FORRESTER’S SECURITY

FORUM EMEA 2010

Navigating The New Security & Risk Reality
March 11-12, 2010 ■ Guoman Tower Hotel ■ London

www.forrester.com/security2010emea
 FORRESTER’S SECURITY
FORUM EMEA 2010
Contents

3 Role-Based Forum
Dear Colleague,
4 Speakers
In 2010, Security & Risk professionals will face a new landscape unlike any we’ve seen before.
We’ve been discussing “change” for years: how the future of IT will bring dramatic changes
6 Expert Advice to workplace dynamics, sourcing models, and application portfolios. But this year will be
different. The confluence of the changing threat landscape, economy, and new technology
7 Agenda requirements are forcing more change than we’ve seen in a decade. We need to move beyond
discussions of the economy plunging into freefall and the resulting decrease in budgets, jobs,
8 Track Sessions and discretionary security projects. Security & Risk professionals need to understand how to
navigate this new security reality and continue to drive the business forward, moving beyond
focusing on security for the rapidly changing technology and instead focusing on mastering
10 Forrester’s Co-Located
Infrastructure & two major shifts: 1) a shift in business expectations, and 2) a shift in ownership.
Operations
EMEA Forum 2010 Forrester’s Security Forum EMEA will bring together industry experts and analysts to hold
practical sessions and panels on today’s most difficult security and risk struggles. Together,
11 Registration we will work to rethink the role of security within your enterprise by finding ways to get close to
the business, create efficiencies with governance, risk, and compliance (GRC), establish the
right set of priorities, and implement an architecture that responds to these security shifts.
12 Venue & Sponsors

I look forward to seeing you in London!

Rob Whiteley
Vice President, Research Director
Forrester Research

Two Forums For The Price Of One

Attendees of Forrester’s Security Forum EMEA 2010 will have access to Forrester’s co-located
Infrastructure & Operations Forum EMEA 2010. For more information, please see page 10.

2 www.forrester.com/security2010emea
 ROLE-BASED FORUM

Navigating The New Security Benefits Of Attending:

& Risk Reality ∙∙ Unbiased research and expertise from Forrester
analysts.
Every keynote, session, panel, and one-on-one interaction ∙∙ Identify opportunities for intelligent cost savings.
with analysts will help you explore how your role as a CISO, ∙∙ Compelling keynote addresses from today’s
information security professional, or risk management leading executives and IT leaders.
professional has shifted. The entire event — from keynotes ∙∙ In-depth discussion sessions on hot security
to track sessions and from sponsors to networking events topics with leading analysts and peers.
— is designed with these shifts in mind. ∙∙ One-On-One Meetings with Forrester analysts.
∙∙ Peer networking with more than 150 attendees.
Key questions:
• How do you retune your security and risk practice
Who Should Attend:
when your budget is flat or down? What are the best Forrester's Security Forum is aimed at improving your
and worst security metrics to demonstrate value to effectiveness and success in your role. This event
draws attendance from four roles:
the business?
• Where can you create efficiencies through a retuned ∙∙ Security & Risk professionals
governance, risk, and compliance (GRC) effort? ∙∙ Infrastructure & Operations professionals
• How do you ensure that cloud computing and ∙∙ CIOs
outsourcing partners have adequate security controls? ∙∙ Enterprise Architecture professionals
• Should your security controls extend to workers
bringing consumer-grade devices like iPhones,
netbooks, and Google Apps into the enterprise?
• Are you liable for securing information that resides on
non-IT-controlled servers and PCs?
• Which skills should you and your staff develop?
• What’s the best security architecture to balance
flexibility with operational efficiency?

“A varied, well‑structured event

that covered all aspects of security
effectively; the analysts were excellent
and their sessions very good.”
Andy Jackson, Director of IT, Friends Provident
2009 Security Forum Attendee
Sean Rhodes
Security & Risk Professional
Forrester uses personas like this to represent clients in
their professional roles and deliver a uniquely relevant
and solution-orientated experience.

In-Depth Tracks
Forrester’s Security Forum EMEA 2010 will deliver two in-depth tracks, split across two days. These analyst-led tracks will include:
∙∙ Track A — Shift In Expectations: Modernizing Your SRM Program
∙∙ Track B — Shift In Ownership: Protecting Data Outside Your Four Walls

To register call: +31 (0)20 305 4848 3

 POWERFUL CONTENT. EXCEPTIONAL SPEAKERS

Industry Keynotes
Building Trust As The Business Shifts To Online Services
Eirik Time, CISO, Statoil
Eirik Time is currently the Chief Information Security Officer (CISO) for Statoil. He is responsible for corporate information
management and IT risk management, compliance, and monitoring. Mr. Time joined Statoil as an engineer in 1997 and
has held many IT management positions, which included eBusiness, ICT security, security and usability, and Internet
technology responsibilities. Prior to joining Statoil, Mr. Time worked for companies such as Cambridge Technology Partners, Computas
AS, and TDI in consulting and management positions.
Key session takeaways:
• Learn the value of building trust and implementing security controls for SaaS and other online services.
• Identify the value of public key infrastructure (PKI), identity management, and establishing centralized digital identities for users
consuming online services.
• Discuss recommendations and lessons learned with these technologies

How Changing Business Expectations Require CISOs To Own Even More

Kim Aarenstrup, Group Head of Information Security, A.P. Moller – Maersk, and Council and
Executive Chairman, Internet Security Forum (ISF)
Kim Aarenstrup is the Group Head of Information Security/CISO of A.P. Moller – Maersk and sits on the Council of the
Information Security Forum (ISF) as Executive Chairman. Mr. Aarenstrup is also the Deputy Chairman and Founder of
the public Danish IT-Security Council. He has a background in the police force as a criminal investigator and was a key player in
establishing the first national High Tech Crime unit in Denmark.
Key session takeaways:
• Examine Mr. Aarenstrup’s view of the CISO position from both his day-to-day role as Group Head of Information Security at Maersk
and Council and Executive Chairman at ISF.
• Discuss why changing business needs require that CISOs own more, not less, security responsibility.
• Hear some thought-provoking advice and future recommendations for reshaping your security and risk leadership role.

Forrester Keynotes
Where Is The EMEA Cloud?
James Staten, Principal Analyst, Forrester Research
With the economy beginning its slow recovery, does the value proposition behind the new outsourcing options such as
cloud computing still apply? Or should enterprise Infrastructure & Operations pros look to return services to the data
center? The evolution toward cloud computing isn’t just about economics — it’s about strategic right-sourcing, and cloud
services play a key role in making you more efficient and effective. Come learn what other leading enterprises are putting in the cloud
and why you should too. This session will cover:
• What is real in the cloud and what still needs more work.
• How others are transitioning to the cloud.
• What services they are transitioning and why.

This is a joint Keynote session with Forrester’s co-located Infrastructure & Operations Forum EMEA 2010

4
 Visible Clouds: How To Master A Shift To Cloud Computing
Chenxi Wang, Ph.D., Principal Analyst, Forrester Research
Cloud computing promises tremendous business and operational efficiencies but has fundamentally changed the way IT
procures capacity, software, and expertise. As a result, the way to the cloud is not without inhibitors. Lack of visibility into
cloud operations, possibility of non-compliance, and privacy concerns are only a few of the challenges. This session will
equip you with the best practices to empower information security to embrace cloud computing. Key takeaways from this session will be:
• Learn where cloud computing may be a fit and where it is not.
• Get concrete steps to prepare for the move to the cloud.
• Discuss best practices to approach cloud security, privacy, and compliance.

Navigating The New Security & Risk Reality

Khalid Kark, Principal Analyst, Forrester Research
Shift happens. And you need to deal with the consequences. We’ve been discussing “change” for years: dramatic changes
to workplace dynamics, new sourcing models, and evolving application portfolios. But change is no longer hypothetical
— it’s real. This session will move beyond discussions of the economy and help you understand how to navigate the new
security reality. Session attendees will learn:
• The major business trends you need to prepare for before the inevitable upturn in the global economy.
• How to master three major shifts: 1) a shift in business expectations; 2) a shift in ownership; and 3) a shift in security architecture.
• Why you need to move beyond asking questions of your CIO and business peers to providing guidance and evolving your SRM
practice.

Attend A Pre-Forum Measuring The Effectiveness Of Your Security Organization

Workshop
For added value, join a small group of
peers and work closely with Forrester
analysts during a full-day, hands-on
Workshop. Special discounted rates
for paying Security Forum EMEA 2010
attendees!
Pre-Forum Workshop pricing:
£795 for paying Security Forum EMEA
2010 attendees (£1295 regular rate)
to register call: +31 (0)20 305 4848.
March 10, 2010
Led by Principal Analyst Khalid Kark and Senior Analyst Andrew Jaquith
In the past, the ever-changing threat landscape ensured healthy budgets for
information security. But in today's economic climate, senior managers are no longer
willing to write blank checks for IT security. As a result, security and risk management
executives must increasingly find ways to measure and communicate the success of
their information security programs to senior management. Security metrics are the
keys to doing this successfully.
Through facilitated sessions and presentations, you will discuss:
• Best practices for developing an effective strategy for IT security.
• Marketing the value of security to build awareness with the business.
• Essential strategies for improving security performance.
• Measuring the effectiveness of the security program.
• Turning operational metrics into business metrics.
• Creating a Balanced Security Scorecard that communicates program effectiveness.
http://www.forrester.com/securityforumworkshop2010

5
 EXPERT ADVICE
Meet One-On-One With Forrester Analysts.
Consistently rated as one of the most popular features of Forrester events, One-On-One Meetings give you the opportunity to discuss unique security and risk
issues facing your organization with Forrester analysts. Security Forum EMEA 2010 attendees may schedule two 20-minute One-On-One Meetings with the
Forrester analysts of their choice, depending on availability.
Participating Forrester Analysts And Coverage Areas:
Andras Cser, Senior Analyst
Role Served: Security & Risk professionals
Enterprise Single Sign-On, Entitlement Management, Financial Services,
Healthcare & Life Sciences, Identity & Access Management, Mobile Services,
Passwords, Professional Services, Security & Risk, Strong Authentication,
Telecommunications Services, User Account Provisioning, Web Single Sign-On
Andrew Jaquith, Senior Analyst
Role Served: Security & Risk professionals
Data Classification, Data-Centric Security, Electronic Signatures, Encryption,
& Rights Management, Encryption, Information Leak Prevention, Information
Protection, Security & Risk
Khalid Kark, Principal Analyst
Role Served: Security & Risk professionals
Governance, Risk, & Compliance, IT Compliance Management, IT Risk
Management, Regulations & Legislation, Security & Risk, Security Performance
Management, Security Policies, Security Program Governance, Security Services,
Security Standards, Regulations, & Legislation, Security Strategy
John Kindervag, Senior Analyst
Role Served: Security & Risk professionals
Data Classification, Data-Centric Security, Encryption, Enterprise Firewalls,
Information Leak Prevention, Information Protection, Infrastructure Security,
Mobile Security, Network Security, Personal Firewalls, Protect Your Organization's
Information, Regulations & Legislation, Security & Risk, Security Appliances, Security
Architecture, Security Configuration Management, Security Event Management, Security
Operations, Security Performance Management, Security Program Governance, Security
Services, Security Standards, Regulations, & Legislation, Security Strategy, Threat Management,
Vulnerability & Threat Management
Security Forum EMEA 2010 attendees can also choose to meet with analyst from the co-located Infrastructure & Operations EMEA Forum including:
Brad Day, Vice President, Principal Analyst
Role served: Infrastructure & Operations professionals
Computer Architectures, IT Infrastructure & Operations, Midrange Systems,
Server Consolidation, Server Hardware, Server Operating Systems, Systems
Management, Unix Servers
Benjamin Gray, Senior Analyst
Role served: Infrastructure & Operations professionals
Client Computing Hardware, Client Operating Systems & Software, Enterprise
Desktops, Enterprise Laptops, Enterprise Mobile Devices, Enterprise Mobility, IT
Infrastructure & Operations, Mobile Operating Systems, Mobile Services, Mobile
Software & Platforms, Telecommunications Services
Elizabeth Herrell, Vice President, Principal Analyst
Role served: Infrastructure & Operations professionals
Call & Contact Center Outsourcing, Communications Infrastructure, Contact
Center Technologies & Processes, IT Services, Networking, Outsourcing, SIP/
SIMPLE Protocols, Speech Technologies, Unified Communications
Evelyn Hubbert, Senior Analyst
Role served: Infrastructure & Operations professionals
Business Service Management, CMDB, Data Center Management, IT Asset
Management, IT Infrastructure & Operations, IT Process Automation, IT Service
Management, ITIL, Infrastructure Change Management
Onica King, Researcher
Role served: Infrastructure & Operations professionals
Align people and processes with business needs, Data Center Management, Green
IT, IT Asset Management, IT Infrastructure & Operations, IT Process Automation,
ITIL, Make smarter infrastructure choices by balancing technical and business
justifications, Make your infrastructure more efficient, Navigate the evolving ecosystem of IT suppliers
Glenn O’Donnell, Senior Analyst
Role served: Infrastructure & Operations professionals
Application Development, Application Management, Application Performance
Monitoring, Business Service Management, CMDB, Capacity Modeling & Planning,
Data Center Automation, Data Center Management, IT Asset Management,
IT Infrastructure & Operations, IT Management, IT Organization, IT Process Automation, IT
Service Management, IT Services, IT Strategy, Planning, & Governance, ITIL, Infrastructure
Change Management, Infrastructure Configuration Management, Infrastructure Measurement,
Infrastructure Metrics, Integrated IT Management, Networking, Organizational Design & Change
Management, Server Management, Server Provisioning, Service-Level Management, Software
Distribution, Systems Management
Andrew Reichman, Senior Analyst
Role served: Infrastructure & Operations professionals
Consumer Electronics, Consumer Technology, Data Archiving, Data Protection, IT
Infrastructure & Operations, Next Generation DVDs, Storage & Data Management,
Storage Management, Storage Networking
6
Chris McClean, Analyst
Role Served: Security & Risk professionals
Corporate Governance, Corporate Social Responsibility, Enterprise Compliance
Management, Enterprise Risk Management, Governance, Risk, & Compliance,
Green Business Strategy, IT Compliance Management, IT Management, IT Risk
Management, IT Strategy, Planning, & Governance, Security & Risk
Bill Nagel, Analyst
Role Served: Security & Risk professionals
Authentication, Authentication, Authorization, & Audit, Biometrics, Digital &
Electronic Signatures, Digital Certificates & Digital Signatures, Financial Services,
Fraud Management, Governance, Risk, & Compliance, Government, Healthcare &
Life Sciences, High-Tech, Identity & Access Management, Infrastructure Security, Mobile Security,
Passwords, Privacy, Security & Risk, Security Operations, Security Policies, Security Program
Governance, Smart Cards, Strong Authentication
Usman Sindhu, Researcher
Role Served: Security & Risk professionals
Endpoint Security, Infrastructure Security, Network Access Control, Network
Performance & Security, Network Security, Networking, Regulations & Legislation,
Security & Risk, Security Operations, Security Standards, Regulations, &
Legislation, Vulnerability & Threat Management
Chenxi Wang, Ph.D., Principal Analyst
Role Served: Security & Risk professionals
Application Security, Content Security, Security & Risk, Security Operations, Threat
Management, Vulnerability & Threat Management
Rob Whiteley, Vice President, Research Director
Role Served: Security & Risk professionals
Network Access Control, Network Performance & Security, Networking, Security
& Risk
Galen Schreck, Principal Analyst
Role served: Enterprise Architecture professionals
Cloud Computing, Computer Architectures, Data Center Management, Enterprise
Architecture, Enterprise Architecture Domains, High Availability/Fault Tolerance,
IT Infrastructure & Operations, IT Management, IT Strategic Planning, IT Strategy,
Planning, & Governance, Processor Architectures, Server Virtualization, Systems Management,
Systems Partitioning & Virtualization, Technical Architecture
Chris Silva, Senior Analyst
Role served: Infrastructure & Operations professionals
Broadband & Remote Access, Convergence Services, Enterprise Mobile Devices,
Enterprise Mobility, Fixed-Mobile Convergence, IT Infrastructure & Operations,
LAN/WAN Performance Optimization, Local Area Networks, Mobile Operating
Systems, Mobile Phones, Mobile Software & Platforms, Network Performance & Security,
Networking, PDAs, Remote Access Infrastructure, Remote Work & Telecommuting, Smartphones,
Telecommunications Services, VPN - Internet/IPSec/SSL, Voice Services, Wide Area Networks,
Wide Area Wireless Networks/Wireless Broadband, Wireless LAN Infrastructure Hardware,
Wireless LAN Protocols & Standards, Wireless Voice Services - Mobile Voice & VoWi-Fi
James Staten, Principal Analyst
Role served: Infrastructure & Operations professionals
Blade Servers, Capacity On Demand & Utility Computing, Cloud Computing,
Computer Architectures, Data Center Architecture, Data Center Consolidation,
Data Center Management, Grid Computing, IT Infrastructure & Operations, Server
Consolidation, Server Hardware, Server Virtualization, Systems Management, X86 Servers
Christopher Voce, Analyst
Role served: Infrastructure & Operations professionals
Application Management, B2B Sales & Marketing, Clustering, Computer Architectures,
Data Center Management, IT Infrastructure & Operations, License Management, Server
Hardware, Server Management, Server Operating Systems, Server Virtualization,
Software Distribution, Systems Management, Systems Partitioning & Virtualization, X86 Servers
Doug Washburn, Analyst
Role served: Infrastructure & Operations professionals
Client Computing Hardware, Data Center Management, Green IT, IT Infrastructure &
Operations, IT Management, IT Organization, Server Hardware, Server Management,
Storage & Data Management, Storage Management
Simon Yates, Vice President, Research Director
Role served: Infrastructure & Operations professionals
Application Management, Client Computing Hardware, Client Operating Systems & Software,
Client Security & Management, Computer Displays, Enterprise Laptops, Enterprise Mobile
Devices, Enterprise Mobility, IT Infrastructure & Operations, Mobile Operating Systems,
Mobile Software & Platforms, PC Support, Peripheral Devices, Server-Based Computing
 AGENDA

All session speakers, themes, and times are subject to change. 7

 IN-DEPTH TRACKS

Track A — Shift In Expectations: Modernizing Your SRM Program

In the next 12 months, you’ll need to modernize your security and risk practice — in a world where security budgets are flat or down.
You must reevaluate how you are communicating with your business peers, streamline your organizational structure, examine your staff
to make sure you’re hiring and developing the right security talent, and even reassess your own skills and leadership capabilities. In
this track, we will help you realign expectations, by presenting the latest best practices on security and risk organizational structures;
governance, risk, and compliance (GRC); and improved metrics that measure and demonstrate value to the business. We’ll also help
you identify the emerging skill gaps and help you keep and recruit top talent.

How To Create A Lean Security Organization
Khalid Kark, Principal Analyst, Forrester Research
Building a security team with the right set of capabilities
is essential for protecting your corporate assets. Most
successful CISOs have found ways to outsource tasks and
resources outside the security organization or even outside
the company. As security gets embedded in business processes, the
structure and makeup of the security organization will change. This
session will:
∙∙ Highlight the changing role and expectations of the security
organization.
∙∙ Identify the capabilities and competencies a successful security
organization requires.
∙∙ Discuss different organizational staffing and sourcing models and
their advantages and disadvantages.
∙∙ Outline an approach to develop measurement and auditing
capabilities required to deal with external groups.
Elevating Security With Risk Management Techniques
Chris McClean, Analyst, Forrester Research
There is still a significant gap between how businesses view
risk management and how IT views risk management. And as
internal and external pressure intensifies, IT professionals
will need to adopt more sophisticated risk management
practices to help the business better articulate its potential risks,
mitigation plans, and overall exposure. Attendees of this session will:
∙∙ Get an overview of risk management methodologies applicable to IT.
∙∙ Look at how IT professionals can better communicate with
enterprise risk management, audit, and lines of business.
Applying A Maturity Model To IT Risk And
Compliance
Chris McClean, Analyst, Forrester Research
Organizations are increasingly challenged to compare the
maturity of their IT risk and compliance programs against
those of their peers. Budgeting, staffing, and project
resources can often hinge on these benchmarks. This session shows
you how to assess your maturity by wading through the many security,
risk, and GRC benchmarks and how to apply them to your business:
∙∙ Learn the value of maturity models and peer benchmarking to
help justify spending and resource levels.
∙∙ Review strengths and weaknesses of maturity models currently
available to assess IT security, risk, and compliance programs.
∙∙ Apply best practices for assessing your organization’s maturity.
PCI Unleashed: Embracing PCI As A Next-Generation
Security Architecture
John Kindervag, Senior Analyst, Forrester Research
Credit card security is one of the biggest drivers in IT
today. The PCI Data Security Standard for the protection
of credit card data has become an area of significant
focus for IT organizations. This session is designed to help
you position PCI to the CIO and other top executives to help them
understand it and determine how to more effectively manage the
organization’s PCI initiative. This session will cover:
∙∙ The differences between compliance and security.
∙∙ How to evolve your architecture by using PCI as an enabler.
∙∙ Ways to derive value from your PCI initiative.

∙∙ Understand how other companies are using risk management to
raise the profile and perceived value of IT security efforts.
“This event was well worth two days
of my time, with interesting topics
and opportunities to meet analysts
and other attendees.”
Alan Stevens, Enterprise Architect, Standard Life
2009 Security Forum Attendee
∙∙ The consequences of noncompliance.
A New Identity And Access Management
Architecture To Meet Shifting Business Demands
Andras Cser, Senior Analyst, Forrester Research
Identity and access management (IAM) has been rocked
with new architectures, products, and acquisitions. These
changes will definitely have an impact on your organization.
Come and learn what you need to do about it and how you
can cope with shifts in IAM’s organizational ownership, options for
hosted IAM, and implementations that unify management for external
and internal users. Attendees of this session will learn about:
∙∙ The best organizational ownership of IAM.
∙∙ How to architect the right mix of in-house and externally hosted
IAM services.
∙∙ Methods to protect data and manage entitlements with IAM.
∙∙ Elements of the new vendor landscape, including Oracle’s
acquisition of Sun.

8 Select and attend value-rich sessions!

IN-DEPTH TRACKS

Track B — Shift In Ownership: Protecting Data Outside Your Four Walls

A new generation of outsourcing and the consumerization of IT are usurping control from IT. The introduction of cloud computing gives
IT the flexibility to tactically outsource IT services. At the same time, your workforce is demanding more flexibility, and employees
sporting consumer-grade gear are eroding traditional security controls. The result? You don’t own your data anymore. Moreover,
enterprises know the weakening security perimeter is no longer sufficient for companies to embrace cloud computing, hosted services,
Web 2.0, consumer devices, and virtualized assets. To help, we’ll get you up to speed on how to: govern and secure data housed with
external providers and employees; rethink new outsourcing and employee contracts; embrace Tech Populism; extend audit controls to
third parties; and determine which security services belong in the cloud.

The Security Of B2B: Enabling An Unbounded Building An Identity Strategy To Harness

Enterprise
Usman Sindhu, Researcher, Forrester Research
The need to work with third-party organizations is
accelerating. Today’s global economy requires more
interactions with suppliers, partners, and even customers.
But how do you make sure you’re not exposing the business
to new risks? This session will explore how organizations
are putting security controls and policies in place to protect the
blurring enterprise boundary. Attendees will:
∙∙ Learn best practices in securing today’s business-to-business
interactions.
∙∙ Understand the right security controls that protect your business
without sacrificing flexibility.
∙∙ Discuss updated policies and contractual language to reflect new
business risks.
Protecting Information When You Don’t Own The Assets
Andrew Jaquith, Senior Analyst, Forrester Research
Outsourcing, offshoring, Tech Populism, and “executive
bling” present a common problem: sensitive data stored
on assets your company does not own. In this session, we
reveal key strategies for extending the reach of the data
security controls so that data stays secure regardless of
who owns the asset. In this session, you will:
∙∙ Hear essential strategies for future-proofing data protection.
∙∙ Get guidelines for working with business partners and gear-toting
employees.
∙∙ Understand lessons learned from pioneering enterprises.
Assessing Cloud Security: Examining Top Providers’
Security And Privacy Practices
Chenxi Wang, Ph.D., Principal Analyst, Forrester Research
IT professionals remain skeptical and concerned about
security and privacy of outsourcing to the cloud. In this
session, we will take a look at how top cloud providers like
Salesforce, Google, and Microsoft handle security and privacy issues;
go through mock case studies of security/privacy requirements; and
conclude with best practices for protecting your data in the cloud.
At this session you will:
∙∙ Learn how the top cloud providers handle security and privacy.
∙∙ Understand how to assess risk and reward tradeoffs of cloud
outsourcing.
∙∙ Examine best practices for dealing with cloud providers and
trusting your data to the cloud.
Consumerization And Cloud Computing
Bill Nagel, Analyst, Forrester Research
Consumer technologies have invaded the workplace, and
enterprise boundaries are expanding outward into the
cloud. This loss of control can be a daunting prospect
for security pros charged with employee authentication
and authorization. This session will discuss ways to
safely harness the consumer electronics revolution using identity
management technologies and cloud services. Attendees at this
session will:
∙∙ Learn how technologies and processes for both enterprise and
consumer authentication are being used today.
∙∙ Help you understand the challenges and opportunities of
federation and user-centric identity.
∙∙ Identify how authentication can help organizations integrate
personal mobile computing, telecommunications, and storage
devices into the workplace.
∙∙ Find out how organizations are working on securely moving
corporate information resources into the cloud.
Securing Bring-Your-Own-PC (BYOPC) Programs
Robert Whiteley, Vice President & Research Director, Forrester Research
Bring-your-own-PC (BYOPC) programs lower IT costs,
decrease complaints from employees, and produce fewer
conflicts with the business. Employees require more
flexibility and better technology from IT, and IT has no
choice but to give in. This session will describe a security
architecture using endpoint security, virtualization, and management
technologies to secure this IT inevitability. This session will cover:
∙∙ Why organizations are desperate to make BYOPC work.
∙∙ The underlying technologies required to make BYOPC a reality.
∙∙ How to design a new security architecture that enables this level
of employee flexibility.

9
 FORRESTER’S INFRASTRUCTURE & OPERATIONS FORUM EMEA 2010

Back In Black: Planning And Executing

Your Post-Recession Initiatives
TWO FORUMS, ONE PRICE
Attendees of Forrester’s Security Forum EMEA 2010 will have access to
Forrester’s co-located Infrastructure & Operations Forum EMEA 2010.
The Forums will open with a joint keynote session and then attendees
can choose which keynotes and track sessions they wish to attend.
Twice the content, twice the value! CO-LOCATED WITH SECURITY FORUM:
March 11-12, 2010 • Guoman Tower Hotel • London

Postponed, delayed, curtailed, or outright canceled — you heard these words too often in the past 18 months. But as the global
economy recovers, your company wants to come out of the starting gate fast with new applications and new market initiatives. Is your
firm’s infrastructure ready to answer the call? Will you need to refresh network, server, or storage gear to meet the demand? Should you
consider cloud or other strategic outsourcing alternatives? Do you have the skills you need to leverage new virtualization and automation
tools? Can you finally fulfill that long-held dream of transforming the infrastructure and operations (I&O) function from an organization
based on technology silos to a true service delivery team? These are the tough questions you need to prepare for as 2010 arrives.
This year’s I&O Forum will focus on the enormous tasks of planning, prioritizing, justifying, and carefully executing the wide range of people,
process, and technology projects needed to get your firm “back in the black.” Specifically, the Forum will answer questions such as:
• How will I&O drive a fast recovery for firms by planning and prioritizing infrastructure initiatives that best align with business goals?
• How will I&O teams adapt and apply the recessionary behaviors of business case justification and financial acumen and tune
them to the new norm for communicating with business leaders?
• How will I&O assess the post-recession readiness of its infrastructure to meet current and future business needs?
Track Sessions Give You Takeaways You Can Use Immediately
Now that we are looking beyond the recession to the next period of growth and investment, IO leaders face some tough decisions
about their priorities, as not every project will come back.
• Track A: Building An I&O Technology Plan For The Post-Recession Era.
• Track B: Embracing The New Norm To Plan, Prioritize, And Execute I&O Projects.
Key Questions The Infrastructure & Operations Forum Will Answer
Attendees of the Infrastructure & Operations Forum will learn how to manage and optimize I&O people, processes, and technologies
to fuel growth and improve efficiency in the post-recession era. They will learn the answers to questions such as:
• How do I prioritize new I&O opportunities that will drive business growth and reduce the cost of operations against the backlog
of projects already on the list?
• How do I effectively plan, justify, select, and optimize critical I&O solutions over the next five years?
• What impact will these technology investments have on people, skills, and the process of running I&O teams?
• How do I accelerate the transformation of I&O from an organization led by technology silos to one that emphasizes service delivery?
Who Should Attend?
Forrester’s Infrastructure & Operations Forum EMEA 2010 will examine crucial ways to make I&O organizations successful and well
aligned with business objectives. This year’s theme, “Back In Black: Planning And Executing Your Post-Recession Initiatives” addresses
issues relevant to all technology professionals, but its content will focus most closely on these roles:
• Infrastructure & Operations professionals.
• Enterprise Architecture professionals.
• Sourcing & Vendor Management Professionals focusing on infrastructure issues.
• CIOs.
• IT professionals involved in consolidation and virtualization projects, automating IT processes, building business continuity plans,
and hiring and training the next generation of I&O professionals.

10 www.forrester.com/infrastructure2010emea
11
VENUE & SPONSORS

Guoman Tower
St Katharine's Way, London E1W 1LD, UK
Phone: +44 845 305 8335
http://www.guoman.com
The Tower is a uniquely calm and tranquil place to stay in. Inspired by the slow roll
of the Thames just outside, this four-star London hotel provides a feeling of serenity
and peace, away from the bustle of London and the city. The hotel offers a range of
bedrooms, suites, and apartments.
For details of accommodation at the Guoman Towers or other hotels in the area, please go to:
Forum Venue www.forrester.com/security2010emea and select the “Venue” tab

UPCOMING... Forrester Events 2010

Enterprise Architecture Forum US Marketing Forum US Services & Sourcing Forum US
February 11-12, San Diego April 22-23, Los Angeles October 2010

Enterprise Architecture Forum IT Forum US Business Technology Forum US

EMEA
March 2-3, London
Security Forum EMEA
March 11-12, London
Infrastructure & Operations Forum June 2010
EMEA
March 11-12, London
Infrastructure & Operations Forum US
March 17-18, Dallas
May 26-28, Las Vegas October 2010
IT Forum EMEA Consumer Forum US
June 9-11, Lisbon October 2010
Customer Experience Forum US Marketing Forum EMEA
November 2010, London
Security Forum US Services & Sourcing Forum
September 16-17, 2010 EMEA
November 2010, London

For a complete list of all upcoming Forrester Forums, including Workshops, please visit www.forrester.com/events.

Sponsors
Sponsors
Be Visible. Create Excitement. Generate New Business.
Sponsor A Forrester Event
Sponsors of the co-located Security Forum EMEA 2010 and Infrastructure & Operations Forum EMEA 2010 are:

Platinum Sponsors Gold Sponsors Silver Sponsor

For sponsorship information, please contact us at: sponsorshipsEMEA@forrester.com or call the event sponsorship lines on +31 (0)20 305 4351 (4337)

Forrester Blog
Join the conversation on The Forrester Blog For Security & Risk Professionals: http://blogs.forrester.com/srm.

Register Today! Call: +31 (0)20 305 4848 or visit: www.forrester.com/security2010emea