Skip to content

Posts from the ‘Forrester Research’ Category

Feb 28

Securing Machine Identities Needs To Be A Top Cybersecurity Goal In 2021

Bottom Line:  Bad actors quickly capitalize on the wide gaps in machine identity security, creating one of the most breachable threat surfaces today.

Why Machines Are the Most Challenging Threat Surface To Protect

Forrester’s recent webinar on the topic, How To Secure And Govern Non-Human Identities, estimates that machine identities (including bots, robots and IoT) are growing twice as fast as human identities on organizational networks. Forrester defines machine, or non-human, identities as robotic process automation (bots), robots (industrial, enterprise, medical, military) and IoT devices.

The webinar points out that one of the fastest-growing automation types is software bots, with 36% used in finance and accounting, 15% used in business line and 15% in IT. The webinar also points out that in 2019, there were 2.25 million robots in the global workforce, twice as many as in 2010 and 32% of global infrastructure decision-makers expect their firms to use robotic process automation (RPA) over the next 12 months.

According to the Forrester Consulting white paper, Securing The Enterprise With Machine Identity Protection, over 50% of organizations find it challenging to protect their machine identities today. Unprotected machine identities are making it easy for bad actors to take control of entire networks of devices. Bad actors rely on organizations’ bots to provide the cover they need to attack networks and devices, often undetected for months or years.

Forrester found that machine identities are left exposed to bad actors because organizations aren’t adopting the tools they need to create and manage a centralized Identity Access Management (IAM) strategy across all machines. This includes defining and enforcing policies, auditing each machine and endpoint and better integrating support across machines and monitoring systems.

Furthermore, by adopting a more modern Privileged Identity Management (PIM) approach, organizations could solve many of these challenges. Leading PIM solutions providers include Centrify, which has succeeded in adapting to the ephemeral nature of securing machine identities by delivering machine identity and credential authentication based on a centralized trust model.

The Forrester report’s bottom line is that machines are isolated, exposed and more vulnerable than any other endpoint on a network. The following graphic compares protection strategies and finds a majority of organizations struggling to deliver them:

Securing Machine Identities Needs To Be a Top Cybersecurity Goal In 2021

Machine Identities Are Networks’ Weakest Security Link 

According to a Venafi study, machine identity attacks grew 400% between 2018 and 2019, increasing by over 700% between 2014 and 2019. Malware capable of compromising machine identities continues to gain momentum, doubling between 2018 and 2019 and growing 300% over the five years leading up to 2019. According to Kount’s 2020 Bot Landscape and Impact Report, 81% of enterprises are regularly dealing with malicious bots today and one in four say a single bot attack has cost them $500,000 or more. Furthermore, many organizations may not realize how many bots and machine identities they have – and bad actors capable of creating hundreds using automated scripting tools.

Forrester provided the following data points underscoring how vulnerable machines are to botnet and identity-based attacks today:

  • The 2017 Mirai botnet attack is a cautionary tale of the dangers of using default security credentials on machines and IoT devices. Using botnets to automate scans of vast blocks of IP addresses for potential telnet ports to log into, the Mirai botnets were programmed to rapidly try a series of basic usernames and passwords to gain access to IoT devices and machines. The Mirai botnets were successful, gaining control of thousands of machines and orchestrating them to deliver one of the largest DDOS attacks in history.
  • It’s common for enterprises to lose track of how many bots they’ve created, giving malicious actors the perfect cover to mask their movements. Instead of creating their bots, malicious actors look to disguise their movements across a network with a company’s bots. Forrester’s webinar mentioned how a large North American insurance provider deployed 400 software bots for customer-facing digital chatbots and processing claims, among other tasks.
  • There’s often no oversight of who has the rights to create and launch bots internally, leading to potentially thousands of bots without secured identities. One of the most troubling findings presented during the webinar is how loose the process is to create a bot – with no checks and balances in place or means of achieving consistent identity management.

How To Strengthen Machine Security

The more challenging any machine threat surface is to protect, the more opportunity it provides bad actors to breach them. A good place to start is by clarifying who owns keeping Transport Layer Security (TLS) and previous-generation Secured-Sockets Layer (SSL) client and server certificates, code signing certificates, Secure Shell (SSH) host and cryptographic keys so they are kept up to date. Letting those fall through the cracks will leave thousands of machines exposed and exploitable on networks.

Prioritizing machine identities and securing machine credentials is a must-have in 2021, as botnet attacks are quickly increasing due to bad actors’ being able to spin up thousands of them in days. The following are key steps to get started:

  • Taking a Zero Trust approach to managing every machine identity authentication on a network now could save thousands of hours and dollars in the future. Taking a least privilege access approach to managing machines now will pay off in the future, as the workloads of machines and non-human entities continue to grow more complex. The Forrester webinar expands on this point by explaining how new, more complex inter-machine relationships are evolving quicker than legacy approaches to endpoint governance and security can keep up.
  • Privileged access controls need to be more adaptive, secure and scalable than many organizations’ static-based approaches to securing machines are today. Forrester recommends replacing long-standing hardcoded credentials with session-based ones assigned via API calls from a vault. Machines are being used 24/7 and have access patterns completely different from humans using the network, making dynamically-assigned, ephemeral credentials even more important to protect a network. Privileged Identity Management (PIM) proves effective at providing privileged access controls for machine identities, with Forrester mentioning Centrify, HashiCorp and others as leaders in this area. Centrify’s approach is noteworthy in enrolling machines with its platform via a client to establish a trust relationship, so applications running on that machine can also be authenticated using a short-lived, scoped token.
  • Monitoring more machines on a network often leads to a transition from legacy to integrated log monitoring systems that can capture, analyze and report anomalous activity across a network. Log Monitoring systems are proving invaluable in identifying machine endpoint configuration and performance anomalies in real-time. AIOps is proving effective in identifying anomalies and performance event correlations in real-time, contributing to greater business continuity. One of the leaders in this area is LogicMonitor, whose AIOps-enabled infrastructure monitoring and observability platform have proven successful in troubleshooting infrastructure problems and ensuring business continuity.
  • Perform periodic audits to track all bots and machines in use across an organization, using Microsoft Active Directory to inventory and manage all of them. One of the most valuable take-aways from the Forrester webinar is the need to manage machine identities and their credentials centrally. Forrester mentions Microsoft Active Directory as one option. The companies providing services in this area include Centrify, which pioneered Active Directory bridging to authenticate human and machine identities based on a centralized model from a single identity repository.

Conclusion

Machines, or as Forrester calls them in their webinar, non-human identities require more precise, adaptive and ephemeral identity structures and access controls. CISOs and CIOs need to take greater ownership of machine identity authentication and provide Identity Access Management (IAM) and Privileged Access Management (PAM) down to the bot and non-human identity level. With the exponential growth of malicious bots tracking machine identities, now is the time to place machine identities among the highest priority of any cybersecurity strategy in 2021.

Jan 17

25 Comments

Roundup of Cloud Computing Forecasts and Market Estimates, 2012

The latest round of cloud computing forecasts released by Cisco, Deloitte, IDC, Forrester, Gartner, The 451 Group and others show how rapidly cloud computing’s adoption in enterprises is happening.  The better forecasts quantify just how and where adoption is and isn’t occurring and why.

Overall, this year’s forecasts have taken into account enterprise constraints more realistically  than prior years, yielding a more reasonable set of market estimates.  There still is much hype surrounding cloud computing forecasts as can be seen from some of the huge growth rates and market size estimates.  With the direction of forecasting by vertical market and process area however, constraints are making the market estimates more realistic.

I’ve summarized the links below for your reference:

  • According to IDC, by 2015, about 24% of all new business software purchases will be of service-enabled software with SaaS delivery being 13.1% of worldwide software spending.  IDC further predicts that 14.4% of applications spending will be SaaS-based in the same time period. Source: http://www.idc.com/getdoc.jsp?containerId=232239
  • The cloud computing marketplace will reach $16.7B in revenue by 2013, according to a new report from the 451 Market Monitor, a market-sizing and forecasting service from The 451 Group. Including the large and well-established software-as-a-service (SaaS) category, cloud computing will grow from revenue of $8.7B 2010 to $16.7B in 2013, a compound annual growth rate (CAGR) of 24%. https://451research.com/
  • Forrester forecasts that the global market for cloud computing will grow from $40.7 billion in 2011 to more than $241 billion in 2020. The total size of the public cloud market will grow from $25.5 billion in 2011 to $159.3 billion in 2020. Link to report excerpt is here.
  • Deloitte is predicting cloud-based applications will replace 2.34% of enterprise IT spending in 2014 rising 14.49% in 2020.  The  slide below  is from an excellent presentation by Deloitte titled Cloud Computing Forecast Change downloadable from this link.

  • Gartner predicts Small & Medium Business (SMB) in the insurance industry will have a higher rate of cloud adoption (34%) compared to their enterprise counterparts (27%).  Gartner cites that insurance industry’s opportunity to significant improve core process areas through the use of technology.  The following figure from the report, 2011 SMB Versus Enterprise Software Budget Allocation to Annual Subscriptions indicates the differences in software budget allocation for annual subscriptions by vertical market from the report:

2011 SMB Versus Enterprise Software Budget Allocation to Annual Subscriptions

  • Gartner is predicting that the cloud system infrastructure (cloud IaaS) market to grow by 47.8% through 2015. The research firm advises outsourcers not moving in that direction that consolidation and cannibalization will occur in the 2013 – 2014 timeframe  The providers named most often by respondents were Amazon (34%), SunGard (30%) and Verizon Business (30%). Of the global top 10 IT outsourcing market leaders, only CSC appears on the list. Source: User Survey Analysis: Infrastructure as a Service, the 2011 Uptake  Claudio Da Rold,  Allie Young.

External Service Providers Being Considered for IaaS (or Cloud IaaS)

Dec 26

8 Comments

Analytics, Cloud Computing Challenge Flat Growth in Forrester’s Tech Market Outlook for 2012

It’s time to strip away the hype surrounding analytics, big data and cloud computing by asking how these technologies contribute  to excellent customer experiences and greater customer engagement.  Those are the real catalysts of market growth and the greatest disruptive forces at work in enterprise software today.

Filtering forecasts of future technology adoption with a customer experience and engagement mindset is essential for separating hype from reality.  Two excellent blog posts were published today that provide useful insights for doing this.  Ray Wang’s Monday’s Musings: 10 Mega Business Trends To Watch For In 2012 provides pragmatic, insightful analysis of the progression going on from transactional to personal fulfillment systems.  Many of the CIOs I’ve met with in the last two months are saying exactly what Ray has written regarding this transition.   Paul Greenberg’s CRM 2012 Forecast – The Era of Customer Engagement – Part I delivers more insight than any of the financial or industry analyst reports I’ve read in the last twelve months on CRM and its intersection to social networks.  He has defined customer engagement so thoroughly I am sure this post will be a classic, referenced for years to come.  Both posts provide an excellent framework to evaluate the upcoming wave of new forecasts due out from research firms at the start of 2012.

Having recently read Forrester’s US Tech Market Outlook For 2012 and applying the concepts Ray Wang and Paul Greenberg discuss, here are several take-aways from that report:

  • Total U.S. ICT market in 2011 was $962B with the majority being generated from software sales ($208B) followed by Telecom Services ($199B) and IT Consulting and Systems Integration Services ($188B).  The following graphic illustrates the purchase of ICT product and services in the U.S. during 2011.  As enterprise software companies are striving to deliver what Ray Wang is calling Experiential Systems, the majority of their core Intellectual Property (IP) was obtained from building Transactional Systems.  Despite this conflict, software development methodologies including Agile give the industry a fighting chance at growth in 2012.
  • Software continues to dominate both in total revenue ($208B) and growth rate, with 8.2% growth projected for 2012.  In addition to analytics and Business Intelligence (BI), Forrester is predicting an increase in ERP, Middleware and SaaS-based application growth.
  • Forrester is most optimistic in their forecasts for analytics, BI, Cloud Computing and Smart Computing.  Cloud Computing forecasts at Forrester are indexed to sales levels of NetSuite, RightNow Technologies (Oracle), Salesforce.com, and Ultimate Software.  Forrester is claiming these four vendors will generate a 23% increase in revenues in calendar Q1, 2012 over Q1, 2011, increasing and staying constant at 24% year-over-year growth from Q2 to Q4, 2012 relative to Q2 to Q4,  2011. Salesforce.com could accomplish this level of growth through acquisitions alone. They’re showing they can integrate newly acquired companies faster than Oracle, who they are challenging for global CRM market leadership in the 2012 – 2013 timeframe.  When customer experience and engagement is taken into account, the forecast seems high.  Salesforce knows how to translate trial users into customers.  The question is can they do this fast enough in 2012 throughout the enterprise and mid-tier accounts to keep up their sales growth on track while reducing churn and increasing profitability.
  • Smart Computing is defined by Forrester as platform technologies including specialized analytics, BI, service-oriented architecture (SOA) infrastructure, virtualization software, rules engines, and awareness-based technologies.  Forrester is very optimistic about this area with a growth rate second only to cloud computing. Its index of the market is based on Informatica, Pegasystems, and Tibco Software.  Forrester is predicting in calendar Q1, 2012 there will be 16% growth over Q1, 2011, followed by consistent 13% growth year-over-year for Q2 to Q4, 2012 relative to 2011.  The following graphic compares growth of both Cloud Computing and Smart Computing.

  • The inflexion point of Smart Computing will happen when analytics, BI and awareness-based technologies including RFID can be used to make customer experiences consistently positive and drive cultural change throughout a business to center on customers’ expectations.  Paul Greenberg refers to this area of customer engagement in his blog post.  I agree with him and see the real value of analytics not for reporting, but for being a barometer of just how customer-centric and focused on delivering exceptional customer experiences a company is becoming.
  • In 2012, financial services, professional services, and manufacturing will be the three industries that dominate software purchases.  Financial services (19%), professional services (15%) and manufacturing (14%) will be the largest buyers of enterprise software.  Forrester believes that ERP replacements, supply chain management (SCM) and product lifecycle management (PLM) will all be proprieties in the coming twelve months.

Bottom line: Critiquing high growth technologies based on their contribution to customer experience, engagement and the creation of Customer Lifetime Value (CLV) is what matter most. Hopefully the new wave of forecasts for 2012 and beyond will take the customer – not just technology and statistical extrapolations – into account.

Aug 13

1 Comment

SaaS-based Analytics and Business Intelligence Market Update, August 2011

Challenging, uncertain economic times accelerate sales cycles and lead to more closed deals for business intelligence software providers.  Companies get an urgency to reduce costs and risks, relying on the insights gained from these applications.

There’s an interesting dichotomy starting to emerge in how experts and analysts define just how these markets will mature however.  Both agree that economic uncertainty are growth catalysts yet they diverge on adoption rates, roadblocks, and which analytics and BI technology will dominate in the years ahead.

This week I read Balancing Custom And Packaged Apps In Your Application Portfolio Strategy by George Lawrie, Mike Gilpin and Adam Knoll from Forrester and the latest Hype Cycle of Business Intelligence, 2011 by a collection of Gartner authors led by Andreas Bitterer.  I’ve summarized the key points of each below.

Forrester Sees SaaS Applications Overtaking Custom Application Development

Forrester sees SaaS-based applications starting to replace in-house custom application development, gathering momentum through 2013.  Gartner, with their Hype Cycle for Business Intelligence, 2011 just released this week, shows BI platforms having greater near-term benefit than SaaS-based analytics and BI.  Custom application development projects are going to face continued pressure to keep up with business requirements that SaaS applications are proving able to handle more effectively and economically than ever before.

In-house development makes more sense for specific analytics and reporting requirements,  yet will continually be eroded by SaaS-based applications that can meet most requirements at a lower cost.  Forrester has in the past said SaaS-based adoption of analytics applications in general and predictive applications specifically would be very slow due to data integration challenges.  This study points to a potential shift in their mindset, as the data shows SaaS-based analytics beginning to replace custom in-house developed applications.

Here are the key take-aways from the report:

  • Analytics processes are supported 79% of the time with custom application development.  Procure-to-pay (33%) and record-to-report (33%) are the second-most supported.  Multiple responses were allowed in the survey.
  • When asked which process areas they are automating with SaaS, analytics (33%), record-to-report (18%), order-to-cash  (15%), and purchase-to-pay (12%) were the most common responses.  There was a small sample size on the Forrester report and the most startling insight was how quickly respondent companies plan to migrate from custom application development to SaaS-based analytics and BI.
  • Nearly 50% of the respondents to the Forrester survey have between five and 19 SaaS-based applications today with 18% expecting to have 35 or more by 2013.  In addition 63% of respondents expect to deploy between five and 34 SaaS-based applications by 2013, a significant shift in just two years.
  • 36% of survey respondents say their  SaaS applications run completely standalone.  Another 36% mention they use a combination of on-premises Master Data Management (MDM) and process integration tools.  Ironically only 3% are deploying their applications on cloud-based MDM or process integration-based platforms.

Gartner’s Hype Cycle for Business Intelligence, 2011

Unlike the hype cycle for cloud computing, this hype cycle has fewer technology categories (25), a narrative firmly grounded in business process and strategy, and more practical and pragmatic insights versus just theoretical.  At 50 pages it’s  quick read and while there are many excellent points made, I have summarized the key take-aways pertaining to the highest hype points and SaaS adoption below:

  • Mobile Business Intelligence (BI) is the latest entry to the Hype Cycle for Business Intelligence based on the massive hype around analyzing locational and application data.  The hype surrounding the Apple iPad Series, Google Android and other tablet and smartphone platforms has made this one of the most hyped areas of the last year according to the analysis.
  • Consumerization, Decision Support, analysis of non-traditional data and “Big Data” are the areas of the greatest innovation today.  The hype cycle points to search, mobile, visualization and data discovery being the catalyst of Consumerization.  Predictive analytics, which is on the Slope of Enlightenment on this latest hype cycle, is critical to decision support.  The non-traditional and “Big Data” area of innovation is further supported by content, text analytics, in-memory DBMSs and columnar DBMSs.
  • SaaS-based Business Intelligence is at the apex of the Peak of Inflated Expectations yet will continue to have low adoption rates.  Gartner believes that the  lack of trust in third parties managing confidential data, and the inertia and fear many companies have in moving to a new architecture are slowing adoption.  This is in contrast to the survey Forrester released this week showing analytics being one of the most popular SaaS-based applications planned by 2013 in their base of respondents.
  • Gartner sees SaaS-based Business Intelligence of the most value to midsize and smaller organizations who lack IT staff yet have very specific, targeted information needs.  Website analytics, social media monitoring, dashboards, predictive analytics and Excel as a BI front-end all apply.  Both Forrester and Gartner agree on this point and see this type of custom development going away quickly internally.
  • There is a massive amount of hype surrounding in-memory computing, particularly from SAP at its Sapphire conferences .  Gartner believes that SAP’s vision of in-memory computing exceeds  in-memory analytics to include analytical and transactional processing.  As a result, In-Memory Database Management Systems are at the Peak of Inflated Expectations.


Source: Hype Cycle for Business Intelligence, 2011, Published 12 August 2011 | ID:G00216086 By Andreas Bitterer.  Gartner, Inc.

What Both Agree On

Forrester’s survey shows SaaS eventually replacing custom application development while Gartner’s Hype Cycle for Business Intelligence shows the practical, pragmatic technologies including dashboards, predictive analytics combined with the more complex Business Activity Monitoring (BAM), Business Intelligence Platforms, and Data-Mining Workbenches delivering the most value.  Despite these differences, both agree on the following:

  • The overall market for BI, Analytics and Performance Management continues to grow at between 8 to 12% per year depending on the forecast used.  The following forecast is from the report  Market Trends: Business Intelligence, Worldwide, 2011-2014, 7 June 2011 | ID:G00213483 by Dan Sommer and James Richardson.
Source: Market Trends: Business Intelligence, Worldwide, 2011-2014, 7 June 2011 | ID:G00213483 by Dan Sommer and James Richardson
  • 2011 continues to see large, strategic deals for analytics and BI closing more rapidly than they have in the past.
  • SaaS-based analytics and BI continues to gain a greater share of spending in midsize and smaller companies.  Both also agree that the proliferation of smaller SaaS-based analytics and Bi vendors concentrating on a specific niche have successfully displaced in-house custom development of competitive applications.  Trust in the smaller vendor, their track record, customer references and financial viability are what are winning deals for SaaS-based analytics and BI software providers today.
  • The market transition from build to buy is now in full force as budgets become available again.  This is key assumption of both analyses and means that smaller, more niche-oriented SaaS-based analytics and BI vendors stand a chance to get new reference accounts and grow, despite a challenging economy.

Jun 1

2 Comments

Sizing the Public Cloud Computing Market

Forecasting the global public cloud market is growing from $25.5B in 2011 to $159.3B in 2020 in the report Sizing the Cloud, Understanding And Quantifying the Future of Cloud Computing  (April, 2011), Forrester Research has taken on the ambitious task of forecasting each subsegment of their cloud taxonomy.   Forrester defines the public cloud as IT resources that are delivered as services via the public Internet in a standardized, self-service and pay-per-use way.   The aggregate results of their forecasts are shown in the attached graphic.

The forecast range is from 2008 to 2020 and I’ve included several of the highlights from the study below:

  • Forrester breaks out Business Process-as-a-Service (BPaaS) in their public cloud taxonomy, not aggregating this area of cloud computing into IaaS or PaaS.  This is unique as other research firms have not broken out this component in their cloud market taxonomies, choosing to include Business Process Management (BPM) as part of either infrastructure-as-a-service (IaaS) or platform-as-a-service (PaaS) subsegments.  Forrester is predicting this category will grow from $800M in 2012 to $10.02B in 2020.
  • SaaS is quickly becoming a catalyst of PaaS and IaaS growth, growing from $33B in 2012 to $132.5B in 2020, representing 26% of the total packaged software market by 2016.  Forrester is predicting that SaaS will also be the primary innovative force in public cloud adoption, creating applications that can be tailored at the user level.  Forrester is bullish on public cloud growth overall, and their optimistic outlook can be attributed to the assumption of cloud-based applications being configurable at the user level, with little to no enterprise-wide customization required.
  • PaaS is forecasted to grow from $2.08B in 2012 to $11.91B in 2020.  Forrester is defining PaaS as a complete preintegrated platform used for the development and operations of general purpose business applications.  The research firm sees the primary growth catalyst of PaaS being corporate application development beginning this year.  By the end of the forecast period, 2020, up to 15% of all corporate application development will be on this platform according to the report findings.
  • IaaS will experience rapid commoditization during the forecast period, declining after 2014.  Forrester reports that this is the second-largest public cloud subsegment today globally, valued at $2.9B, projected to grow to $5.85B by 2015.  After that point in the forecast, Forester predicts consolidation and commoditization in the market, leading to a forecast of $4.7B in 2020.

Jul 20

Webinar on Cloud Computing Realities Delivers Useful Insights

The following presentation includes an overview of cloud computing adoption trends from Forrester Research, followed by presentations by the Chief Technology Officers of Savvis and Gomez. Taken together, all three presentations shown below provide a realistic assessment of cloud computing adoption and performance.

Read more