Another look at Forrester's security recommendations

The foundation for security and enterprise management

After writing somewhat disparagingly about Forrester’s recent paper "Twelve Recommendations For Your 2011 Security Strategy" ("Watch out for identity management obfuscators"), I heard from their PR chief, Phil LeClare. And he did include a copy of the report in his note to me. So I read it. 

While I still stand by what I said last week, there are some good points brought out that I’d like to share with you. Too often, fear of what’s new drives business decisions. The classic case is the Luddite movement of the early 19th century. (The principal objection of the Luddites was to the introduction of new wide-framed automated looms that could be operated by cheap, relatively unskilled labor.) We’ve adopted the name “Luddite” to apply to anyone who resists technological change simply because it is change. 

The Forrester report talks about recent changes that need to be incorporated in any business strategy going forward which might be resisted by hide-bound, old-line business managers (or even moss-backed, Cobol-loving IT managers). 

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

After writing somewhat disparagingly about Forrester’s recent paper "Twelve Recommendations For Your 2011 Security Strategy" ("Watch out for identity management obfuscators"), I heard from their PR chief, Phil LeClare. And he did include a copy of the report in his note to me. So I read it. 

While I still stand by what I said last week, there are some good points brought out that I’d like to share with you. Too often, fear of what’s new drives business decisions. The classic case is the Luddite movement of the early 19th century. (The principal objection of the Luddites was to the introduction of new wide-framed automated looms that could be operated by cheap, relatively unskilled labor.) We’ve adopted the name “Luddite” to apply to anyone who resists technological change simply because it is change. 

The Forrester report talks about recent changes that need to be incorporated in any business strategy going forward which might be resisted by hide-bound, old-line business managers (or even moss-backed, Cobol-loving IT managers). 

Three in particular I’ll draw your attention to: 

• Help the business devise a strategy to leverage cloud services. 

• Actively support mobility in the post-PC era. 

• Prepare for social technology adoption. 

Embrace the cloud. Describe it, if you must, as an extension of client-server computing. But be sure to emphasize the need for good Identity Management, Access Management and Data Governance processes to make it successful. 

Mobility is the watchword. According to Forrester, “This year, the number of post-PC devices, such as tablets, eReaders, and Internet-capable mobile phones, will eclipse the number of PC devices, such as desktops, laptops, and netbooks.” Learn all you can about the Identity of Things (see “The Identity of Things”) and incorporate that knowledge into your identity, authorization, context and governance practices. 

And then there’s Facebook. And Twitter. And a raft of other Web sites and services grouped under the “Social Networking” rubric. Forrester quotes one CISO as saying, “Social media adoption is like a freight train coming; if we don’t prepare ourselves for it, we’ll get hit pretty hard.” Network World’s Ann Bednarz recently penned an excellent article (“2011 tech priorities: Embrace social media”), which starts: “As tempting as it may be to block employee access to social networks and social media sites, it's not a long-term play.” 

The day when IT could control all access into and out of the enterprise is long gone. If the social networks aren’t available on your organization-owned devices, then users will access them on their own devices. You shouldn’t want to stop these services, but to secure them and turn them to good use. 

If you’re a Forrester client, read their report — it does include some good information, even if they appear not to fully understand the breadth and depth of IdM and IAM.

Read more about security in Network World's Security section.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.