Security Challenges Drive Growth For IAM Solutions

Jennifer Adams

The world is changing fast, and bring-your-own-device (BYOD) and telecommuting are increasingly becoming the norm, not the exception. This increasingly mobile and flexible workforce creates new security challenges as more and different types of devices are being used in multiple locations. Security and risk professionals must ensure that only the right people get access to the right information at the right time and for the right reasons. Identity and access management (IAM) tools help evaluate who has authorized access to which resources and why.

In our recently published Forrester Data: World Identity And Access Management Software Forecast, 2016 To 2021 (Global), Forrester predicts that the IAM software market will grow to $13.3 billion by 2021, from $7.7 billion in 2016, implying an 11.5% CAGR.

While IAM has traditionally focused on access for employees and business partners, we actually expect customer identity access management (CIAM) to be one of the fastest growing IAM niches. CIAM requires a delicate balance between security measures that are strong enough but don’t detract from the customer experience. As a bonus, data collected by CIAM tools can help with customer retention and drive profitability. As companies learn to leverage this data, we expect 19.5% annual CIAM software growth over the next five years.

Read more

Okta Files to Go Public

Merritt Maxim

Yesterday, Okta filed its S-1 with the SEC, officially marking its intent to go public. This planned IPO had been rumored in early 2016, but less than optimal capital market conditions in 2016 likely contributed to the delay. The S-1 followed last week’s news that Okta acquired Stormpath, an identity API provider based in Silicon Valley, for an undisclosed amount.

The filing is not surprising but opens a window into the financial dynamics of the identity-as-a-service (IDaaS) market. After reviewing the S-1, three main themes stand out for me:

  1. IDaaS demand is very strong. Okta’s fiscal year ends on January 31, so full-year figures are not yet available for the period ending January 31, 2017. But comparing Okta’s revenue numbers for its 2015 fiscal year with its 2016 fiscal year shows an impressive 100% year-on-year growth. A big boost in service revenue also suggests that Okta is being deployed in larger, more complex environments that require more customization and services. Over the past 18 months, Forrester has had a steadily increasing number of IDaaS-related inquiries from enterprise clients looking to deliver identity and access management (IAM) capabilities to their employees via a SaaS subscription model. Okta’s revenue growth aligns with the strong growth in demand we see from our clients.
Read more

Will The RSA Conference 2017 Make You A Better Security Pro?

Chris McClean

Today kicks off what’s always an exciting week for the infosec industry; in between meeting old and new friend at the RSA Conference, we’ll hopefully hear about practical new ideas, technologies, and opportunities for better managing information risk. Coincidentally, I’m proud to announce a new report highlighting the best tactics CISOs and security leaders are using to elevate their game:  How To Become A Superstar Security Leader. Will we hear any practical advice like this at the conference?

So far, so good. This morning in Moscone West, I already heard some great stories of cooperation at the Practical Intelligence Sharing: ISACs and ISAOs sessions, with a kick off from our own Laura Koetzle. In the (14!) years I’ve been to RSA previously, I’ve seen far too many technology vendors touting new partnerships and technical cure-alls and far too few case study examples like this of innovation helping CISOs do their jobs better. I’m cautiously optimistic things will be better this year.

So for the rest of the week, I’ll be looking past announcements of new products, acquisitions, and alliances; keeping an eye out instead for real-world examples and results. If you’re interested to hear Forrester’s take on the most interesting things we hear at the conference, register for our webinar here: Top Security Trends From The RSA Conference 2017.

And throughout the week, if you see or hear anything you think we should look into, please let us know!

Tough Decisions Made By Uber, Starbucks, Microsoft, Etc. Foretell Of Future Risk And Compliance Challenges

Chris McClean

In the past two weeks, we’ve seen Uber’s CEO respond to public criticism by stepping down from President Trump’s advisory council; Starbucks garner public support and condemnation after promising to hire 10,000 refugees; and tech giants including Google, Apple, Facebook, and Microsoft rally together to oppose the President’s recent immigration ban. In the past month, we also saw SeaWorld finally curtail its killer whale shows in California after prolonged public pressure, and artificial intelligence experts continue the contentious debate on driverless car morality.  

Executives are making very complicated moral decisions in the face of increasingly difficult situations in order to protect themselves, their stakeholders, and their brands. For anyone involved in business ethics, corporate behavior, risk management, and compliance, the world is getting more challenging and more fascinating all the time.

In our latest governance, risk, and compliance report, GRC Vision 2017-2022: Customer Demands Escalate As Regulators Falter, we examine the most critical trends that will transform risk and compliance roles over the next five years, many of which are playing out in the public eye every day:

Read more

Not Only GDPR. A New Set Of Privacy Rules Is Here.

Enza Iannopollo

Just after a few months since the European Parliament approved the final version of the new General Data Protection Regulation (GDPR), the European Commission is working on updating yet another set of privacy rules. The European Commission published a new text  that, when approved, will replace the current ePrivacy Directive: the EU law that ensures confidentiality of communication and the protection of personal data in the electronic communications sector.

While the Commission plans to complete the reform process quickly enough to allow the new law to come into force in May 2018 together with the GDPR, the road ahead is long and tortuous. In fact, both the EU Councils of Ministers and the EU Parliament must agree and approve the final text.

While EU policy makers aspire to finalize a new version of the ePrivacy Directive that goes hand-in-hand with the GDPR, it’s a task for all companies to update their processes, technology, workforce's expertise, and oversight mechaninsms to comply with both sets of rules. To meet compliance requirements consistently and without redundancies, it’s crucial that firms understand what’s changing and how ahead of time. According to the proposed text, the new ePrivacy law will:

Read more

2016 Privacy Lessons Learned And Looking Ahead To 2017

Heidi Shey

Each year at the end of summer, several members of Forrester’s Security & Risk research team look back at publicly reported breach events and data privacy violations of the previous 12 months to spot trends and identify cases to feature where we feel there are lessons learned for S&R pros. In 2016, this was a joint effort alongside my colleague Fatemeh Khatibloo from Forrester’s Customer Insights research team. Leading up to Data Privacy Day, I’d like to share some lessons learned from one of the five key trends we saw in our 2016 analysis.

The intersection of privacy and customer experience reminds us of the importance of collecting and managing consent, whether that involves collecting data to personalize an experience or marketing or another initiative we aim to pursue. We saw notable examples (Verizon Wireless! InMobi!) of how FCC and FTC actions in 2015 and 2016 converged on issues of consumer privacy and consent. In both cases, firms used tracking information to deliver targeted ads.

Lessons learned:

Read more

BC & DR Pros, We Need Your Help!

Stephanie Balaouras

Each year, Forrester Research and the Disaster Recovery Journal team up to launch a study examining the state of business resiliency. Each year, we focus on a particular resiliency domain: IT disaster recovery, business continuity, or overall enterprise risk management. The studies provide BC pros, DR pros, and other risk managers an understanding of how they compare to the overall industry and to their peers. While each organization is unique, it's helpful to see where the industry is trending, and I’ve found that peer comparisons are always helpful when you need to understand if you’re in line with industry best practices and/or you need to convince skeptical executives change is necessary.

Read more

Automation And Sharing Are Common Themes

Joseph Blankenship

After years of shunning automation and information sharing efforts, the security industry is now embracing them. Every vendor conference I attended this fall talked about the need to automate some security functions in order to increase security teams' efficiency and ability to quickly detect and respond to incidents. The vendors also focused on the need to break down the silos and share information across the security and IT organizations, between vendors, and throughout the security community.

Why the change? The pace of attacks along with the continued stress of resource-constrained organizations are forcing security leaders to find new solutions.

Read more

Grading Forrester’s 2016 Cybersecurity Predictions Plus A Sneak Peek Into Our 2017 Predictions

Amy DeMartine

Every fall Forrester’s Security & Risk team comes together to make a set of predictions on the issues that will have the greatest impact on our clients in the next year. We don’t make broad, Nostradamus-like predictions like “There will be a breach at a large company in a great city.”  Instead, we go out of our way to make detailed predictions that force us to take strong stances, can easily prove wrong or right and are actionable by security and risk professionals. Before we provide a sneak peek into our 2017 predictions, it’s worth looking back and grading our 2016 predictions. 2016 was a particularly tumultuous year for cybersecurity. News agencies kept themselves busy as companies and public figures struggled with breaches, companies experienced embarrassing downtime and individuals felt their privacy rights slip away. The result? Cybersecurity has now vaulted from the boardroom to the Senate floor and to the Presidential debate stage. So how'd we do?

Read more

The 2016 Forrester Data Privacy Heatmap Points To Continued EU Influence On Global Regulations

Christopher Sherman
To help security and risk professionals navigate the complex landscape of privacy laws around the world, Forrester created a data privacy heat map that highlights the data protection guidelines and practices for 54 different countries. Earlier today, we published the 2016 version to the tool, as well as a free version with access to only the U.K. and U.S. ratings. We have updated the map every year since it’s initial publication in order to keep pace with the constantly-evolving landscape of global data privacy laws.
 
As we roll out the 2016 update and reflect back on the past 5 years of annual assessments, three high-level trends emerge:
 
  • Countries continue moving toward the EU standard for data protection. New legislation outside of the EU often follows the EU’s lead by adopting provisions similar to those in the existing Directive 95/46/EC regulation. The slow global convergence toward the requirements outlined in the regulation continued through 2016. For example, Argentina and Japan strengthened pre-existing policies, while Nigeria passed its first comprehensive cybercrime legislation. Japan also established an independent regulatory body (“Privacy Protection Commission”) that oversees privacy issues—a requirement of both the current Directive and the superseding European General Data Protection Regulation (GDPR).
Read more