Database and ERP Security and Best Practice Management
Up-to-date syndicated information on database & ERP privacy, security, audit and compliance
Database and ERP audit plans and best practices at www.checklist20.com
-
Sizing The Cloud Markets In Asia Pacific
Posted on February 3rd, 2012 No commentsExploiting cloud computing growth opportunities in Asia Pacific requires insights into future cloud market size, growth dynamics, adoption trends, and demand drivers, all of which vary widely across different markets within the region. Based on Forrester's previously published cloud market taxonomy, we provide forecasts and guidance on seven distinct cloud market segments across five key markets in Asia Pacific for 2010 to 2020. In this report, we focus specifically on the public cloud and virtual private cloud markets. We will cover forecasts and analysis of the private cloud market in Asia Pacific in subsequent research. Vendor strategists can use this report to validate internal estimates and guide strategy and planning in the key cloud computing markets and segments across Asia Pacific. -
TechRadar(tm) For Security Pros: Strong Authentication, Q1 2012
Posted on February 3rd, 2012 No commentsThe strong authentication landscape has undergone tremendous churn in recent years as new mobile-fueled technologies have come online and as RSA, the premier vendor of hardware one-time password (OTP) tokens, and some of its customers experienced breaches. These disruptive trends, along with updated authentication guidance from the US Federal Financial Institutions Examination Council (FFIEC), have driven many clients to ask us which strong authentication methods can meet all of their compliance, risk, cost, and usability requirements. Hard tokens and smartcards remain effective in managing high risk — but their appeal is becoming more selective compared with software OTP tokens and OTPs sent by text message. This report helps technology planners in security take users' newly favored devices, apps, and communications channels into account in designing a mix-and-match strategy for strong authentication. -
2012 Top 10 IaaS Cloud Predictions For I&O Leaders
Posted on February 3rd, 2012 No commentsEarly in 2011, Forrester made a series of predictions about the future of infrastructure-as-a-service (IaaS) cloud for that year. With 2012 now upon us, it's time to evaluate last year's predictions and introduce new prognostications. In 2012, Forrester predicts that cloud computing will move out of the shadows and become a mainstream technology that IT must proactively manage. This means big changes in the test and development process, business intelligence, and corporate governance. Infrastructure and operations (I&O) might have gotten away with blocking public cloud service consumption on the grounds of immaturity or security in the past, but those arguments won't hold in 2012. I&O leaders should start the year with policies and procedures in place and must get involved in the consumption of these services. And no, your private cloud alone won't be good enough. -
The Forrester Wave(tm): Enterprise Hadoop Solutions, Q1 2012
Posted on February 2nd, 2012 No commentsIn Forrester's 15-criteria evaluation of enterprise Hadoop solution providers, we found that in the Leaders category, Amazon Web Services led the pack due to its proven, feature-rich Elastic MapReduce subscription service; IBM and EMC Greenplum offer Hadoop solutions within strong EDW portfolios; MapR and Cloudera impress with best-of-breed enterprise-grade distributions; and Hortonworks offers an impressive Hadoop professional services portfolio. Strong Performer Pentaho provides an impressive Hadoop data integration tool. Of the Contenders, DataStax provides a Hadoop platform for real-time, distributed, transactional deployments; Datameer has a user-friendly Hadoop/MapReduce modeling tool; Platform Computing and Zettaset offer best-of-breed Hadoop cluster management tools; and Outerthought has optimized its Hadoop platform for high-volume search and indexing. HStreaming is a Risky Bet with a solution that is strong in real-time Hadoop. -
The Risk Manager’s Handbook: How To Evaluate Risks To Plan An Effective Response
Posted on February 2nd, 2012 No commentsThe goal of a risk management program is to drive effective decisions and actions based on an understanding of how uncertainty may affect objectives. However, even mature programs that have sophisticated risk identification and measurement methodologies often have only loosely defined guidelines for what to do with those risks once they've been identified and measured — and we've seen many high-profile corporate failures occur because of this gap. Addressing the "Evaluate the Risk" stage of the ISO 31000 risk management standard, this report outlines lessons learned from companies that did not respond effectively to the risks they assessed, provides an explanation of options that are available when choosing how to treat risks, and provides best practice examples of the criteria to use when making these choices. -
US Financial Services Lead Interactive Marketing Spending
Posted on February 2nd, 2012 No commentsUS financial services interactive marketing spend will more than double by 2016 but won't grow its investments in every channel at the same pace. This brief report breaks down the increase by channel and highlights what interactive marketers at financial services firms must do to ensure they engage the next generation of digital customers. -
Q&A: President Obama’s Memorandum On Records Management
Posted on February 2nd, 2012 No commentsPresident Obama's November 2011 memorandum on managing government records directly affects US federal government agencies and will ultimately have significant impact on enterprises in a variety of vertical markets. In response, security and risk (S&R) leaders should refocus attention on records management (RM) programs and be prepared to take strategic steps stemming from an RM directive anticipated this summer. In making these RM plans, S&R leaders should factor in how to improve eDiscovery processes and monitor cloud-based RM applications as they mature. -
Top Three Ways Manufacturers Can Drive Higher Conversion Rates Through The Online Retail Channel
Posted on February 1st, 2012 No commentsTo better understand how manufacturers can increase the ultimate conversion rate on leads they send to online retailer websites, Forrester teamed up with Channel Intelligence to analyze the patterns resulting from 44 million initial clicks on "buy" buttons across more than 150 major manufacturers' sites in 2010 and 2011. The purpose of the study was to determine the optimal page design, price presentation, and stock status display for manufacturers offering "where to buy" information on behalf of online retailers. Forrester found that shoppers who were shown "buy" button language, pricing information, and stock status in a specific way upstream on a manufacturer's website converted at a much higher rate downstream with online retailers. -
Planning Road Map: Adopting ITIL
Posted on February 1st, 2012 No commentsITIL is now in many ways bigger than its "master" — IT service management. From its origins in the UK government, its use has grown rapidly in the last decade and ITIL continues to dominate corporate thinking in IT operations, IT support, and IT service delivery. There are many benefits to ITIL adoption, particularly productivity, service quality, business reputation, and cost savings. However, ITIL is fraught with adoption challenges that could be prevented, or at least minimized. This report helps IT infrastructure and operations (I&O) professionals plan for ITIL success by understanding what commonly goes wrong and best practices to employ to mitigate these risks. -
Security Alert for CVE-2011-5035 Released
Posted on January 31st, 2012 No commentsHello, this is Eric Maurice.
Oracle just released a Security Alert for CVE-2011-5035. In recent weeks, it was widely reported in the security community that a number of programming language implementations and web servers were vulnerable to hash table collision attacks. US-CERT (United States Computer Emergency Readiness Team) has posted a detailed explanation of this issue (VU#903934) on its web site.
This vulnerability affects a significant number of products from Oracle and other vendors. It is particularly severe as it could allow a malicious attacker to create a denial of service condition against the targeted system through an easy unauthenticated attack over the Internet.
Today’s Security Alert provides fixes to address this issue in Oracle WebLogic Server, Oracle iPlanet Web Server, and Oracle Containers for J2EE. As usual, the availability of the fixes is noted in the Patch Availability Documents listed in the Security Alert Advisory. Note that these fixes were not included in the January 2012 Critical Patch Update, which however included the corresponding fix for Oracle GlassFish server.
Due to the threat posed by this vulnerability, particularly because of its ease of exploitation and the wide interest it has received in the hacking community, Oracle strongly recommends that customers apply this Security Alert as soon as possible. Users of affected non-Oracle products should contact their respective vendor as soon as possible to obtain the appropriate fix.
For More Information:
The Advisory for Security Alert for CVE-2011-5035 is located at http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html -
Innovation and Transformation Imperatives Drive ASEAN IT Services Growth
Posted on January 31st, 2012 No commentsThe IT services market in Asia Pacific is highly fragmented with greatly differentiated maturity levels and spending behaviors. Forrester believes that a combination of business drivers (the increasing influence of business decision-makers and digital natives) and technology factors (cloud, mobility, analytics) will drive major changes in the local and regional IT services markets. This report follows up on our analysis performed in Q3 2011 on the markets in Australia, China, and India and focuses specifically on the IT services markets in Singapore, Malaysia, and Indonesia — forecasting their evolution over the next five years. -
Killing Data
Posted on January 30th, 2012 No commentsAs cybercriminals have become more skillful and sophisticated, they have eroded the effectiveness of our traditional perimeter-based security controls. The constantly mutating threat landscape requires new defensive measures, one of which is the pervasive use of data encryption technologies. In the future, you will encrypt data — both in motion and at rest — by default. This data-centric approach to security is a much more effective way to keep up with determined cybercriminals. By encrypting, and thereby devaluing, your sensitive data, you can make cybercriminals bypass your networks and look for less robustly protected targets. -
How UK Banking Customers Use Different Channels, 2011
Posted on January 30th, 2012 No commentsOnline banking has changed the way people use other banking channels over the past decade. Even so, half of UK adults still visit a branch each month. eBusiness and channel strategy executives need to persuade customers to adopt self-service channels for routine interactions, thus releasing branch and call center employees for higher-value interactions. To do that, banks need to put digital channels at the heart of their strategies. Executives need to build a new generation of digital financial services that integrate human and self-service touchpoints by right-channeling routine interactions to self-service, turning branches into advice centers, generating sales online by integrating human help, and delivering on customer demand for mobile banking with mobile money management, marketing, and sales. -
2011 Forrester B2B Groundswell Award Winners Show Progressive Uses Of Social Technologies
Posted on January 30th, 2012 No commentsThe fifth annual Forrester Groundswell Award winners show how B2B companies at the social vanguard have progressed from social media experimentation to innovation and are delivering real business outcomes. Forrester received an impressive 44 Groundswell Award submissions from B2B companies this year. And the winners prove that contrary to popular belief, B2B marketers can implement creative, innovative, and effective social media strategies that are often associated with B2C companies. -
Revamp Your Approach To Skills And Staffing For Agile And Lean: Welcome To The Machine
Posted on January 30th, 2012 No commentsThis report outlines the skills and staffing part of Forrester's solution for application development and delivery (AD&D) executives working on Agile and Lean. It is designed to help AD&D execs execute with Agile and Lean. IT organizations are caught in a vortex of change emanating from several sources: the rapidly accelerating pace of business and technological change, the advent and impact of social media and the empowered consumer, the shift from IT to BT, and the demand to do much, much more in much shorter time frames. Survival requires much more than simple adaptation. We can't stop the world while we adapt to new organizational models. We don't have the luxury of starting over from scratch. We have to change the cogs in our IT machines without missing a beat, and some of those cogs — such as culture, politics, and policy — are really difficult to change. -
Navigate The Future Of Customer Service
Posted on January 30th, 2012 No commentsThis report outlines Forrester's solution for business process executives supporting customer service operations. It is designed to help business process execs understand the future of customer service and the key business trends that will unfold over the next five years. The report summarizes the top 15 customer service trends to help improve the customer service experience and contain operational costs that Forrester is tracking in 2012. Use our customer service trends impact analysis framework to pinpoint the key steps to make your plans bulletproof. -
Best Practices: Leveraging Live Streaming And On-Demand Video In The Enterprise
Posted on January 27th, 2012 No commentsA growing number of content and collaboration professionals are interested in using webcasting and YouTube-like video portals internally for corporate communications and training. Why? They recognize the benefits of video for bringing distributed employees together and for driving effective communications. IT-related challenges abound, however. Most enterprises lack a coordinated delivery approach for video capabilities, and a fragmented video-publishing technology landscape confounds many IT shops. This report, based on interviews with organizations at different stages of their video journey, offers several best practices for deploying live streaming and on-demand video effectively. Respondent best practices cite considerations for technology selection, service ownership, network delivery, content management, and business culture. -
The Forrester Wave(tm): US Digital Agencies — Mobile Marketing Strategy And Execution, Q1 2012
Posted on January 27th, 2012 No commentsIn Forrester's 37-criteria evaluation of US digital agencies with mobile marketing services, we identified the nine significant agencies in this category — AKQA, iCrossing, Ogilvy, Possible Worldwide, Razorfish, Rosetta, SapientNitro, TribalDDB, and VML — and researched, analyzed, and scored them. This report details our findings about how each agency measures up and plots where they stand in relation to each other, to help interactive marketers select the right partner for their mobile marketing efforts. -
Four Trends In Customer Intelligence Services
Posted on January 27th, 2012 No commentsOver the past year, we've been tracking a subtle shift in how organizations are evaluating and buying customer intelligence (CI) services. As executives at the C-level get involved in CI vendor relationships, they're demanding more accountability, more cooperation between service providers, and increased risk mitigation. This report will outline four emerging trends and how vendors are responding to these new client expectations. -
Framing The Business And IT Impact Of Mobile And Remote Work
Posted on January 27th, 2012 No commentsWith two-thirds of the North American and European workforce reporting that they work outside a corporate office at least occasionally during a month, it's imperative that business leaders initiate programs that keep workers productive and connected while remote. Content and collaboration (C&C) professionals have an important role to play here as a provider of the technology and creator of the strategies that keep managers and employees connected. However, C&C professionals can only be successful if they work in conjunction with leaders across the business to ensure that their work aligns with the mobile and remote work strategies of the broader organization. This report is designed to provide C&C professionals a framework for creating mobile and remote working programs and examples of how other businesses are applying these lessons to their unique business challenges. -
The Future Of Data Security And Privacy: Controlling Big Data
Posted on January 26th, 2012 No commentsIn the never-ending race to stay ahead of the competition, companies are developing advanced capabilities to store, process, and analyze vast amounts of data from social networks, sensors, IT systems, and other sources to improve business intelligence and decisioning capabilities. "Big data processing" refers to the tools and techniques that handle the extreme data volumes and velocities and wide variety of data formats resulting from implementing these capabilities. As organizations aggregate more and more data, they need to be aware that much of it could be financial, personal, and other types of sensitive data that are subject to global laws and regulations. In addition, security and risk professionals need to be aware of the security issues surrounding big data so they can take an active role early in these initiatives. This report will help security and risk professionals understand how to control and properly protect sensitive information in this era of big data. -
Game On: Education Product Strategists Embrace Gamification
Posted on January 26th, 2012 No comments"Gamification" is a hot topic in product strategy, especially in US K-12 education. Product strategists in education are helping their customers achieve teaching and learning goals by developing playful products that integrate with existing standards, curricula, and classroom technology. While games are not the solution to all the problems of the US education system, they are a useful tool for reaching a generation that spends hours on game consoles and portable game players. Successful product strategies will employ teacher communities for product innovation, as product adoption hinges on teachers' buy-in and support. -
Mobile Interactive Design Agencies Emerge
Posted on January 26th, 2012 No commentsCompanies increasingly see the need to offer differentiating mobile experiences. However, they struggle to find the skills and support they need to deliver useful and usable mobile services that make the most of device capabilities and do justice to their brands. Forrester interviewed 10 companies with a focus on mobile to explore the challenges of designing successful mobile experiences. This document describes the benefits of partnering with agencies that have invested in mobile capabilities and firms that specialize in mobile work. It offers advice to companies on how to get the right support in the right time frame to create mobile experiences that meet their requirements. -
Case Study: Mint.com Grows Its Business Using Game Mechanics
Posted on January 26th, 2012 No commentsMint.com wanted to increase traffic from new and returning users to its site as well as deepen engagement and exposure to monetized elements. By employing a suite of game mechanics — including challenges, progress bars, and alerts — more than 75% of Mint users now log in daily or more frequently. This case study explores how the money management website "gamified" consumer finances to create a stickier, more profitable website. -
Establishing A Global Direct Online Sales Footprint
Posted on January 26th, 2012 No commentsGlobal brands are increasingly looking to sell direct on their own websites — and not just in their home markets. After examining the global direct-to-consumer sales presence of manufacturers across a variety of product categories, it's clear that most US- and European-based manufacturers still prioritize eCommerce in North America and Europe, although they also target Japan and, increasingly, China. Selling direct to online consumers around the globe, however, is not for every manufacturer. Those firms that aren't selling direct in multiple markets should take advantage of the online channel to provide informational content on local products and ensure they're being savvy in how they drive consumers to key online and offline retail partners. -
Teleconference: Navigating The Complex World Of Data Privacy Regulations
Posted on January 26th, 2012 No commentsData privacy regulations prove to be a complex topic for many organizations operating on a global scale. In this teleconference, Forrester's data privacy experts explain how to effectively strategize around these laws using the Forrester Data Privacy Heat Map. Use cases are presented, touching on those most relevant to Security & Risk Professionals. -
The Forrester Wave(tm): Human Resource Management Systems, Q1 2012
Posted on January 25th, 2012 No commentsForrester's 69-criteria evaluation of human resource management system (HRMS) vendors found that Workday, Oracle PeopleSoft, Oracle E-Business Suite (EBS), and SAP lead the pack; each has its own unique strengths. Workday's strong core HR functionality and advanced SaaS technology platform play well against perennial Leaders Oracle and SAP, which offer breadth and global reach with a more traditional on-premises or hosted deployment approach. Oracle's new Fusion HCM solution is a Strong Performer in its first release; we expect it to gain breadth and maturity in subsequent releases. Several other HRMS vendors have, like Workday, embraced SaaS as the deployment model of choice; SaaS-only vendors ADP, Ceridian, and Ultimate Software are Strong Performers. Ultimate shows solid functional depth and breadth and is a good choice for US-based companies of all sizes. ADP and Ceridian have embarked on complete HRMS makeovers, with ADP Vantage and Ceridian InView coming to market in stages in 2011 and 2012. Lawson Software, an Infor affiliate, is another Strong Performer and is moving to transition core HR functionality to its newer talent management platform. -
The Changing Services Landscape Requires New Sourcing Practices
Posted on January 25th, 2012 No commentsThe IT services market is changing fast. Technological advances, the rising integration of business and technology, a corporate focus on core competencies, and the maturation of the IT vendor management role are all contributing to rapid change and growth in this market. Given the need to meet cost, time-to-market, and innovation objectives, companies realize that they must assemble and integrate services and solutions from best-in-breed suppliers rather than try to build these services, components, or new revenue opportunities on their own. To acquire the right services at the right prices, companies must have deep knowledge of the IT services marketplace and understand its future direction. This report explores major trends in the application and infrastructure services marketplace and will help companies make more informed decisions about their service supplier ecosystems. -
Teleconference: Evaluating Technologies For The Extended Customer Service Ecosystem Using Forrester’s TechRadar™ Methodology
Posted on January 25th, 2012 No commentsThe contact center technology ecosystem for customer service has grown more complex over time as new technologies and deployment modes emerge and as the vendor landscape changes due to mergers and acquisitions. This teleconference presents our findings of the current state of the 24 most important technologies across the following dimensions: 1) the current state of the technology; 2) the technology's potential impact on customers' businesses; 3) the time experts think the technology will need to reach the next stage of maturity; and 4) the technology's overall trajectory &mdash from minimal success to significant success. The 24 technologies described in the teleconference fit into the following core areas: -
Embracing The Open Web: Web Technologies You Need To Engage Your Customers, And Much More
Posted on January 24th, 2012 No commentsThe open Web is a culture, a community — and a set of preferred technologies for Internet applications. While HTML5 is the best known of these technologies, the open Web also includes JavaScript (client and server), CSS3, Representational State Transfer (REST) application programming interfaces (APIs), and mobile frameworks such as jQuery Mobile. Together, these technologies comprise a new application platform for the Internet that will gradually replace today's web platforms (HTML4, Adobe Flash, Microsoft Silverlight, Simple Object Access Protocol [SOAP] web services, Java EE, and .NET) for most applications. This research outlines the open Web platform's key components, their readiness, and how the platform is evolving.