Beruflich Dokumente
Kultur Dokumente
www.forrester.com/security2010emea
FORRESTER’S SECURITY
FORUM EMEA 2010
Contents
3 Role-Based Forum
Dear Colleague,
4 Speakers
In 2010, Security & Risk professionals will face a new landscape unlike any we’ve seen before.
We’ve been discussing “change” for years: how the future of IT will bring dramatic changes
6 Expert Advice to workplace dynamics, sourcing models, and application portfolios. But this year will be
different. The confluence of the changing threat landscape, economy, and new technology
7 Agenda requirements are forcing more change than we’ve seen in a decade. We need to move beyond
discussions of the economy plunging into freefall and the resulting decrease in budgets, jobs,
8 Track Sessions and discretionary security projects. Security & Risk professionals need to understand how to
navigate this new security reality and continue to drive the business forward, moving beyond
focusing on security for the rapidly changing technology and instead focusing on mastering
10 Forrester’s Co-Located
Infrastructure & two major shifts: 1) a shift in business expectations, and 2) a shift in ownership.
Operations
EMEA Forum 2010 Forrester’s Security Forum EMEA will bring together industry experts and analysts to hold
practical sessions and panels on today’s most difficult security and risk struggles. Together,
11 Registration we will work to rethink the role of security within your enterprise by finding ways to get close to
the business, create efficiencies with governance, risk, and compliance (GRC), establish the
right set of priorities, and implement an architecture that responds to these security shifts.
12 Venue & Sponsors
Rob Whiteley
Vice President, Research Director
Forrester Research
2 www.forrester.com/security2010emea
ROLE-BASED FORUM
In-Depth Tracks
Forrester’s Security Forum EMEA 2010 will deliver two in-depth tracks, split across two days. These analyst-led tracks will include:
∙∙ Track A — Shift In Expectations: Modernizing Your SRM Program
∙∙ Track B — Shift In Ownership: Protecting Data Outside Your Four Walls
Industry Keynotes
Building Trust As The Business Shifts To Online Services
Eirik Time, CISO, Statoil
Eirik Time is currently the Chief Information Security Officer (CISO) for Statoil. He is responsible for corporate information
management and IT risk management, compliance, and monitoring. Mr. Time joined Statoil as an engineer in 1997 and
has held many IT management positions, which included eBusiness, ICT security, security and usability, and Internet
technology responsibilities. Prior to joining Statoil, Mr. Time worked for companies such as Cambridge Technology Partners, Computas
AS, and TDI in consulting and management positions.
Key session takeaways:
• Learn the value of building trust and implementing security controls for SaaS and other online services.
• Identify the value of public key infrastructure (PKI), identity management, and establishing centralized digital identities for users
consuming online services.
• Discuss recommendations and lessons learned with these technologies
Forrester Keynotes
Where Is The EMEA Cloud?
James Staten, Principal Analyst, Forrester Research
With the economy beginning its slow recovery, does the value proposition behind the new outsourcing options such as
cloud computing still apply? Or should enterprise Infrastructure & Operations pros look to return services to the data
center? The evolution toward cloud computing isn’t just about economics — it’s about strategic right-sourcing, and cloud
services play a key role in making you more efficient and effective. Come learn what other leading enterprises are putting in the cloud
and why you should too. This session will cover:
• What is real in the cloud and what still needs more work.
• How others are transitioning to the cloud.
• What services they are transitioning and why.
This is a joint Keynote session with Forrester’s co-located Infrastructure & Operations Forum EMEA 2010
4
Visible Clouds: How To Master A Shift To Cloud Computing
Chenxi Wang, Ph.D., Principal Analyst, Forrester Research
Cloud computing promises tremendous business and operational efficiencies but has fundamentally changed the way IT
procures capacity, software, and expertise. As a result, the way to the cloud is not without inhibitors. Lack of visibility into
cloud operations, possibility of non-compliance, and privacy concerns are only a few of the challenges. This session will
equip you with the best practices to empower information security to embrace cloud computing. Key takeaways from this session will be:
• Learn where cloud computing may be a fit and where it is not.
• Get concrete steps to prepare for the move to the cloud.
• Discuss best practices to approach cloud security, privacy, and compliance.
5
EXPERT ADVICE
Security Forum EMEA 2010 attendees can also choose to meet with analyst from the co-located Infrastructure & Operations EMEA Forum including:
Brad Day, Vice President, Principal Analyst Galen Schreck, Principal Analyst
Role served: Infrastructure & Operations professionals Role served: Enterprise Architecture professionals
Computer Architectures, IT Infrastructure & Operations, Midrange Systems, Cloud Computing, Computer Architectures, Data Center Management, Enterprise
Server Consolidation, Server Hardware, Server Operating Systems, Systems Architecture, Enterprise Architecture Domains, High Availability/Fault Tolerance,
Management, Unix Servers IT Infrastructure & Operations, IT Management, IT Strategic Planning, IT Strategy,
Planning, & Governance, Processor Architectures, Server Virtualization, Systems Management,
Benjamin Gray, Senior Analyst Systems Partitioning & Virtualization, Technical Architecture
Role served: Infrastructure & Operations professionals
Client Computing Hardware, Client Operating Systems & Software, Enterprise Chris Silva, Senior Analyst
Desktops, Enterprise Laptops, Enterprise Mobile Devices, Enterprise Mobility, IT Role served: Infrastructure & Operations professionals
Infrastructure & Operations, Mobile Operating Systems, Mobile Services, Mobile Broadband & Remote Access, Convergence Services, Enterprise Mobile Devices,
Software & Platforms, Telecommunications Services Enterprise Mobility, Fixed-Mobile Convergence, IT Infrastructure & Operations,
LAN/WAN Performance Optimization, Local Area Networks, Mobile Operating
Elizabeth Herrell, Vice President, Principal Analyst Systems, Mobile Phones, Mobile Software & Platforms, Network Performance & Security,
Role served: Infrastructure & Operations professionals Networking, PDAs, Remote Access Infrastructure, Remote Work & Telecommuting, Smartphones,
Call & Contact Center Outsourcing, Communications Infrastructure, Contact Telecommunications Services, VPN - Internet/IPSec/SSL, Voice Services, Wide Area Networks,
Center Technologies & Processes, IT Services, Networking, Outsourcing, SIP/ Wide Area Wireless Networks/Wireless Broadband, Wireless LAN Infrastructure Hardware,
SIMPLE Protocols, Speech Technologies, Unified Communications Wireless LAN Protocols & Standards, Wireless Voice Services - Mobile Voice & VoWi-Fi
Evelyn Hubbert, Senior Analyst James Staten, Principal Analyst
Role served: Infrastructure & Operations professionals Role served: Infrastructure & Operations professionals
Business Service Management, CMDB, Data Center Management, IT Asset Blade Servers, Capacity On Demand & Utility Computing, Cloud Computing,
Management, IT Infrastructure & Operations, IT Process Automation, IT Service Computer Architectures, Data Center Architecture, Data Center Consolidation,
Management, ITIL, Infrastructure Change Management Data Center Management, Grid Computing, IT Infrastructure & Operations, Server
Onica King, Researcher Consolidation, Server Hardware, Server Virtualization, Systems Management, X86 Servers
Role served: Infrastructure & Operations professionals Christopher Voce, Analyst
Align people and processes with business needs, Data Center Management, Green Role served: Infrastructure & Operations professionals
IT, IT Asset Management, IT Infrastructure & Operations, IT Process Automation, Application Management, B2B Sales & Marketing, Clustering, Computer Architectures,
ITIL, Make smarter infrastructure choices by balancing technical and business Data Center Management, IT Infrastructure & Operations, License Management, Server
justifications, Make your infrastructure more efficient, Navigate the evolving ecosystem of IT suppliers Hardware, Server Management, Server Operating Systems, Server Virtualization,
Software Distribution, Systems Management, Systems Partitioning & Virtualization, X86 Servers
Glenn O’Donnell, Senior Analyst
Role served: Infrastructure & Operations professionals Doug Washburn, Analyst
Application Development, Application Management, Application Performance Role served: Infrastructure & Operations professionals
Monitoring, Business Service Management, CMDB, Capacity Modeling & Planning, Client Computing Hardware, Data Center Management, Green IT, IT Infrastructure &
Data Center Automation, Data Center Management, IT Asset Management, Operations, IT Management, IT Organization, Server Hardware, Server Management,
IT Infrastructure & Operations, IT Management, IT Organization, IT Process Automation, IT Storage & Data Management, Storage Management
Service Management, IT Services, IT Strategy, Planning, & Governance, ITIL, Infrastructure Simon Yates, Vice President, Research Director
Change Management, Infrastructure Configuration Management, Infrastructure Measurement,
Role served: Infrastructure & Operations professionals
Infrastructure Metrics, Integrated IT Management, Networking, Organizational Design & Change
Application Management, Client Computing Hardware, Client Operating Systems & Software,
Management, Server Management, Server Provisioning, Service-Level Management, Software
Client Security & Management, Computer Displays, Enterprise Laptops, Enterprise Mobile
Distribution, Systems Management
Devices, Enterprise Mobility, IT Infrastructure & Operations, Mobile Operating Systems,
Andrew Reichman, Senior Analyst Mobile Software & Platforms, PC Support, Peripheral Devices, Server-Based Computing
Role served: Infrastructure & Operations professionals
Consumer Electronics, Consumer Technology, Data Archiving, Data Protection, IT
Infrastructure & Operations, Next Generation DVDs, Storage & Data Management,
Storage Management, Storage Networking
6
AGENDA
How To Create A Lean Security Organization Applying A Maturity Model To IT Risk And
Khalid Kark, Principal Analyst, Forrester Research Compliance
Building a security team with the right set of capabilities Chris McClean, Analyst, Forrester Research
is essential for protecting your corporate assets. Most Organizations are increasingly challenged to compare the
successful CISOs have found ways to outsource tasks and maturity of their IT risk and compliance programs against
resources outside the security organization or even outside those of their peers. Budgeting, staffing, and project
the company. As security gets embedded in business processes, the resources can often hinge on these benchmarks. This session shows
structure and makeup of the security organization will change. This you how to assess your maturity by wading through the many security,
session will: risk, and GRC benchmarks and how to apply them to your business:
∙∙ Highlight the changing role and expectations of the security ∙∙ Learn the value of maturity models and peer benchmarking to
organization. help justify spending and resource levels.
∙∙ Identify the capabilities and competencies a successful security ∙∙ Review strengths and weaknesses of maturity models currently
organization requires. available to assess IT security, risk, and compliance programs.
∙∙ Discuss different organizational staffing and sourcing models and ∙∙ Apply best practices for assessing your organization’s maturity.
their advantages and disadvantages.
∙∙ Outline an approach to develop measurement and auditing PCI Unleashed: Embracing PCI As A Next-Generation
capabilities required to deal with external groups. Security Architecture
John Kindervag, Senior Analyst, Forrester Research
Elevating Security With Risk Management Techniques Credit card security is one of the biggest drivers in IT
Chris McClean, Analyst, Forrester Research today. The PCI Data Security Standard for the protection
There is still a significant gap between how businesses view of credit card data has become an area of significant
risk management and how IT views risk management. And as focus for IT organizations. This session is designed to help
internal and external pressure intensifies, IT professionals you position PCI to the CIO and other top executives to help them
will need to adopt more sophisticated risk management understand it and determine how to more effectively manage the
practices to help the business better articulate its potential risks, organization’s PCI initiative. This session will cover:
mitigation plans, and overall exposure. Attendees of this session will:
∙∙ The differences between compliance and security.
∙∙ Get an overview of risk management methodologies applicable to IT.
∙∙ How to evolve your architecture by using PCI as an enabler.
∙∙ Look at how IT professionals can better communicate with
enterprise risk management, audit, and lines of business. ∙∙ Ways to derive value from your PCI initiative.
∙∙ Understand how other companies are using risk management to ∙∙ The consequences of noncompliance.
raise the profile and perceived value of IT security efforts.
A New Identity And Access Management
Architecture To Meet Shifting Business Demands
Andras Cser, Senior Analyst, Forrester Research
Identity and access management (IAM) has been rocked
“This event was well worth two days with new architectures, products, and acquisitions. These
of my time, with interesting topics changes will definitely have an impact on your organization.
Come and learn what you need to do about it and how you
and opportunities to meet analysts can cope with shifts in IAM’s organizational ownership, options for
and other attendees.” hosted IAM, and implementations that unify management for external
and internal users. Attendees of this session will learn about:
Alan Stevens, Enterprise Architect, Standard Life ∙∙ The best organizational ownership of IAM.
2009 Security Forum Attendee ∙∙ How to architect the right mix of in-house and externally hosted
IAM services.
∙∙ Methods to protect data and manage entitlements with IAM.
∙∙ Elements of the new vendor landscape, including Oracle’s
acquisition of Sun.
9
FORRESTER’S INFRASTRUCTURE & OPERATIONS FORUM EMEA 2010
Postponed, delayed, curtailed, or outright canceled — you heard these words too often in the past 18 months. But as the global
economy recovers, your company wants to come out of the starting gate fast with new applications and new market initiatives. Is your
firm’s infrastructure ready to answer the call? Will you need to refresh network, server, or storage gear to meet the demand? Should you
consider cloud or other strategic outsourcing alternatives? Do you have the skills you need to leverage new virtualization and automation
tools? Can you finally fulfill that long-held dream of transforming the infrastructure and operations (I&O) function from an organization
based on technology silos to a true service delivery team? These are the tough questions you need to prepare for as 2010 arrives.
This year’s I&O Forum will focus on the enormous tasks of planning, prioritizing, justifying, and carefully executing the wide range of people,
process, and technology projects needed to get your firm “back in the black.” Specifically, the Forum will answer questions such as:
• How will I&O drive a fast recovery for firms by planning and prioritizing infrastructure initiatives that best align with business goals?
• How will I&O teams adapt and apply the recessionary behaviors of business case justification and financial acumen and tune
them to the new norm for communicating with business leaders?
• How will I&O assess the post-recession readiness of its infrastructure to meet current and future business needs?
Track Sessions Give You Takeaways You Can Use Immediately
Now that we are looking beyond the recession to the next period of growth and investment, IO leaders face some tough decisions
about their priorities, as not every project will come back.
• Track A: Building An I&O Technology Plan For The Post-Recession Era.
• Track B: Embracing The New Norm To Plan, Prioritize, And Execute I&O Projects.
Key Questions The Infrastructure & Operations Forum Will Answer
Attendees of the Infrastructure & Operations Forum will learn how to manage and optimize I&O people, processes, and technologies
to fuel growth and improve efficiency in the post-recession era. They will learn the answers to questions such as:
• How do I prioritize new I&O opportunities that will drive business growth and reduce the cost of operations against the backlog
of projects already on the list?
• How do I effectively plan, justify, select, and optimize critical I&O solutions over the next five years?
• What impact will these technology investments have on people, skills, and the process of running I&O teams?
• How do I accelerate the transformation of I&O from an organization led by technology silos to one that emphasizes service delivery?
Who Should Attend?
Forrester’s Infrastructure & Operations Forum EMEA 2010 will examine crucial ways to make I&O organizations successful and well
aligned with business objectives. This year’s theme, “Back In Black: Planning And Executing Your Post-Recession Initiatives” addresses
issues relevant to all technology professionals, but its content will focus most closely on these roles:
• Infrastructure & Operations professionals.
• Enterprise Architecture professionals.
• Sourcing & Vendor Management Professionals focusing on infrastructure issues.
• CIOs.
• IT professionals involved in consolidation and virtualization projects, automating IT processes, building business continuity plans,
and hiring and training the next generation of I&O professionals.
10 www.forrester.com/infrastructure2010emea
11
VENUE & SPONSORS
Guoman Tower
St Katharine's Way, London E1W 1LD, UK
Phone: +44 845 305 8335
http://www.guoman.com
The Tower is a uniquely calm and tranquil place to stay in. Inspired by the slow roll
of the Thames just outside, this four-star London hotel provides a feeling of serenity
and peace, away from the bustle of London and the city. The hotel offers a range of
bedrooms, suites, and apartments.
For details of accommodation at the Guoman Towers or other hotels in the area, please go to:
Forum Venue www.forrester.com/security2010emea and select the “Venue” tab
For a complete list of all upcoming Forrester Forums, including Workshops, please visit www.forrester.com/events.
Sponsors
Sponsors
Be Visible. Create Excitement. Generate New Business.
Sponsor A Forrester Event
Sponsors of the co-located Security Forum EMEA 2010 and Infrastructure & Operations Forum EMEA 2010 are:
For sponsorship information, please contact us at: sponsorshipsEMEA@forrester.com or call the event sponsorship lines on +31 (0)20 305 4351 (4337)
Forrester Blog
Join the conversation on The Forrester Blog For Security & Risk Professionals: http://blogs.forrester.com/srm.