens

David Holmes May 10, 2023
Inquiries about microsegmentation (also called Zero Trust segmentation) have been rising steadily, especially since the start of the year. This is great, because it means people are getting serious about Zero Trust (microsegmentation is the super-serious part). All these phone calls are prompting me to share my latest thoughts on the subject, so here we […]
Blog

Insights From The 2023 RSA Conference: Generative AI, Quantum, And Innovation Sandbox

Allie Mellen May 2, 2023
There's growing hype around generative AI in the security world, some of it warranted, some of it not so much. Learn more by reading the Forrester security and risk team’s key perspectives from RSAC 2023.
Blog

Decoding The New Zero Trust Terminology

David Holmes April 27, 2023
Over the last year, I’ve been scared of two things. Our research teams have been planning and publishing a ton of research around Zero Trust, and since we’re analysts, new terminology, and comorbid acronyms, have emerged. My first fear was that all these new terms would confuse both the readers and the market. The second […]
Blog

All Aboard: Chart Your Course To Zero Trust Intermediate

David Holmes March 9, 2023
Organizations around the world are embarking on their Zero Trust journeys. Often, these voyages are undertaken without a complete understanding of the destination: Zero Trust maturity. Reaching a level of Zero Trust maturity requires careful planning and a steady course to get there. Forrester recently published a report to help security and IT pros achieve […]
Blog

Enterprise Firewalls: The Security Tech That Keeps On Ticking

David Holmes December 20, 2022
Learn the three approaches enterprise firewall vendors are taking to work around a shortage of network security techs.
Blog

Has Zero Trust Killed Defense in Depth? Or “DiD” It Refine It?

Carlos Rivera December 12, 2022
Zero Trust (ZT) continues to make waves (no pun intended), with US federal agencies now publishing guidance, such as the OMB’s M-22-09 or the DoD’s ZT strategy, for effective implementations, allowing for the government to be viewed as a source of trust in cybersecurity — although ZT is still mired in myths, and these can […]
Blog

SentinelOne Secures Identity First, Deception Second, In Attivo Acquisition

David Holmes March 15, 2022
Endpoint security and extended detection and response (XDR) vendor SentinelOne today announced the acquisition of Attivo Networks for just over $600 million. Attivo was a darling of deception technology, but SentinelOne was really after its Active Directory protection portfolio, including ADAssessor and ADSecure. Enterprise identity plays a critical role in the Zero Trust world mandated […]
Blog

Nontraditional DDoS Attacks Are On The Rise

Heath Mullins March 10, 2022
If you have never heard of “DDoS amplification factor” prior to this week, you’re not alone. A new zero-day attack surfaced a vulnerability from an unlikely source: an internet-facing PBX (private branch exchange) system. Bad actors seized upon this opportunity to create a 4,294,967,296:1 amplification load. Yes, that’s 4 billion to one. This is a […]
Blog

OMB’s Zero Trust Strategy: Government Gets Good

David Holmes February 1, 2022
What a time to be alive! Hot on the heels of Forrester’s release of our definition of modern Zero Trust (ZT), the US Office of Management and Budget (OMB) released a memo entitled Moving the US Government Toward Zero Trust Cybersecurity Principles. Coincidence? Yes. A big deal? Also, yes. If executed as mandated, not only […]
Blog

The Definition Of Modern Zero Trust

David Holmes January 24, 2022
Zero Trust faces a bizarre dichotomy. Learn what it is — and perhaps more importantly what it isn't today.
Blog

Forcepoint Acquires Bitglass

Andras Cser October 22, 2021
In its quest to add to its Zero Trust edge (ZTE), also known as secure access service edge (SASE), portfolio, Forcepoint acquired cloud security gateway (CSG), also known as cloud access security broker (CASB), provider Bitglass for a Forrester-estimated $200-300 million last week. Beyond the usual criteria (ability to retain marketing and development talent of Bitglass), […]
Blog

Zero Trust Doesn’t Mean Zero Breaches

David Holmes June 29, 2021
We occasionally get asked this question: “Would Zero Trust have prevented [insert high-profile breach]?” The breach in question could be Equifax, SolarWinds, or the United States Office of Personnel Management. We haven’t been asked (yet) about the announcement from Microsoft this month, where they acknowledged that they were a target of, and indeed had an […]
Blog

DDoS Protection Vendors Introduce Welcome Pricing Innovations

David Holmes March 31, 2021
A few weeks back, in our DDoS Wave launch blog, we promised you a whole blog dedicated just to DDoS protection pricing innovations. Forrester recently published “The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021,” in which we evaluated the 11 most significant distributed denial-of-service (DDoS) vendors on the planet. During our research, we found some […]
More posts