Zero Trust
Zero Trust is a security model that was developed in 2009 as an alternative to older perimeter-based security models. Since then, Zero Trust has evolved beyond its original focus on securing the network and is now being adopted by private-sector technology executives and by international and US government agencies. It is based on the principle of “never trust, always verify” and requires continuous verification of every user, device, and network request. The core principles of Zero Trust include eliminating implicit trust, enforcing least-privilege access, implementing comprehensive security monitoring, attaching cloud security to cloud management, and harnessing cloud-native deployment, rearchitecture, and migration initiatives. The model ensures comprehensive control over access to data and resources, regardless of where they are located. Learn more about Zero Trust and how it can be applied to your organization through Forrester Decisions For Security & Risk.
Insights
Blog
White House Announces The 2026 Cyber Strategy For America
On Friday, March 6, the Trump administration released the latest US national cybersecurity strategy, President Trump’s Cyber Strategy for America, alongside an executive order on combating cybercrime and fraud. The document, focused on six core pillars, is the briefest cybersecurity strategy released by the US in the last decade. The biggest challenge with the document […]
Blog
The Success Of Your Proactive Security Strategy Depends On Your Answer To Six Questions
Proactive security has always been based on three principles: visibility, prioritization, and remediation. But in the age of AI, each principle will continue to experience challenges. In our latest research, The Future Of Proactive Security, we found that the future of proactive security hinges on how well teams answer six foundational questions across each principle: what, when, where, why, how, and who. Since AI accelerates […]
Blog
ServiceNow Buys Armis To Improve Its Proactive Security Platform
ServiceNow has announced its intent to acquire proactive security platform vendor Armis in a cash deal valued at $7.75 billion.
Blog
Proactive Security Platforms Will Cumulate Visibility, Prioritization, And Remediation
Last year, we released our inaugural Forrester Wave™ on attack surface management (ASM) solutions. The ASM Wave primarily focused on visibility — the first of the three principles of proactive security. ASM’s visibility is achieved through external asset discovery and ingestion of third-party information regarding asset attributes, and both features are becoming increasingly commoditized. Yet the ubiquity of […]
Blog
Developer-Led Growth Meets Enterprise-Grade Security And Distributed Infrastructure At Cloudflare Connect 2025
Cloudflare Connect 2025 had a distinctly optimistic vibe as the vendor positions itself as the connective tissue for modern digital operations in the enterprise and showcases its AI security abilities. Learn more in this event review.
Blog
Declaring Zero Trust Without Testing Is A Lie
Zero Trust without real-world testing is a false sense of security. Learn how MITRE ATT&CK-driven adversarial trials turn Zero Trust from theory into proof.
Blog
Announcing The Forrester Wave™: Network Analysis And Visibility Solutions, Q4 2025
Despite its criticality, network analysis and visibility solutions remain underrepresented in enterprises compared to technologies such as endpoint detection and response and security information and event management. Find out why in this preview of our new Wave report.
Now On Demand: 2026 Tech And Security Predictions
Missed it live? Watch our on-demand webinar to explore our 2026 predictions. Learn what tech and security leaders must do to lead with trust and value.
Blog
Get Your Zero Trust Initiative Back On Track With Forrester’s Zero Trust RASCI Chart
One of the biggest challenges to a Zero Trust journey can be misalignment between teams. Learn how our Zero Trust RASCI Chart can help define roles and responsibilities across the core domains of Zero Trust.
Blog
School Is In Session, And Attackers Are Grading Your Software Supply Chain Security
Three recently revealed software supply chain attacks are a reminder of how attackers probe for any weakness in a supply chain, including smaller entities, to target larger enterprises. Find out how you can learn from these attacks to strengthen your supply chains.
Blog
The Forrester Wave™: Secure Access Service Edge Solutions, Q3 2025 — A Market Transformed
We just released The Forrester Wave™: Secure Access Service Edge Solutions, Q3 2025, and the results mark a dramatic shift from the 2023 Wave on Zero Trust edge solutions.
Blog
When Buzzwords Collide: From A(I) To Z(ero Trust)
In the past 15 years, Zero Trust has become the dominant cybersecurity model. Now along comes AI. Find out what role generative AI and AI agents will play in driving Zero Trust adoption and maturity in this preview of our upcoming Security & Risk Summit.
Blog
Is Zero Trust Canceled? Revisiting DEF CON Research
Did AmberWolf’s talk at DEF CON 33 uncover any true fundamental flaws in Zero Trust? Although we think the research uncovered some significant issues, calling it a “total bust” is definitely overblown. Find out why.
Blog
Ongoing Government Uncertainty Around Cybersecurity Initiatives Is Putting Your Business At Risk
Government instability is undermining key cybersecurity programs like CyberSentry and MITRE’s CVE cataloging, putting critical infrastructure and business operations at risk. This post explores how funding cuts and conflicting AI directives are creating dangerous gaps in threat detection and response.
Blog
Announcing The Forrester Wave™: Privileged Identity Management Solutions, Q3 2025
Learn three important factors to consider when planning a privileged identity management (PIM) deployment or enhancement in this preview of our new report on the PIM solution market.
Blog
Introducing AEGIS — The Guardrails That CISOs Need For The Agentic Enterprise
AI agents aren’t coming — they’re already here. And they’re not waiting for your security architecture to catch up. Learn how Forrester's new AEGIS framework can help CISOs secure, govern, and manage AI agents and agentic infrastructure.
Blog
From The Basement To The Corner Office: Zero Trust Gets A “Promotion” In The DoD
Learn the implications of the new Zero Trust Portfolio Management Office and Chief Zero Trust Officer in the US Department of Defense.
Blog
Palo Alto Networks Enters The Identity Security Market With $25B Purchase Of CyberArk
The third-largest cybersecurity M&A deal in history makes sense in some respects, but the track record on mega security and identity tie-ups is incomplete and unproven.
Blog
Announcing The Forrester Wave™: Unified Vulnerability Management Solutions, Q3 2025
Vulnerability management is undergoing a seismic shift. The risk-based prioritization from vulnerability risk management (VRM) has combined with attack surface management (ASM) to form exposure management and continuous security testing — two emerging practices that prioritize visibility and prioritization over remediation and response.
Blog
Academic Freedom And Security: What Hogwarts Can Teach Us About Cybersecurity In Education
As educational institutions become increasingly connected, the need for robust cybersecurity grows even greater. Learn how we can protect digital campuses without building walls so high that curiosity can’t climb over them.
Blog
Announcing The Forrester Wave™: Zero Trust Platforms, Q3 2025 — Choosing A Platform Solution For Your Zero Trust Journey
The latest edition of our Zero Trust platform vendor evaluation, The Forrester Wave™: Zero Trust Platforms, Q3 2025, published today. It highlights how this market continues to improve upon delivering unified solutions that help simplify and operationalize Zero Trust for organizations. Beginning with The Zero Trust Platforms Landscape, Q1 2025, we researched major players in […]
More posts