Choosing a Replacement for Incumbent One-Time Password Tokens
|
|
- Eunice Hodges
- 8 years ago
- Views:
Transcription
1 Research Publication Date: 21 April 2011 ID Number: G Choosing a Replacement for Incumbent One-Time Password Tokens Ant Allan This research outlines the options for enterprises seeking replacements for incumbent one-time password (OTP) hardware token deployments, along with guidance on how to choose among alternatives. Authentication is fundamental to trust relationships, so it's vital that enterprises make properly informed choices. Key Findings OTP hardware tokens are still widely regarded as the standard authentication method in workforce remote access and other use cases, but they can be expensive and offer poor user experience (UX). OTP hardware tokens are not well-suited to use with smartphones and other mobile devices, the use of which are rapidly increasing for access to enterprise systems, banking, e-commerce and so on. The recent breach at RSA, The Security Division of EMC, has raised concern about the robustness of RSA SecurID (the market-leading OTP hardware token) in particular, and of other OTP hardware tokens in general. Recommendations When choosing a replacement authentication method, apply the same criteria that you would when choosing a new authentication method from scratch: Consider the level of assurance (and accountability), the total cost of ownership (TCO) and UX. Review your needs critically: Don't assume they're unchanged from when you decided to deploy OTP hardware tokens in the first place. Remember that all authentication methods can be broken or bypassed, so don't neglect security monitoring, fraud detection and other layered controls Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner's prior written permission. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner's research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner's Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see "Guiding Principles on Independence and Objectivity" on its website,
2 ANALYSIS Many enterprises have deployed OTP hardware tokens, typically for workforce remote access and external user access. However, enterprises are increasingly sensitive to the cost of this authentication method and the relatively poor UX, especially when used for mobile access. Also, recent events have raised concerns about the robustness of the market-leading product, RSA SecurID. Thus, some enterprises are critically reviewing their deployments. What alternatives are available to such enterprises? How can an enterprise choose among them? This research provides guidance on these choices. Why Is Your Enterprise Considering an OTP Hardware Token Replacement? Gartner has clients asking about OTP hardware token replacements for the following reasons: The Current Tokens Need Replacing Every Three to Five Years, at Significant Cost. Some vendors offer tokens with a limited lifetime, or three to five years, while other vendors offer tokens without user-replaceable batteries, so the tokens stop working (unpredictably) when the batteries expire. The Current Tokens Are Too Expensive to Issue to Large Numbers of New Users. This arises particularly when remote access is being extended to a larger part of the workforce, or when high-value systems are being rolled out to external users (business or consumer). The Current Tokens Provide Poor UX. This is a particular concern for enterprises with users who have an elective relationship with the enterprise, and who might take their business elsewhere if they find tokens too much trouble, compared with what competitors are using (see "Good Authentication Choices for External User Access"). Increasingly, Gartner also sees push-back from workforce users accessing corporate systems from smartphones (even when they've tolerated using tokens for access from PCs), partly because of the inconvenience of juggling two handheld devices, and partly because UX expectations are higher on smartphones than on PCs. However, it should be noted that most of the options have no better or worse UX, or they demand a trade-off in assurance level (AL). Proven options with high AL and good UX have yet to emerge. The Current Tokens May Provide Less Assurance Than Originally Thought. This was prompted by a recent attack on RSA, The Security Division of EMC (see "RSA SecurID Compromise Is of Concern, but Likely Not a Fatal Flaw"). Clearly, RSA SecurID is the focus of most clients, but some have expressed concerns about similar attacks compromising other vendors' OTP hardware tokens. Although this is possible, it depends on the details of the vendor's technical implementation. For existing RSA SecurID customers, it is likely much faster and cheaper for an enterprise to distribute replacement RSA SecurID tokens those shipped since the attack was announced are not compromised than it is to migrate to a new solution. We understand that some RSA Publication Date: 21 April 2011/ID Number: G Page 2 of 11
3 SecurID customers already have received replacement tokens, although we don't know under what terms. However, what the attack has highlighted is the need for robust management practices to protect the integrity of the authentication infrastructure (including backups and other mirrors of user identity information and credentials), for good user and administrator behaviors, and, in particular, for active monitoring of user behavior. No authentication method is fail-safe, and good monitoring is essential to avoid fraud and other misuse (see "Where Strong Authentication Fails and What You Can Do About It" and "Discover Data Breaches With Security Monitoring and Fraud Detection Technologies"). What Alternatives to Its Existing OTP Hardware Tokens Can Your Enterprise Consider? An enterprise might consider the options shown in Figure 1, Figure 2, Figure 3 and Figure 4, which are, roughly, in order of increasing difference from the current "baseline" method, which is assumed to be an OTP hardware token with a display, but no PINpad this is the most common type. (With this kind of token, a PIN or password is sent across the Internet along with the generated OTP, exposing the PIN or password to a variety of PC-based and network-based attacks.) In each figure, the "Driver" column indicates which goal is most likely to prompt the consideration of this method: higher AL (or higher accountability), lower TCO or better UX. The "AL," "TCO" and "UX" columns show how each method compares against the baseline method (see the "Which Provides the Bigger Potential Cost Savings: Changing Method or Changing Vendor?" section of this research). Publication Date: 21 April 2011/ID Number: G Page 3 of 11
4 Figure 1. Other OTP Tokens Publication Date: 21 April 2011/ID Number: G Page 4 of 11
5 Figure 2. Phone-Based Authentication Methods Phone-based authentication is now more popular than OTP hardware tokens in new deployments (see "Predicts 2011: Identity and Access Management Continues Its Evolution Toward a Strategic Discipline"). However, when the user is using a smartphone to access enterprise systems, the level of assurance is lower because there is no longer a discrete physical token (thus, it's equivalent to using a PC OTP software token for access from a PC; see Figure 1). Publication Date: 21 April 2011/ID Number: G Page 5 of 11
6 Figure 3. Other Tokens Publication Date: 21 April 2011/ID Number: G Page 6 of 11
7 Figure 4. Biometric Authentication Methods and Knowledge-Based Authentication Methods Note that other biometric technologies such as voice and face topography might be considered and can suit multiple use cases, but are far less proven in the market. The choice needn't be "all or nothing": Several authentication vendors nearly all the major ones offer an infrastructure (an on-premises appliance or server software, or a cloud-based service) that supports multiple authentication methods for different users in different use cases. So, for example, an enterprise might retain OTP hardware tokens for some users (such as those with time-critical, higher-risk access), while migrating to out-of-band (OOB) authentication for Publication Date: 21 April 2011/ID Number: G Page 7 of 11
8 others (such as those with an occasional need for lower-risk access). Talk to your OTP hardware token vendor to see what alternatives it can support in parallel. Which Provides the Bigger Potential Cost Savings: Changing Method or Changing Vendor? The "TCO" column in Figure 1, Figure 2, Figure 3 and Figure 4 is based on average costs across all vendors. So, a downward arrow indicates an alternative method that has typically lower TCO than OTP hardware tokens across all vendors very often with a lower licensing cost; however, similar (or even higher) licensing costs can be offset by lower overheads (see "Gartner Authentication Method Evaluation Scorecards, 2011: Total Cost of Ownership"). Thus, an enterprise can generally achieve cost savings by switching to a "low cost" alternative from the same vendor (if it offers that option, of course), although some vendors may have anomalous pricing. However, given the wide range of prices for different methods from different vendors (see "How Much Is That Token in the Window? What You Should Expect to Pay for New Authentication Methods"), it is possible to make a bigger cost savings by migrating to OTP hardware tokens from another vendor than by migrating to a "lower cost" alternative from the incumbent vendor. The biggest cost savings can be achieved by migrating to a "lower cost" alternative from a "lower cost" vendor, of course but the enterprise must ensure that this still meets its needs (see the next two sections). Other cost savings may be possible by changing the delivery method for example, by moving from on-premises server software to a cloud-based service. What Should You Consider When Choosing Among These Different Options? When choosing a replacement authentication method, it shouldn't be assumed that the existing OTP hardware tokens are the best fit for your enterprise's current needs. Many decisions to use OTP hardware tokens were made when fewer options were available. Furthermore, the situation may have changed along multiple dimensions: the kinds of systems accessed, the threat landscape, and users' wants and needs (especially with regard to their endpoint device preferences not just mobile devices, but also "bring your own PC to work" initiatives). It may be useful to revisit the basis for the original decision, but interactions with Gartner clients and vendors' reference customers suggest that these were not always well-documented, or the documents were not retained. In any case, you should consider your current needs as if you were choosing a new method from scratch. The choice of any authentication method is determined by: The required level of assurance and accountability, determined by the level of risk and the need for nonrepudiation in each use case. TCO, limited by what can be justified by the enterprise's available budget. What can be justified is, in turn, determined by the level of risk. UX, determined by users' wants and needs. External users may be particularly sensitive to poor UX (we know that banks have lost a small percentage of customers because of this), but poor UX can drive behavior that compromises security: Users may, for example, take steps to make the method easier to use for example, by writing a token's PIN on a sticky label on the token. Publication Date: 21 April 2011/ID Number: G Page 8 of 11
9 Other needs or constraints: For example, if there is a need to support digital signature or endpoint encryption, or a desire to adopt a common access card, then a smart card with public-key infrastructure (PKI) credentials might be preferred. This general approach is set out in "How to Choose New Authentication Methods." The following research discusses the strengths and limitations of candidate authentication methods in different sets of use cases: "Good Authentication Choices for Workforce Local Access" "Good Authentication Choices for External User Access" "Good Authentication Choices for Workforce Remote Access" What Influences Your Decision to Move to a Different Authentication Vendor? An enterprise should evaluate the following when considering changing an authentication vendor: Do you have enough time to migrate to the new solution? Many enterprises consider migrating to a new method or vendor within months of the contract renewal date. This may not be enough time to research, select, negotiate contracts for and implement an alternative solution. Implementing smart cards with PKI credentials, for example, can be particularly time consuming, especially if an organization also wishes to integrate building access systems (that is, a common access card approach), and can push out the replacement of OTP hardware tokens by 12 months. The time available should not dictate the enterprise's choice, so enterprises should look at least a year ahead when making such a decision under normal circumstances. Can the new vendor's offering support all the platforms that the incumbent vendor's does? Most OTP hardware tokens are deployed to support workforce remote access and external user access; thus, most vendors' offerings will support these use cases and can be easily integrated with most Secure Sockets Layer and IPsec VPNs, and also with many Web and application servers. However, for some instances of workforce local access such as users' PC and network logins and administrators' server logins where one vendor's OTP hardware tokens are used, it may be harder to find an alternative. (It should be easy to migrate to another method from the same vendor, which typically doesn't involve a change in the authentication infrastructure, of course.) Does the new vendor offer alternative delivery options? To date, most enterprise OTP hardware token deployments are based on on-premises server software, although more recent ones may have already taken advantage of alternative delivery options, such as on-premises hardware appliances or cloud-based managed authentication services. Rack-mounted hardware appliances are popular among some enterprises across a range of security products because they provide a more robust platform, in addition to potential TCO savings. Cloud-based services have been taken up mainly by small and midsize businesses, and, among enterprises, mainly by government and higher education vertical industries. However, as enterprises gain confidence in moving a variety of applications to the cloud, we expect to see increasing interest in this delivery option. In particular, it seems to offer the easiest way to implement new authentication methods for access to applications in the cloud. Publication Date: 21 April 2011/ID Number: G Page 9 of 11
10 What are the "rip and replace" costs? Migration costs are likely higher than the cost of implementing a new authentication method from scratch, because of the overheads of managing the transition and the costs of decommissioning the old infrastructure. Even if the replacement is similar, there may be sufficient differences to prompt many user calls to the help desk. Retraining administrators may be harder than training them in the first place, because of the cost of "unlearning" the old ways of managing the system. These costs might be offset by a reduction in licensing costs, compared with a first-time implementation, because a new vendor may offer a "competitive upgrade." Can existing tokens continue to be used until they expire? Many enterprises will be reluctant to throw away usable tokens. A vendor may be able to support existing tokens on its own infrastructure. This is typically true where existing tokens are compliant with the Initiative for Open Authentication (OATH) specifications. In addition, some vendors can also support proprietary tokens, typically RSA SecurID. Alternatively, a vendor may be able to run in parallel with the incumbent infrastructure for as long as necessary, acting as a proxy to the old authentication server for users who are identified as "old token" users. Additional analysis and review by Mark Diodati. RECOMMENDED READING Some documents may not be available as part of your current Gartner subscription. "How to Choose New Authentication Methods" "Good Authentication Choices for Workforce Local Access" "Good Authentication Choices for External User Access" "Good Authentication Choices for Workforce Remote Access" "Where Strong Authentication Fails and What You Can Do About It" "Q&A: Phone-Based Authentication Methods" "Q&A: Biometric Authentication Methods" "Q&A: Smart Tokens and Common Access Cards" "Gartner Authentication Method Evaluation Scorecards, 2011: Overview" "Gartner Authentication Method Evaluation Scorecards, 2011: Total Cost of Ownership" "How Much Is That Token in the Window? What You Should Expect to Pay for New Authentication Methods" Publication Date: 21 April 2011/ID Number: G Page 10 of 11
11 REGIONAL HEADQUARTERS Corporate Headquarters 56 Top Gallant Road Stamford, CT U.S.A European Headquarters Tamesis The Glanty Egham Surrey, TW20 9AW UNITED KINGDOM Asia/Pacific Headquarters Gartner Australasia Pty. Ltd. Level 9, 141 Walker Street North Sydney New South Wales 2060 AUSTRALIA Japan Headquarters Gartner Japan Ltd. Aobadai Hills, 6F 7-7, Aobadai, 4-chome Meguro-ku, Tokyo JAPAN Latin America Headquarters Gartner do Brazil Av. das Nações Unidas, andar World Trade Center São Paulo SP BRAZIL Publication Date: 21 April 2011/ID Number: G Page 11 of 11
X.509 Certificate Management: Avoiding Downtime and Brand Damage
G00226426 X.509 Certificate Management: Avoiding Downtime and Brand Damage Published: 4 November 2011 Analyst(s): Eric Ouellet, Vic Wheatman Organizations are often not aware of the scope or the validity
More informationEmerging PC Life Cycle Configuration Management Vendors
Research Publication Date: 20 January 2011 ID Number: G00209766 Emerging PC Life Cycle Configuration Management Vendors Terrence Cosgrove Although the PC configuration life cycle management (PCCLM) market
More informationCost Optimization: Three Steps to Saving Money on Maintenance and Support for Network Security Products
Research Publication Date: 10 December 2008 ID Number: G00163195 Cost Optimization: Three Steps to Saving Money on Maintenance and Support for Network Security Products Lawrence Orans, Greg Young Most
More informationResearch Agenda and Key Issues for Converged Infrastructure, 2006
Research Publication Date: 20 July 2006 ID Number: G00141507 Research Agenda and Key Issues for Converged Infrastructure, 2006 Sylvain Fabre Gartner's research will cover fixed-mobile convergence, the
More informationManaging IT Risks During Cost-Cutting Periods
Research Publication Date: 22 October 2008 ID Number: G00162359 Managing IT Risks During Cost-Cutting Periods Mark Nicolett, Paul E. Proctor, French Caldwell To provide visibility into increased risks
More informationToolkit: Reduce Dependence on Desk-Side Support Technicians
Gartner for IT Leaders Publication Date: 23 April 2007 ID Number: G00147075 Toolkit: Reduce Dependence on Desk-Side Support Technicians David M. Coyle, Terrence Cosgrove The IT service desk and PC life
More informationIn the North American E-Signature Market, SaaS Offerings Are Increasingly in Demand
Research Publication Date: 18 August 2011 ID Number: G00215378 In the North American E-Signature Market, SaaS Offerings Are Increasingly in Demand Gregg Kreizman Enterprises are becoming increasing comfortable
More informationKey Issues for Identity and Access Management, 2008
Research Publication Date: 7 April 2008 ID Number: G00157012 for Identity and Access Management, 2008 Ant Allan, Earl Perkins, Perry Carpenter, Ray Wagner Gartner identity and access management research
More informationOrganizations Should Implement Web Application Security Scanning
Research Publication Date: 21 September 2005 ID Number: G00130869 Organizations Should Implement Web Application Security Scanning Amrit T. Williams, Neil MacDonald Web applications are prone to vulnerabilities
More informationVendor Focus for IBM Global Services: Consulting Services for Cloud Computing
Research Publication Date: 22 February 2010 ID Number: G00174046 Vendor Focus for IBM Global Services: Consulting Services for Cloud Computing Susan Tan Amid the hype and buzz of cloud computing are very
More informationCloud E-Mail Decision-Making Criteria for Educational Organizations
Research Publication Date: 10 June 2011 ID Number: G00213675 Cloud E-Mail Decision-Making Criteria for Educational Organizations Matthew W. Cain Educational organizations sometimes struggle to choose between
More informationCloud IaaS: Service-Level Agreements
G00210096 Cloud IaaS: Service-Level Agreements Published: 7 March 2011 Analyst(s): Lydia Leong Cloud infrastructure-as-a-service (IaaS) providers typically offer SLAs that cover the various elements of
More informationQ&A: How Can ERP Recurring Costs Be Contained?
Research Publication Date: 18 December 2008 ID Number: G00163030 Q&A: How Can ERP Recurring Costs Be Contained? Peter Wesche Driven by increased pressure for cost containment, attendees at the 2008 Financial
More informationThe Lack of a CRM Strategy Will Hinder Health Insurer Growth
Industry Research Publication Date: 15 October 2008 ID Number: G00162107 The Lack of a CRM Strategy Will Hinder Health Insurer Growth Joanne Galimi The Gartner 2008 healthcare payer application survey
More informationResearch. Key Issues for Software as a Service, 2009
Research Publication Date: 6 February 2009 ID Number: G00164873 Key Issues for Software as a Service, 2009 Robert P. Desisto, Ben Pring As organizations' capital budgets dry up, clients evaluating SaaS
More informationGartner's View on 'Bring Your Own' in Client Computing
G00217298 Gartner's View on 'Bring Your Own' in Client Computing Published: 20 October 2011 Analyst(s): Leif-Olof Wallin Here, we bring together recently published research covering the hot topic of supporting
More informationThe Value of Integrating Configuration Management Databases With Enterprise Architecture Tools
Research Publication Date: 13 January 2011 ID Number: G00210132 The Value of Integrating Configuration Management Databases With Enterprise Architecture Tools Ronni J. Colville, Patricia Adams As configuration
More informationQ&A: The Many Aspects of Private Cloud Computing
Research Publication Date: 22 October 2009 ID Number: G00171807 Q&A: The Many Aspects of Private Cloud Computing Thomas J. Bittman Cloud computing is at the Peak of Inflated Expectations on the Gartner
More informationOrganizations Must Employ Effective Data Security Strategies
Research Publication Date: 30 August 2005 ID Number: G00123639 Organizations Must Employ Effective Data Security Strategies Rich Mogull Organizations can best protect data through a hierarchical data security
More informationThe Current State of Agile Method Adoption
Research Publication Date: 12 December 2008 ID Number: G00163591 The Current State of Agile Method Adoption David Norton As the pace of agile adoption increases, development organizations must understand
More informationResponsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users
Research Publication Date: 17 October 2006 ID Number: G00144061 Responsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users Amrit T. Williams, John Pescatore, Paul E. Proctor
More informationBest Practices for Confirming Software Inventories in Software Asset Management
Research Publication Date: 24 August 2009 ID Number: G00167067 Best Practices for Confirming Software Inventories in Software Asset Management Peter Wesche, Jane B. Disbrow This research discusses the
More informationThe What, Why and When of Cloud Computing
Research Publication Date: 4 June 2009 ID Number: G00168582 The What, Why and When of Cloud Computing David Mitchell Smith, Daryl C. Plummer, David W. Cearley Cloud computing continues to gain visibility.
More informationPrivate Cloud Computing: An Essential Overview
Research Publication Date: 23 November 2010 ID Number: G00209000 Private Cloud Computing: An Essential Overview Thomas J. Bittman Private cloud computing requires strong leadership and a strategic plan
More informationClients That Don't Segment Their Network Infrastructure Will Have Higher Costs and Increased Vendor Lock-in
Research Publication Date: 15 March 2011 ID Number: G00210952 Clients That Don't Segment Their Network Infrastructure Will Have Higher Costs and Increased Vendor Lock-in Tim Zimmerman Enterprises must
More informationCase Study: New South Wales State Department of Education Adopts Gmail for 1.2 Million Students
Industry Research Publication Date: 26 January 2010 ID Number: G00172722 Case Study: New South Wales State Department of Education Adopts Gmail for 1.2 Million Students Steve Bittinger Australia's New
More informationNAC Strategies for Supporting BYOD Environments
G00226204 NAC Strategies for Supporting BYOD Environments Published: 22 December 2011 Analyst(s): Lawrence Orans, John Pescatore Network access control (NAC) will be a key element in a flexible approach
More informationThe IT Service Desk Market Is Ready for SaaS
Research Publication Date: 17 April 2009 ID Number: G00166526 The IT Service Desk Market Is Ready for SaaS David M. Coyle The IT service desk market is well-positioned to use the software-as-a-service
More informationEmbrace Virtual Assistants as Part of a Holistic Web Customer Service Strategy
Research Publication Date: 19 August 2010 ID Number: G00205618 Embrace Virtual Assistants as Part of a Holistic Web Customer Service Strategy Johan Jacobs Customers are insisting on multiple methods to
More informationBusiness Intelligence Platform Usage and Quality Dynamics, 2008
Research Publication Date: 2 July 2008 ID Number: G00159043 Business Intelligence Platform Usage and Quality Dynamics, 2008 James Richardson This report gives results from a survey of attendees at Gartner's
More informationFor cloud services to deliver their promised value, they must be underpinned by effective and efficient processes.
Research Publication Date: 15 October 2010 ID Number: G00208009 ITIL 'in the Cloud' George Spafford, Ed Holub The cloud-computing delivery model is generating a lot of interest from organizations wishing
More informationIntegrated Marketing Management Aligns Executional, Operational and Analytical Processes in a Closed-Loop Process
Research Publication Date: 26 October 2010 ID Number: G00207031 Integrated Marketing Management Aligns Executional, Operational and Analytical Processes in a Closed-Loop Process Kimberly Collins This research
More informationIT asset management (ITAM) will proliferate in midsize and large companies.
Research Publication Date: 2 October 2008 ID Number: G00161024 Trends on Better IT Asset Management Peter Wesche New exiting trends will lead to a higher adoption of asset management methodologies. Tighter
More informationIT Operational Considerations for Cloud Computing
Research Publication Date: 13 June 2008 ID Number: G00157184 IT Operational Considerations for Cloud Computing Donna Scott Cloud computing market offerings increase the options available to source IT services.
More information2010 FEI Technology Study: CPM and BI Show Improvement From 2009
Research Publication Date: 22 March 2010 ID Number: G00175233 2010 FEI Technology Study: CPM and BI Show Improvement From 2009 John E. Van Decker Many organizations recognize that current financial management
More informationEight Critical Forces Shape Enterprise Data Center Strategies
Research Publication Date: 8 February 2007 ID Number: G00144650 Eight Critical Forces Shape Enterprise Data Center Strategies Rakesh Kumar Through 2017, infrastructure and operations managers, architects
More informationSolution Path: Threats and Vulnerabilities
Solution Path: Threats and Vulnerabilities Published: 24 January 2012 Burton IT1 Research G00226331 Analyst(s): Dan Blum This solution path helps Gartner clients develop a strategy and program for managing
More informationModify Your Storage Backup Plan to Improve Data Management and Reduce Cost
G00238815 Modify Your Storage Backup Plan to Improve Data Management and Reduce Cost Published: 4 October 2012 Analyst(s): Dave Russell IT leaders and storage managers must rethink their backup procedures
More informationDeliver Process-Driven Business Intelligence With a Balanced BI Platform
Research Publication Date: 12 April 2006 ID Number: G00139377 Deliver Process-Driven Business Intelligence With a Balanced BI Platform Kurt Schlegel To enable process-driven business intelligence, IT organizations
More informationWhen to Use Custom, Proprietary, Open-Source or Community Source Software in the Cloud
Industry Research Publication Date: 3 May 2010 ID Number: G00175030 When to Use Custom, Proprietary, Open-Source or Community Source Software in the Cloud Massimiliano Claps, Andrea Di Maio Cloud computing
More informationCloud, SaaS, Hosting and Other Off-Premises Computing Models
Research Publication Date: 8 July 2008 ID Number: G00159042 Cloud, SaaS, Hosting and Other Off-Premises Computing Models Yefim V. Natis, Nicholas Gall, David W. Cearley, Lydia Leong, Robert P. Desisto,
More informationBEA Customers Should Seek Contractual Protections Before Acquisition by Oracle
Research Publication Date: 15 February 2008 ID Number: G00155026 BEA Customers Should Seek Contractual Protections Before Acquisition by Oracle Peter Wesche, Jane B. Disbrow Oracle has announced an agreement
More informationCloud IaaS: Security Considerations
G00210095 Cloud IaaS: Security Considerations Published: 7 March 2011 Analyst(s): Lydia Leong, Neil MacDonald Ensuring adherence to your organization's security and compliance requirements is one of the
More informationBackup and Disaster Recovery Modernization Is No Longer a Luxury, but a Business Necessity
Research Publication Date: 11 August 2011 ID Number: G00215300 Backup and Disaster Recovery Modernization Is No Longer a Luxury, but a Business Necessity John P Morency, Donna Scott, Dave Russell For the
More informationThe Electronic Signature Market Is Poised to Take Off
G00234939 The Electronic Signature Market Is Poised to Take Off Published: 21 May 2012 Analyst(s): Gregg Kreizman Growth in the e-signature market is becoming viral, and there are significant benefits
More informationMicrosoft's Cloud Vision Reaches for the Stars but Is Grounded in Reality
Research Publication Date: 4 November 2008 ID Number: G00162793 Microsoft's Cloud Vision Reaches for the Stars but Is Grounded in Reality David Mitchell Smith, Neil MacDonald At Professional Developers
More informationIron Mountain's acquisition of Mimosa Systems addresses concerns from prospective customers who had questions about Mimosa's long-term viability.
Research Publication Date: 22 March 2010 ID Number: G00175194 Iron Mountain Acquires Mimosa Systems Sheila Childs, Kenneth Chin, Adam W. Couture Iron Mountain offers a portfolio of solutions for cloud-based
More informationData in the Cloud: The Changing Nature of Managing Data Delivery
Research Publication Date: 1 March 2011 ID Number: G00210129 Data in the Cloud: The Changing Nature of Managing Data Delivery Eric Thoo Extendible data integration strategies and capabilities will play
More informationNow Is the Time for Security at the Application Level
Research Publication Date: 1 December 2005 ID Number: G00127407 Now Is the Time for Security at the Application Level Theresa Lanowitz Applications must be available, useful, reliable, scalable and, now
More informationRepurposing Old PCs as Thin Clients as a Way to Save Money
Research Publication Date: 30 March 2009 ID Number: G00166341 Repurposing Old PCs as Thin Clients as a Way to Save Money Mark A. Margevicius, Stephen Kleynhans Tough economic times are forcing customers
More informationUnderstanding Vulnerability Management Life Cycle Functions
Research Publication Date: 24 January 2011 ID Number: G00210104 Understanding Vulnerability Management Life Cycle Functions Mark Nicolett We provide guidance on the elements of an effective vulnerability
More informationThe EA process and an ITG process should be closely linked, and both efforts should leverage the work and results of the other.
Research Publication Date: 4 April 2008 ID Number: G00155260 Integrate EA and IT Governance s Betsy Burton, R. Scott Bittler, Cassio Dreyfuss In many organizations, we find that IT governance (ITG) initiatives
More informationThe Hype Around an Integrated Talent Management Suite Outpaces Customer Adoption
Research Publication Date: 3 February 2009 ID Number: G00164356 The Hype Around an Integrated Talent Management Suite Outpaces Customer Adoption James Holincheck Gartner surveyed 123 customer references
More informationKey Issues for Data Management and Integration, 2006
Research Publication Date: 30 March 2006 ID Number: G00138812 Key Issues for Data Management and Integration, 2006 Ted Friedman The effective management and leverage of data represent the greatest opportunity
More informationDiscovering the Value of Unified Communications
Research Publication Date: 12 February 2007 ID Number: G00144673 Discovering the Value of Unified Communications Bern Elliot, Steve Cramoysan Unified communications represent a broad range of new solutions
More informationAdditional Tools for a World-Class ERP Infrastructure
G00219770 Additional Tools for a World-Class ERP Infrastructure Published: 28 October 2011 Analyst(s): Pat Phelan, Derek Prior This research provides a guide to the infrastructure elements that are needed
More informationStrategic Road Map for Network Access Control
G00219087 Strategic Road Map for Network Access Control Published: 11 October 2011 Analyst(s): Lawrence Orans, John Pescatore Long derided as an overhyped concept, network access control (NAC) has emerged
More informationEnergy savings from well-managed data centers can reduce operating expenses by as much as 20%.
Research Publication Date: 29 March 2010 ID Number: G00174769 DCIM: Going Beyond IT David J. Cappuccio Infrastructure and operations (I&O) leaders must now go beyond performance management of IT equipment
More informationIT Architecture Is Not Enterprise Architecture
Research Publication Date: 17 November 2010 ID Number: G00206910 IT Architecture Is Not Enterprise Architecture Bruce Robertson Many enterprise architecture (EA) teams and their stakeholders still use
More informationCase Study: A K-12 Portal Project at the Miami-Dade County Public Schools
Industry Research Publication Date: 31 December 2007 ID Number: G00154138 Case Study: A K-12 Portal Project at the Miami-Dade County Public Schools Bill Rust The Miami-Dade County Public Schools a school
More informationTactical Guideline: Minimizing Risk in E-Mail Hosting Relationships
Research Publication Date: 26 February 2008 ID Number: G00154838 Tactical Guideline: Minimizing Risk in E-Mail Hosting Relationships Matthew W. Cain This report discusses the often hidden risks in moving
More informationAgenda for Supply Chain Strategy and Enablers, 2012
G00230659 Agenda for Supply Chain Strategy and Enablers, 2012 Published: 23 February 2012 Analyst(s): Michael Dominy, Dana Stiffler When supply chain executives establish the right strategies and enabling
More informationNGFWs will be most effective when working in conjunction with other layers of security controls.
Research Publication Date: 12 October 2009 ID Number: G00171540 Defining the Next-Generation Firewall John Pescatore, Greg Young Firewalls need to evolve to be more proactive in blocking new threats, such
More informationUser Survey Analysis: Usage Plans for SaaS Application Software, France, Germany and the U.K., 2009
Dataquest Publication Date: 23 February 2009 ID Number: G00165376 User Survey Analysis: Usage Plans for SaaS Application Software, France, Germany and the U.K., 2009 Chris Pang Gartner surveyed nearly
More informationData Center Consolidation Projects: Benefits and Pitfalls
Research Publication Date: 2 May 2011 ID Number: G00212148 Data Center Consolidation Projects: Benefits and Pitfalls David J. Cappuccio This research outlines the primary success factors in consolidation
More informationUse Heterogeneous Storage Virtualization as a Bridge to the Cloud
G00214958 Use Heterogeneous Storage Virtualization as a Bridge to the Cloud Published: 12 August 2011 Analyst(s): Gene Ruth Data center operators who are interested in private cloud storage technologies
More informationEstablishing a Strategy for Database Security Is No Longer Optional
Establishing a Strategy for Database Security Is No Longer Optional Published: 29 November 2011 G00226793 Analyst(s): Jeffrey Wheatman The options for securing increasingly valuable databases are very
More informationIAM can utilize SIEM event data to drive user and role life cycle management and automate remediation of exception conditions.
Research Publication Date: 1 September 2009 ID Number: G00161012 SIEM and IAM Technology Integration Mark Nicolett, Earl Perkins Integration of identity and access management (IAM) and security information
More information2009 FEI Technology Study: CPM and BI Pose Challenges and Opportunities
Research Publication Date: 23 July 2009 ID Number: G00168896 2009 FEI Technology Study: CPM and BI Pose Challenges and Opportunities John E. Van Decker Many organizations recognize that existing financial
More informationThe Next Generation of Functionality for Marketing Resource Management
G00212759 The Next Generation of Functionality for Marketing Resource Management Published: 11 May 2011 Analyst(s): Kimberly Collins This research defines the next generation of marketing resource management
More informationThe Six Triggers for Using Data Center Infrastructure Management Tools
G00230904 The Six Triggers for Using Data Center Infrastructure Management Tools Published: 29 February 2012 Analyst(s): Rakesh Kumar This research outlines the six main triggers for users to start using
More informationIT Cost Savings With Information Governance
G00232238 IT Cost Savings With Information Governance Published: 17 April 2012 Analyst(s): Debra Logan By systematically eliminating redundant information, Cisco has retired multiple legacy systems, eliminated
More informationKey Issues for Consumer Goods Manufacturers, 2011
Industry Research Publication Date: 1 March 2011 ID Number: G00210698 Key Issues for Consumer Goods Manufacturers, 2011 Don Scheibenreif, Dale Hagemeyer Gartner's 2011 consumer goods manufacturing research
More informationEHR Advantages and Disadvantages
Industry Research Publication Date: 3 February 2010 ID Number: G00174011 The Limits of Certification and Guarantees in Buying Electronic Health Records in the U.S. Wes Rishel It is important not to rely
More informationKnowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets
Research Publication Date: 31 July 2009 ID Number: G00169664 Knowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets Regina Casonato This research
More informationGartner Clarifies the Definition of the Term 'Enterprise Architecture'
Research Publication Date: 12 August 2008 ID Number: G00156559 Gartner Clarifies the Definition of the Term 'Enterprise Architecture' Anne Lapkin, Philip Allega, Brian Burke, Betsy Burton, R. Scott Bittler,
More informationReal-Time Decisions Need Corporate Performance Management
Research Publication Date: 26 April 2004 ID Number: COM-22-3674 Real-Time Decisions Need Corporate Performance Management Frank Buytendijk, Brian Wood, Mark Raskino The real-time enterprise model depends
More informationData Center Redesign Yields an 80%-Plus Reduction in Energy Usage
Research Publication Date: 10 August 2011 ID Number: G00213049 Data Center Redesign Yields an 80%-Plus Reduction in Energy Usage Jay E. Pultz The National Renewable Energy Laboratory's (NREL's) data center
More informationRecognize the Importance of Digital Marketing
Recognize the Importance of Digital Marketing Laura McLellan, Lead Author Laura McLellan, Laura McLellan serves CMOs and other marketing executives, sharing how digital strategies are being integrated
More informationThe Five Competencies of MRM 'Re-' Defined
Research Publication Date: 14 March 2008 ID Number: G00155835 The Five Competencies of MRM 'Re-' Defined Kimberly Collins This research details the five key competencies of marketing resource management
More informationInvest in an analysis of current metrics and those missing, and develop a plan for continuous management and improvement.
Research Publication Date: 29 April 2008 ID Number: G00154802 Key Metrics for IT Service and Support David M. Coyle, Kris Brittain To evaluate IT service and support performance, senior management must
More informationCDOs Should Use IT Governance and Risk Compliance Management to Advance Compliance
Industry Research Publication Date: 1 May 2008 ID Number: G00156708 CDOs Should Use IT Governance and Risk Compliance Management to Advance Compliance Barry Runyon Care delivery organizations (CDOs) are
More informationPredicts 2008: The Market for Servers and Operating Systems Continues to Evolve
Research Publication Date: 6 December 2007 ID Number: G00152575 Predicts 2008: The Market for Servers and Operating Systems Continues to Evolve John Enck, Philip Dawson, George J. Weiss, Rakesh Kumar,
More informationCase Study: Innovation Squared: The Department for Work and Pensions Turns Innovation Into a Game
Research Publication Date: 23 November 2010 ID Number: G00208615 Case Study: Innovation Squared: The Department for Work and Pensions Turns Innovation Into a Game Brian Burke, Mary Mesaglio The U.K.'s
More informationHow Eneco's Enterprisewide BI and Performance Management Initiative Delivered Significant Business Benefits
Research Publication Date: 13 June 2008 ID Number: G00158605 How Eneco's Enterprisewide BI and Performance Management Initiative Delivered Significant Business Benefits Nigel Rayner Eneco was faced with
More informationE-Mail Is a Commodity and Other Fairy Tales
G00210585 E-Mail Is a Commodity and Other Fairy Tales Published: 9 February 2011 Analyst(s): Matthew W. Cain A deep understanding of the operational, architectural, policy and feature requirements of an
More informationMicrosoft and Google Jostle Over Cloud-Based E-Mail and Collaboration
Research Publication Date: 24 March 2008 ID Number: G00156216 Microsoft and Google Jostle Over Cloud-Based E-Mail and Collaboration Tom Austin Both Google and Microsoft come up short in terms of delivering
More informationTransactional HR self-service applications typically get implemented first because they typically automate manual, error-prone processes.
Research Publication Date: 28 August 2008 ID Number: G00159897 HR Self-Service Applications Defined James Holincheck In this research, we discuss the different types of HR self-service and strategies for
More informationBest Practice: Having a 'Big Picture' View of IP Telephony Will Give the Buyer More Control
Research Publication Date: 12 February 2008 ID Number: G00154811 Best Practice: Having a 'Big Picture' View of IP Telephony Will Give the Buyer More Control Steve Blood Companies spend too much on IP-PBXs
More informationHow to Develop an Effective Vulnerability Management Process
Research Publication Date: 1 March 2005 ID Number: G00124126 How to Develop an Effective Vulnerability Management Process Mark Nicolett IT organizations should develop vulnerability management processes
More information2010 Gartner FEI Technology Study: Planned Shared Services and Outsourcing to Increase
Research Publication Date: 20 April 2010 ID Number: G00176029 2010 Gartner FEI Technology Study: Planned Shared Services and Outsourcing to Increase John E. Van Decker, Cathy Tornbohm This Gartner Financial
More informationKey Issues for Business Intelligence and Performance Management Initiatives, 2008
Research Publication Date: 14 March 2008 ID Number: G00156014 Key Issues for Business Intelligence and Performance Management Initiatives, 2008 Kurt Schlegel The Business Intelligence and Performance Management
More informationRoundup of Business Intelligence and Information Management Research, 1Q08
Gartner for IT Leaders Publication Date: 2 May 2008 ID Number: G00157226 Roundup of Business Intelligence and Information Management Research, 1Q08 Bill Hostmann This document provides a roundup of our
More informationWhat to Consider When Designing Next-Generation Data Centers
Research Publication Date: 10 September 2010 ID Number: G00201044 What to Consider When Designing Next-Generation Data Centers David J. Cappuccio Leading-edge data centers are designed for flexibility,
More informationWhat Is the Role of Quality Assurance in a SaaS Environment?
Research Publication Date: 15 September 2009 ID Number: G00170552 What Is the Role of Quality Assurance in a SaaS Environment? Thomas E. Murphy, Daniel Sholler, Christian Hestermann Software as a service
More informationGovernment 2.0 is both citizen-driven and employee-centric, and is both transformational and evolutionary.
Industry Research Publication Date: 11 November 2009 ID Number: G00172423 Government 2.0: Gartner Definition Andrea Di Maio Given the increasing confusion and hype surrounding Government 2.0, it is important
More informationBusiness Intelligence Focus Shifts From Tactical to Strategic
Research Publication Date: 22 May 2006 ID Number: G00139352 Business Intelligence Focus Shifts From Tactical to Strategic Betsy Burton, Lee Geishecker, Kurt Schlegel, Bill Hostmann, Tom Austin, Gareth
More informationOvercoming the Gap Between Business Intelligence and Decision Support
Research Publication Date: 9 April 2009 ID Number: G00165169 Overcoming the Gap Between Business Intelligence and Decision Support Rita L. Sallam, Kurt Schlegel Although the promise of better decision
More informationContainers and Modules: Is This the Future of the Data Center?
Research Publication Date: 8 April 2011 ID Number: G00211139 Containers and Modules: Is This the Future of the Data Center? David J. Cappuccio Modular and container-based data centers have emerged as yet
More informationCost-Cutting IT: Should You Cut Back Your Disaster Recovery Exercise Spending?
Industry Research Publication Date: 11 February 2009 ID Number: G00164764 Cost-Cutting IT: Should You Cut Back Your Disaster Recovery Exercise Spending? Jeff Vining Government CIOs are under increasing
More information