Top Five Security And Risk Reports In Q1 2020 (Not Written By Me)
It is humbling to work with a team of talented individuals like the ones I work with on Forrester’s security and risk team. This week, I’m highlighting five reports that some of these fine folks published in Q1 that I got a lot of value out of, and I think you will, too.
- “Optimize User Experience With Passwordless Authentication” by Andras Cser and Sean Ryan
Do you have questions about why passwordless authentication is garnering the hype it’s getting from experts in the identity and access management space? This report is a fantastic introduction that leads with an amazing flow chart that visually demonstrates what was the missing piece for me . . . this isn’t just about using an authenticator app in lieu of a password, but it also leverages a side channel to get that authenticator token. This puts adversaries in the difficult position of having a second channel that needs to be controlled in addition to the timing attack required to get the right code at the right time. Seriously, this makes me want to spend weekends trying to figure out how to break it because, by all appearances, it’s nontrivial.
Find the report here.
- “The Future Of The CISO” by Jeff Pollard, Claire O’Malley, Paul McKay, and Jinan Budge
I love this report because it’s entertaining, insightful, and only becoming more relevant. When I read it in January, my first thought was that it should have been titled “The Future CISO” because it’s a great guide to understanding CISO archetypes and the types of roles they should be aligning themselves to. For better or worse, we’re living in a different world than when this published in January, and the report has become more relevant as COVID-19 is changing the way everyone does business. Now, every CISO needs to pivot to become a transformational CISO. Read this report to understand who you need to be for your organization today.
Find the report here.
- “The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2020” by Alla Valente and Renee Murphy
Governance, risk, and compliance (GRC) has a nasty association with being “just checkbox compliance,” which is really the bare minimum your organization can do without getting fined into oblivion. I used to carry around a graphic that had a line for compliance and a separate line above it for best practices that I’d break out any time I was trying to help people understand what they need to do to survive litigation following a breach. True risk management, however, is about ensuring that neither of these possibilities become eventualities. As legacy platforms are being disrupted by visionaries offering customer-focused offerings, Alla’s GRC Wave has taken a space many security professionals think is as boring as Doug Neidermeyer and turned it into a toga party.
Find the report here.
- “A Practical Guide To A Zero Trust Implementation” by Chase Cunningham, David Holmes, Jinan Budge, Paul McKay, Andras Cser, Heidi Shey, Joseph Blankenship, and Merritt Maxim
There’s so much to love about this report that it’s hard to know where to begin. This report takes 12-plus years of Zero Trust thought leadership and distills it into a seven-page roadmap that answers the question, “How do I do this?” A personal observation is that I’ve had conversations with many people that really get into Zero Trust, where they start to talk about it academically as though they have been studying the tenets of it . . . if you ever thought Zero Trust couldn’t be practical, download this report today.
Find the report here.
- “Prepare Your Organization For A Pandemic” by Stephanie Balaouras, Alla Valente, and Andrew Hewitt
Stephanie’s background is in business continuity and disaster recovery, so when she wrote a report on pandemic planning in January, it got attention — a lot of attention. We’ve entered a time when we’re all scared, worried about job stability, dealing with balancing work and family 24 hours a day, and uncertain of who’s going to live or die. In this fantastic report, Steph provides guidance to organizations on the importance of making it about employees and customers to ensure continuity and success coming out the other side of a pandemic. This report is getting broad readership across roles because of its broad applicability. If you haven’t read this report, do so.
Find the report here.