2010: The Year That Security Finally Gets One Step Ahead?

During my first quarter as Research Director for the Security & Risk team at Forrester, I spent a lot of time listening to our clients and working with the analysts and researchers on my team to create a research agenda for the rest of the year that will help our clients tackle their toughest challenges. In the first quarter of 2010, clients were still struggling with the security ramifications of increased outsourcing, cloud computing, consumer devices and social networking. Trends have created a shift in data and device ownership that is usurping traditional IT control and eroding traditional security controls and protections.

We’re still dealing with this shift in 2010 — there’s no easy fix. This year there is a realization that the only way that the Security Organization can stay one step ahead of whatever business or technology shift happens next is to transform itself from a silo of technical expertise that is reactive and operationally focused to one that is focused on proactive information risk management. This requires a reexamination of the security program itself (strategy, policy, roles, skills, success metrics, etc.), its security processes, and its security architecture. In short, taking a step back and looking at the big picture before evaluating and deploying the next point protection product. Not surprisingly, our five most read docs since January 1, 2010 to today are having less to do with specific security technologies.

Some of our research published in just the last week is quickly shooting up to the top of the list including CISO Handbook: Presenting To The Board, To Facebook Or Not To Facebook and Market Overview: Managed Security Services. One technology-focused report that is quickly becoming popular with our clients is the two-part report, Demystifying Tokenization And Transaction Encryption.

We have an ambitious research agenda for Q2 that includes the publication of Forrester’s Security Maturity Model and our biggest IT event, Forrester’s IT Forum. We’ll have an entire Security and Risk focused track at the event with more than 7 sessions and 6 analysts presenting. We’ll have content dealing with organizational and process maturity, as well as content covering another emerging technology shift – the shift to Smart Critical Infrastructure and Grids (more on that in another post).

If you haven’t registered already, call our Events team at 617/613-5905 with discount code ITXBLG and they’ll extend a $200 discount for CSO.com readers.