NAC Strategies for Supporting BYOD Environments
|
|
- Felicia Jefferson
- 8 years ago
- Views:
Transcription
1 G NAC Strategies for Supporting BYOD Environments Published: 22 December 2011 Analyst(s): Lawrence Orans, John Pescatore Network access control (NAC) will be a key element in a flexible approach to securing a "bring your own device" (BYOD) environment. Using Gartner's framework for analyzing the risks of consumerization, this research highlights how NAC policies can be used in combination with other approaches to implement the four strategies outlined in the framework Contain, Embrace, Block and Disregard. Key Findings NAC helps to protect the network, but it is only one component of a broader BYOD security strategy. Other solutions, such as mobile device management (MDM) and hosted virtual desktops (HVDs), are needed to secure mobile endpoints. A Contain strategy solves an immediate need for mainstream organizations by isolating mobile devices from the corporate network. Network managers will need to stay with a Contain strategy for at least two to three years, because the broader IT department will need to develop mature processes for supporting an Embrace strategy. Recommendations Most organizations should start with a Contain strategy and use NAC policies to isolate personally owned mobile devices in a limited access zone, where they may access a subset of applications and data. In enterprises that aspire to an Embrace BYOD strategy, network security managers should work jointly with IT counterparts to develop NAC policies that complement mobile device strategies. For example, use NAC to ensure that only endpoints with MDM agents are granted network access.
2 What You Need to Know NAC provides one of the most flexible approaches to securely supporting BYOD. For example, NAC policies can be modified as an organization moves from a Contain strategy to an Embrace strategy, and can also be used for Block strategies. Other technologies, such as MDM and HVD, will be used to complement NAC, particularly by enterprises that adopt an Embrace strategy. Analysis Survey data from Gartner, published in May 2011, shows continued strength in the BYOD phenomenon (see "CIO Attitudes Toward Consumerization of Mobile Devices and Applications"). The survey results indicate that U.S.-based CIOs predict that 38% of mobile devices will be owned by employees in two years. European rates were lower (see Note 1). The same survey indicates that, in many organizations, BYOD security initiatives are lacking (see Note 2). Developing formal BYOD policies is critical, because personally owned devices present risks to the network in the form of unintended denial of service and other threats to network stability, such as the spread of malware. Network managers need to protect their networks from the BYOD phenomenon, while the broader IT department works with business leaders to establish an official BYOD strategy. No matter what strategy is selected, the ability to detect when unmanaged devices are in use for business purposes will be required and that requires NAC. In "Optimal Security Approaches for the Secure Use of Consumer IT," Gartner presented a framework for analyzing the business risk of consumerization. Based on a two-dimensional analysis that maps security "pressure" against the value to the business, it yields the four options of Embrace, Contain, Block and Disregard (see Figure 1 and Note 3). The horizontal axis, "Security 'Pressure,'" refers to security demands from internal forces (such as securing confidential data) and/ or external forces (such as regulatory compliance). For example, a publicly traded company that is subject to multiple compliance regimes or a business that would be jeopardized by a major security breach would rate "high" on the Security "Pressure" axis. The vertical axis, "Value to Business," refers to the value that the user delivers to the business through the use of the consumer technology (in this case, a personally owned mobile device). In this research, we apply the framework to show how NAC can mitigate some of the risks of BYOD. Page 2 of 8 Gartner, Inc. G
3 Figure 1. Mapping Security Responses to Risk and Business Value High Embrace Contain Value to Business Disregard Block Low Low Security "Pressure" High Source: Gartner (December 2011) The Contain strategy will be relevant for most mainstream organizations. As noted in the following sections, the Block strategy is too draconian, and the Embrace strategy represents a huge cultural shift that adds technical and operational complexity. A Contain strategy will satisfy the needs of most organizations and give them the time to architect effective plans to migrate to an Embrace strategy. A Disregard strategy equates to ignoring the presence of personally owned devices in a corporate environment. This is a poor choice, and organizations that adopt a Disregard strategy don't make any policy or technology changes. In the sections below, we focus on how network managers can use NAC to adopt Contain, Embrace and Block strategies. Contain The basic Contain strategy should be: "Allow some people to use some devices to access some resources." Most organizations are unprepared to support a broader approach in 2012 because of budget, technology and process issues (see the Embrace section). A Contain approach is the best way for network managers to demonstrate flexibility, yet still retain an appropriate level of control over the network. Contain is the correct strategy in an environment where: Executives demand to use their personally owned mobile devices at work. Gartner, Inc. G Page 3 of 8
4 Business units can justify the benefits of BYOD and are pressuring the IT department to support them. Using NAC to Implement a Contain Strategy NAC policies should be used to create a limited access zone (LAZ) to isolate personally owned devices from the corporate network (see "Strategic Road Map for Network Access Control"). Because organizations are still reacting to the BYOD phenomenon and have yet to formulate formal policies, most IT organizations can't control personally owned devices in the same way they control corporate-owned devices. For example, they haven't installed endpoint protection platform agents, mandated configuration policies or implemented life cycle management tools. For these reasons, personal devices should be positioned in the LAZ where they don't present a threat to sensitive applications on the corporate network. An LAZ will function as a third network zone for most organizations, because it will be distinct from the production network and the wireless guest network. While the guest network allows only Internet access, the LAZ will allow access to a subset of applications and data. NAC policies will limit access to sensitive resources, depending on the device and possibly the user's role. Wireless guest networks are limited in scope (see "Four Key Decisions That Enterprises Must Make Before Implementing a Guest Access WLAN"). They are generally only accessible from visitor areas and some conference rooms. The LAZ is broader, because it should be accessible wherever an employee needs wireless or wired access. It's not enough for the LAZ to be a wireless-only network, because employee-owned MacBooks and other personally owned laptops should connect to the LAZ. The combination of authentication, profiling (discovering a device and identifying its OS), and enforcing access policies should be used to create the LAZ. The concept should be piloted in one location to gain experience in implementing and operating a policy-based network. Building an LAZ at every remote location and applying consistent BYOD policy rules throughout the network are more challenging efforts that will require a strong policy management console and disciplined operational processes. However, for many organizations, this approach can be done in conjunction with rolling out second-generation wireless LAN (WLAN) architectures, because most BYOD device access will be via WLAN. NAC policies should also apply to personally owned laptops that connect via VPN, although this use case is less urgent, because remote devices do not pose a stability threat at Layer 2. However, compromised endpoints can spread malware to other endpoints through an IPSec VPN connection, so endpoint configuration policies should also apply in this scenario. Embrace There is a huge operational and support gap between a Contain strategy (let some people BYOD for some things) and an Embrace strategy (allow everyone to BYOD for almost everything). In an Embrace BYOD environment, the corporate network looks similar to a typical college campus residential network, where students bring their personal devices to school. In that environment, where the school doesn't control the endpoint, it forces compliance through what it can control access to the network. If an endpoint is not compliant with security policies, it will not be granted Page 4 of 8 Gartner, Inc. G
5 access to the network. That rigid model of blocking network access is unacceptable in a corporate environment, because it prevents critical employees from doing their jobs and meeting customer needs. The need for flexibility is a key reason why an Embrace strategy will be slow to be adopted in most businesses. Common characteristics of an Embrace environment will be: Grassroots BYOD adoption has exceeded 30% of the employee population. The organization's ability to manage personally owned devices rises to the level of managing today's Windows-based endpoints. For example, the mature use of MDM for enforcing security policies and the use of HVDs for centrally managing and securing sensitive data and applications are two examples of technologies that will be widely adopted in Embrace environments to reach this goal. Using NAC to Implement an Embrace Strategy In the Embrace scenario, mobile devices have proliferated throughout the organization. Instead of restricting some personal devices to an LAZ, the entire network must be able to enforce policies and control access for personally owned devices. Essentially, the main corporate wireless and wired LANs will replace the LAZ. Scaling policy enforcement to an enterprisewide level is a challenging task, particularly the support issues related to troubleshooting failed authentication and/or failed access to key resources. For many enterprises, it will be another contributing factor for delaying the adoption of an Embrace strategy. Network managers that need to support an Embrace approach will need to scale up their implementation of the same technologies used in the Contain approach. Authentication, profiling and policy enforcement will be deployed on a broader scale and will, therefore, be more operationally complex to manage. Policies will need to be more granular, and will likely need to check for the presence of MDM agents and other mobile device software. Block The Block strategy will not be appropriate for most enterprises because of the attractiveness to both IT management and employees of allowing BYOD. However, some organizations that exhibit the following characteristics will need to prohibit BYOD via the Block approach: Highest degrees of security consciousness (examples include government intelligence agencies, the military and some financial services companies) Strongest emphasis on network stability and reliability (examples include manufacturing environments and critical infrastructures, such as power and utility companies) Using NAC to Implement a Block Strategy The only way to block the use of BYOD is to be able to detect when devices connect to the network and to determine whether the device is managed or not. Network managers will need to implement Gartner, Inc. G Page 5 of 8
6 authentication across wired and wireless networks to execute an effective Block strategy. Authentication based on 802.1X, which is already widely deployed in wireless networks, is a strong option for extending authentication to the wired network. Commercial NAC-based solutions will also be effective, but they are overkill if only authentication policies will be enforced. With authentication comes the requirement to manage an exception list of devices that don't support the authentication method. Profiling technology is an optional but helpful way to identify these exceptions and automate the management of the list. Recommended Reading Some documents may not be available as part of your current Gartner subscription. "Use Managed Diversity to Support the Growing Variety of Endpoint Devices" "Strategic Road Map for Network Access Control" "Case Study: 802.1X-Based Guest Network for a Wired LAN" Evidence In 2011, Gartner surveyed CIOs and senior executives attending our CIO forums in the U.S. and Europe to gauge their opinions about future mobile device strategies, and the impact of consumerization on the way in which smartphones and tablets are provided and managed. The results of these surveys are presented in "CIO Attitudes Toward Consumerization of Mobile Devices and Applications" and reflect strong momentum for the BYOD trend. Note 1 CIO Predictions on BYOD Adoption We asked the following question at Gartner CIO forums in the U.S. and Europe in 2011: "In two years' time, approximately what percentage of the mobile devices (laptops, tablets and mobile phones) used in your organization will be owned by employees?" The survey results showed that the average expectation for employee ownership in two years was 38% among U.S. respondents, but only 20% in Europe. The sharp difference was attributed to differences in roaming data costs, European data privacy regulations and several other factors (see "CIO Attitudes Toward Consumerization of Mobile Devices and Applications" for more information). Note 2 Security Status of Mobile Devices We asked the following question at Gartner CIO forums in the U.S. and Europe in 2011: "Do you believe that the security currently applied to mobile devices, such as smartphones and tablets, used in your organization is adequate and would satisfy an auditor?" U.S. and European respondents were very consistent in their assessment of security; only 27% to 28% believed that their mobile security would satisfy an auditor, 41% to 42% believed it wouldn't, Page 6 of 8 Gartner, Inc. G
7 and the remainder were not sure (see "CIO Attitudes Toward Consumerization of Mobile Devices and Applications" for more information). Note 3 Explanation of Block, Contain, Disregard and Embrace Strategies As outlined in "Optimal Security Approaches for the Secure Use of Consumer IT," the strategies are as follows: Block (or ban) the use of consumer-grade products or services by explicitly prohibiting their use in an appropriate policy; then enforce the policy by scanning for use or blocking port numbers or device drivers. Blocking is possible, but unpopular. Influential users, such as executives, will push for exceptions, forcing the IT department to move to another action on this list. However, there will always be some applications that are too sensitive, or some consumer technologies that are too unsafe, to use. A common example of a blocked consumer technology is peer-topeer file sharing. Contain actively accepts and facilitates use in well-defined situations, and in some cases implements controls to prevent the use of the consumer technology. This approach costs money, but enables the IT department to request a budget to manage and audit device configurations and performance. SSL VPNs are an early example of a Contain approach, because they enable the controlled connection of consumer devices to the corporate network. NAC for guest networking is a more recent example. Disregard essentially means "pretending" that the consumerization trend doesn't affect you, or at least not actively looking to see whether consumer technologies are in use. This is generally an unacceptable approach, except for areas of no business criticality, because it provides no support for the confidentiality, integrity, audit and available levels required by business. However, just as most enterprises don't really care which particular model of mobile phone or calculator employees use, there will always be some areas in which Disregard is the preferred approach. Embrace refers to the IT organization incorporating consumer-grade technology (or enterprise versions of consumer products/services) and promoting, delivering and supporting it just like any other IT-delivered product or service. This requires discipline for the IT department to request the budget to manage and audit device configurations and performance. Essentially, this approach adds enough security to make the use safe, but requires funding to do so. Gartner, Inc. G Page 7 of 8
8 Regional Headquarters Corporate Headquarters 56 Top Gallant Road Stamford, CT USA European Headquarters Tamesis The Glanty Egham Surrey, TW20 9AW UNITED KINGDOM Japan Headquarters Gartner Japan Ltd. Atago Green Hills MORI Tower 5F Atago, Minato-ku Tokyo JAPAN Latin America Headquarters Gartner do Brazil Av. das Nações Unidas, andar World Trade Center São Paulo SP BRAZIL Asia/Pacific Headquarters Gartner Australasia Pty. Ltd. Level 9, 141 Walker Street North Sydney New South Wales 2060 AUSTRALIA Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner s prior written permission. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner s research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see Guiding Principles on Independence and Objectivity on its website, ombudsman/omb_guide2.jsp. Page 8 of 8 Gartner, Inc. G
Strategic Road Map for Network Access Control
G00219087 Strategic Road Map for Network Access Control Published: 11 October 2011 Analyst(s): Lawrence Orans, John Pescatore Long derided as an overhyped concept, network access control (NAC) has emerged
More informationGartner's View on 'Bring Your Own' in Client Computing
G00217298 Gartner's View on 'Bring Your Own' in Client Computing Published: 20 October 2011 Analyst(s): Leif-Olof Wallin Here, we bring together recently published research covering the hot topic of supporting
More informationRecognize the Importance of Digital Marketing
Recognize the Importance of Digital Marketing Laura McLellan, Lead Author Laura McLellan, Laura McLellan serves CMOs and other marketing executives, sharing how digital strategies are being integrated
More informationModify Your Storage Backup Plan to Improve Data Management and Reduce Cost
G00238815 Modify Your Storage Backup Plan to Improve Data Management and Reduce Cost Published: 4 October 2012 Analyst(s): Dave Russell IT leaders and storage managers must rethink their backup procedures
More informationEmerging PC Life Cycle Configuration Management Vendors
Research Publication Date: 20 January 2011 ID Number: G00209766 Emerging PC Life Cycle Configuration Management Vendors Terrence Cosgrove Although the PC configuration life cycle management (PCCLM) market
More informationManaging IT Risks During Cost-Cutting Periods
Research Publication Date: 22 October 2008 ID Number: G00162359 Managing IT Risks During Cost-Cutting Periods Mark Nicolett, Paul E. Proctor, French Caldwell To provide visibility into increased risks
More informationAgenda for Supply Chain Strategy and Enablers, 2012
G00230659 Agenda for Supply Chain Strategy and Enablers, 2012 Published: 23 February 2012 Analyst(s): Michael Dominy, Dana Stiffler When supply chain executives establish the right strategies and enabling
More informationKey Issues for Identity and Access Management, 2008
Research Publication Date: 7 April 2008 ID Number: G00157012 for Identity and Access Management, 2008 Ant Allan, Earl Perkins, Perry Carpenter, Ray Wagner Gartner identity and access management research
More informationIT Cost Savings With Information Governance
G00232238 IT Cost Savings With Information Governance Published: 17 April 2012 Analyst(s): Debra Logan By systematically eliminating redundant information, Cisco has retired multiple legacy systems, eliminated
More informationThe Value of Integrating Configuration Management Databases With Enterprise Architecture Tools
Research Publication Date: 13 January 2011 ID Number: G00210132 The Value of Integrating Configuration Management Databases With Enterprise Architecture Tools Ronni J. Colville, Patricia Adams As configuration
More informationThe Six Triggers for Using Data Center Infrastructure Management Tools
G00230904 The Six Triggers for Using Data Center Infrastructure Management Tools Published: 29 February 2012 Analyst(s): Rakesh Kumar This research outlines the six main triggers for users to start using
More informationHow to Choose Providers for Mobile Consumer Application Platforms
How to Choose Providers for Mobile Consumer Application Platforms Michael McGuire Lead Author Michael McGuire,, Mike McGuire guides digital marketers on best practices for developing strategies. He specializes
More informationDutch University's Successful Enterprise System Implementation Yields Valuable Lessons
Industry Research G00232987 Dutch University's Successful Enterprise System Implementation Yields Valuable Lessons Published: 28 March 2012 Analyst(s): Ron Bonig When Vrije Universiteit in Amsterdam implemented
More informationResponsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users
Research Publication Date: 17 October 2006 ID Number: G00144061 Responsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users Amrit T. Williams, John Pescatore, Paul E. Proctor
More informationVendor Focus for IBM Global Services: Consulting Services for Cloud Computing
Research Publication Date: 22 February 2010 ID Number: G00174046 Vendor Focus for IBM Global Services: Consulting Services for Cloud Computing Susan Tan Amid the hype and buzz of cloud computing are very
More informationResearch. Key Issues for Software as a Service, 2009
Research Publication Date: 6 February 2009 ID Number: G00164873 Key Issues for Software as a Service, 2009 Robert P. Desisto, Ben Pring As organizations' capital budgets dry up, clients evaluating SaaS
More informationSolution Path: Threats and Vulnerabilities
Solution Path: Threats and Vulnerabilities Published: 24 January 2012 Burton IT1 Research G00226331 Analyst(s): Dan Blum This solution path helps Gartner clients develop a strategy and program for managing
More informationPrepare for the Inevitable With an Effective Security Incident Response Plan
G00236455 Prepare for the Inevitable With an Effective Security Incident Response Plan Published: 19 July 2012 Analyst(s): Rob McMillan A serious security incident is a question of "when," not "if," for
More informationNow Is the Time for Security at the Application Level
Research Publication Date: 1 December 2005 ID Number: G00127407 Now Is the Time for Security at the Application Level Theresa Lanowitz Applications must be available, useful, reliable, scalable and, now
More informationChoosing a Replacement for Incumbent One-Time Password Tokens
Research Publication Date: 21 April 2011 ID Number: G00212244 Choosing a Replacement for Incumbent One-Time Password Tokens Ant Allan This research outlines the options for enterprises seeking replacements
More informationClients That Don't Segment Their Network Infrastructure Will Have Higher Costs and Increased Vendor Lock-in
Research Publication Date: 15 March 2011 ID Number: G00210952 Clients That Don't Segment Their Network Infrastructure Will Have Higher Costs and Increased Vendor Lock-in Tim Zimmerman Enterprises must
More informationOrganizations Should Implement Web Application Security Scanning
Research Publication Date: 21 September 2005 ID Number: G00130869 Organizations Should Implement Web Application Security Scanning Amrit T. Williams, Neil MacDonald Web applications are prone to vulnerabilities
More informationThe Four New Ps of Marketing That CMOs and CIOs Should Consider
G00227185 The Four New Ps of Marketing That CMOs and CIOs Should Consider Published: 18 May 2012 Analyst(s): Kimberly Collins Four new Ps of marketing align people and processes across the marketing ecosystem,
More informationData in the Cloud: The Changing Nature of Managing Data Delivery
Research Publication Date: 1 March 2011 ID Number: G00210129 Data in the Cloud: The Changing Nature of Managing Data Delivery Eric Thoo Extendible data integration strategies and capabilities will play
More informationCost Optimization: Three Steps to Saving Money on Maintenance and Support for Network Security Products
Research Publication Date: 10 December 2008 ID Number: G00163195 Cost Optimization: Three Steps to Saving Money on Maintenance and Support for Network Security Products Lawrence Orans, Greg Young Most
More information2010 FEI Technology Study: CPM and BI Show Improvement From 2009
Research Publication Date: 22 March 2010 ID Number: G00175233 2010 FEI Technology Study: CPM and BI Show Improvement From 2009 John E. Van Decker Many organizations recognize that current financial management
More informationIntegrated Marketing Management Aligns Executional, Operational and Analytical Processes in a Closed-Loop Process
Research Publication Date: 26 October 2010 ID Number: G00207031 Integrated Marketing Management Aligns Executional, Operational and Analytical Processes in a Closed-Loop Process Kimberly Collins This research
More informationThe Current State of Agile Method Adoption
Research Publication Date: 12 December 2008 ID Number: G00163591 The Current State of Agile Method Adoption David Norton As the pace of agile adoption increases, development organizations must understand
More informationCloud E-Mail Decision-Making Criteria for Educational Organizations
Research Publication Date: 10 June 2011 ID Number: G00213675 Cloud E-Mail Decision-Making Criteria for Educational Organizations Matthew W. Cain Educational organizations sometimes struggle to choose between
More informationEight Critical Forces Shape Enterprise Data Center Strategies
Research Publication Date: 8 February 2007 ID Number: G00144650 Eight Critical Forces Shape Enterprise Data Center Strategies Rakesh Kumar Through 2017, infrastructure and operations managers, architects
More informationEnsure Emerging Trends and Technologies Advance Your Marketing Strategy
Ensure Emerging Trends and Technologies Advance Your Marketing Strategy Richard Fouts, Jackie Fenn and Gartner Fellow Lead Author Richard Fouts, Richard Fouts guides digital marketers on best practices
More informationKnowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets
Research Publication Date: 31 July 2009 ID Number: G00169664 Knowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets Regina Casonato This research
More informationUnderstanding Vulnerability Management Life Cycle Functions
Research Publication Date: 24 January 2011 ID Number: G00210104 Understanding Vulnerability Management Life Cycle Functions Mark Nicolett We provide guidance on the elements of an effective vulnerability
More informationX.509 Certificate Management: Avoiding Downtime and Brand Damage
G00226426 X.509 Certificate Management: Avoiding Downtime and Brand Damage Published: 4 November 2011 Analyst(s): Eric Ouellet, Vic Wheatman Organizations are often not aware of the scope or the validity
More informationResearch Agenda and Key Issues for Converged Infrastructure, 2006
Research Publication Date: 20 July 2006 ID Number: G00141507 Research Agenda and Key Issues for Converged Infrastructure, 2006 Sylvain Fabre Gartner's research will cover fixed-mobile convergence, the
More informationIT Architecture Is Not Enterprise Architecture
Research Publication Date: 17 November 2010 ID Number: G00206910 IT Architecture Is Not Enterprise Architecture Bruce Robertson Many enterprise architecture (EA) teams and their stakeholders still use
More informationCloud IaaS: Service-Level Agreements
G00210096 Cloud IaaS: Service-Level Agreements Published: 7 March 2011 Analyst(s): Lydia Leong Cloud infrastructure-as-a-service (IaaS) providers typically offer SLAs that cover the various elements of
More informationGartner Defines Enterprise Information Architecture
Research Publication Date: 20 February 2008 ID Number: G00154071 Gartner Defines Enterprise Information Architecture David Newman, Nicholas Gall, Anne Lapkin As organizations look for new ways to exploit
More informationIT asset management (ITAM) will proliferate in midsize and large companies.
Research Publication Date: 2 October 2008 ID Number: G00161024 Trends on Better IT Asset Management Peter Wesche New exiting trends will lead to a higher adoption of asset management methodologies. Tighter
More informationE-Mail Is a Commodity and Other Fairy Tales
G00210585 E-Mail Is a Commodity and Other Fairy Tales Published: 9 February 2011 Analyst(s): Matthew W. Cain A deep understanding of the operational, architectural, policy and feature requirements of an
More informationToolkit: Reduce Dependence on Desk-Side Support Technicians
Gartner for IT Leaders Publication Date: 23 April 2007 ID Number: G00147075 Toolkit: Reduce Dependence on Desk-Side Support Technicians David M. Coyle, Terrence Cosgrove The IT service desk and PC life
More informationThe Lack of a CRM Strategy Will Hinder Health Insurer Growth
Industry Research Publication Date: 15 October 2008 ID Number: G00162107 The Lack of a CRM Strategy Will Hinder Health Insurer Growth Joanne Galimi The Gartner 2008 healthcare payer application survey
More information2009 FEI Technology Study: CPM and BI Pose Challenges and Opportunities
Research Publication Date: 23 July 2009 ID Number: G00168896 2009 FEI Technology Study: CPM and BI Pose Challenges and Opportunities John E. Van Decker Many organizations recognize that existing financial
More informationInvest in an analysis of current metrics and those missing, and develop a plan for continuous management and improvement.
Research Publication Date: 29 April 2008 ID Number: G00154802 Key Metrics for IT Service and Support David M. Coyle, Kris Brittain To evaluate IT service and support performance, senior management must
More informationCharity Shows That You Don't Need a Big Budget to Succeed With Predictive Analytics
G00232733 Charity Shows That You Don't Need a Big Budget to Succeed With Predictive Analytics Published: 17 September 2012 Analyst(s): Joao Tapadinhas A U.K. charity has shown how the smallest organization
More informationQ&A: The Many Aspects of Private Cloud Computing
Research Publication Date: 22 October 2009 ID Number: G00171807 Q&A: The Many Aspects of Private Cloud Computing Thomas J. Bittman Cloud computing is at the Peak of Inflated Expectations on the Gartner
More informationKey Issues for Data Management and Integration, 2006
Research Publication Date: 30 March 2006 ID Number: G00138812 Key Issues for Data Management and Integration, 2006 Ted Friedman The effective management and leverage of data represent the greatest opportunity
More informationEstablishing a Strategy for Database Security Is No Longer Optional
Establishing a Strategy for Database Security Is No Longer Optional Published: 29 November 2011 G00226793 Analyst(s): Jeffrey Wheatman The options for securing increasingly valuable databases are very
More informationCloud IaaS: Security Considerations
G00210095 Cloud IaaS: Security Considerations Published: 7 March 2011 Analyst(s): Lydia Leong, Neil MacDonald Ensuring adherence to your organization's security and compliance requirements is one of the
More informationThe EA process and an ITG process should be closely linked, and both efforts should leverage the work and results of the other.
Research Publication Date: 4 April 2008 ID Number: G00155260 Integrate EA and IT Governance s Betsy Burton, R. Scott Bittler, Cassio Dreyfuss In many organizations, we find that IT governance (ITG) initiatives
More informationThe Electronic Signature Market Is Poised to Take Off
G00234939 The Electronic Signature Market Is Poised to Take Off Published: 21 May 2012 Analyst(s): Gregg Kreizman Growth in the e-signature market is becoming viral, and there are significant benefits
More informationSecuring BYOD With Network Access Control, a Case Study
Securing BYOD With Network Access Control, a Case Study 29 August 2012 ID:G00226207 Analyst(s): Lawrence Orans VIEW SUMMARY This Case Study highlights how an organization utilized NAC and mobile device
More informationData Center Consolidation Projects: Benefits and Pitfalls
Research Publication Date: 2 May 2011 ID Number: G00212148 Data Center Consolidation Projects: Benefits and Pitfalls David J. Cappuccio This research outlines the primary success factors in consolidation
More informationGamification Meets Analytics With Kaggle
G00228640 Gamification Meets Analytics With Kaggle Published: 1 June 2012 Analyst(s): Rita L. Sallam This note describes how Kaggle is bringing "the collective" to "the predictive" to help companies overcome
More informationBusiness Intelligence Platform Usage and Quality Dynamics, 2008
Research Publication Date: 2 July 2008 ID Number: G00159043 Business Intelligence Platform Usage and Quality Dynamics, 2008 James Richardson This report gives results from a survey of attendees at Gartner's
More informationThe Five Competencies of MRM 'Re-' Defined
Research Publication Date: 14 March 2008 ID Number: G00155835 The Five Competencies of MRM 'Re-' Defined Kimberly Collins This research details the five key competencies of marketing resource management
More informationReal-Time Decisions Need Corporate Performance Management
Research Publication Date: 26 April 2004 ID Number: COM-22-3674 Real-Time Decisions Need Corporate Performance Management Frank Buytendijk, Brian Wood, Mark Raskino The real-time enterprise model depends
More informationCDOs Should Use IT Governance and Risk Compliance Management to Advance Compliance
Industry Research Publication Date: 1 May 2008 ID Number: G00156708 CDOs Should Use IT Governance and Risk Compliance Management to Advance Compliance Barry Runyon Care delivery organizations (CDOs) are
More informationCase Study: A K-12 Portal Project at the Miami-Dade County Public Schools
Industry Research Publication Date: 31 December 2007 ID Number: G00154138 Case Study: A K-12 Portal Project at the Miami-Dade County Public Schools Bill Rust The Miami-Dade County Public Schools a school
More informationIn the North American E-Signature Market, SaaS Offerings Are Increasingly in Demand
Research Publication Date: 18 August 2011 ID Number: G00215378 In the North American E-Signature Market, SaaS Offerings Are Increasingly in Demand Gregg Kreizman Enterprises are becoming increasing comfortable
More informationHow To Create A Cloud Computing System
G00230221 Five Cloud Computing Trends That Will Affect Your Cloud Strategy Through 2015 Published: 10 February 2012 Analyst(s): David W. Cearley, David Mitchell Smith In this Impact Assessment, we focus
More informationBest Practices for Confirming Software Inventories in Software Asset Management
Research Publication Date: 24 August 2009 ID Number: G00167067 Best Practices for Confirming Software Inventories in Software Asset Management Peter Wesche, Jane B. Disbrow This research discusses the
More informationThe What, Why and When of Cloud Computing
Research Publication Date: 4 June 2009 ID Number: G00168582 The What, Why and When of Cloud Computing David Mitchell Smith, Daryl C. Plummer, David W. Cearley Cloud computing continues to gain visibility.
More informationGovernance Is an Essential Building Block for Enterprise Information Management
Research Publication Date: 18 May 2006 ID Number: G00139707 Governance Is an Essential Building Block for Enterprise Information Management David Newman, Debra Logan Organizations are seeking new ways
More informationHow to Develop an Effective Vulnerability Management Process
Research Publication Date: 1 March 2005 ID Number: G00124126 How to Develop an Effective Vulnerability Management Process Mark Nicolett IT organizations should develop vulnerability management processes
More informationDeliver Process-Driven Business Intelligence With a Balanced BI Platform
Research Publication Date: 12 April 2006 ID Number: G00139377 Deliver Process-Driven Business Intelligence With a Balanced BI Platform Kurt Schlegel To enable process-driven business intelligence, IT organizations
More informationOrganizations Must Employ Effective Data Security Strategies
Research Publication Date: 30 August 2005 ID Number: G00123639 Organizations Must Employ Effective Data Security Strategies Rich Mogull Organizations can best protect data through a hierarchical data security
More informationBusiness Intelligence Focus Shifts From Tactical to Strategic
Research Publication Date: 22 May 2006 ID Number: G00139352 Business Intelligence Focus Shifts From Tactical to Strategic Betsy Burton, Lee Geishecker, Kurt Schlegel, Bill Hostmann, Tom Austin, Gareth
More informationDiscovering the Value of Unified Communications
Research Publication Date: 12 February 2007 ID Number: G00144673 Discovering the Value of Unified Communications Bern Elliot, Steve Cramoysan Unified communications represent a broad range of new solutions
More informationMeasuring the Business Value of Data Quality
G00218962 Measuring the Business Value of Data Quality Published: 10 October 2011 Analyst(s): Ted Friedman, Michael Smith Research shows that 40% of the anticipated value of all business initiatives is
More informationBackup and Disaster Recovery Modernization Is No Longer a Luxury, but a Business Necessity
Research Publication Date: 11 August 2011 ID Number: G00215300 Backup and Disaster Recovery Modernization Is No Longer a Luxury, but a Business Necessity John P Morency, Donna Scott, Dave Russell For the
More informationWhen to Use Custom, Proprietary, Open-Source or Community Source Software in the Cloud
Industry Research Publication Date: 3 May 2010 ID Number: G00175030 When to Use Custom, Proprietary, Open-Source or Community Source Software in the Cloud Massimiliano Claps, Andrea Di Maio Cloud computing
More informationNGFWs will be most effective when working in conjunction with other layers of security controls.
Research Publication Date: 12 October 2009 ID Number: G00171540 Defining the Next-Generation Firewall John Pescatore, Greg Young Firewalls need to evolve to be more proactive in blocking new threats, such
More informationSingapore Empowers Land Transport Planners With Data Warehouse
G00219502 Singapore Empowers Land Transport Planners With Data Warehouse Published: 18 October 2011 Analyst(s): Eric Thoo The Land Transport Authority (LTA) of Singapore wanted to improve planning and
More informationQ&A: How Can ERP Recurring Costs Be Contained?
Research Publication Date: 18 December 2008 ID Number: G00163030 Q&A: How Can ERP Recurring Costs Be Contained? Peter Wesche Driven by increased pressure for cost containment, attendees at the 2008 Financial
More informationThe IT Service Desk Market Is Ready for SaaS
Research Publication Date: 17 April 2009 ID Number: G00166526 The IT Service Desk Market Is Ready for SaaS David M. Coyle The IT service desk market is well-positioned to use the software-as-a-service
More informationFor cloud services to deliver their promised value, they must be underpinned by effective and efficient processes.
Research Publication Date: 15 October 2010 ID Number: G00208009 ITIL 'in the Cloud' George Spafford, Ed Holub The cloud-computing delivery model is generating a lot of interest from organizations wishing
More informationWhat to Consider When Designing Next-Generation Data Centers
Research Publication Date: 10 September 2010 ID Number: G00201044 What to Consider When Designing Next-Generation Data Centers David J. Cappuccio Leading-edge data centers are designed for flexibility,
More informationKey Issues for Business Intelligence and Performance Management Initiatives, 2008
Research Publication Date: 14 March 2008 ID Number: G00156014 Key Issues for Business Intelligence and Performance Management Initiatives, 2008 Kurt Schlegel The Business Intelligence and Performance Management
More informationIT Operational Considerations for Cloud Computing
Research Publication Date: 13 June 2008 ID Number: G00157184 IT Operational Considerations for Cloud Computing Donna Scott Cloud computing market offerings increase the options available to source IT services.
More informationKey Issues for Consumer Goods Manufacturers, 2011
Industry Research Publication Date: 1 March 2011 ID Number: G00210698 Key Issues for Consumer Goods Manufacturers, 2011 Don Scheibenreif, Dale Hagemeyer Gartner's 2011 consumer goods manufacturing research
More informationGartner Clarifies the Definition of the Term 'Enterprise Architecture'
Research Publication Date: 12 August 2008 ID Number: G00156559 Gartner Clarifies the Definition of the Term 'Enterprise Architecture' Anne Lapkin, Philip Allega, Brian Burke, Betsy Burton, R. Scott Bittler,
More informationResearch. Mastering Master Data Management
Research Publication Date: 25 January 2006 ID Number: G00136958 Mastering Master Data Management Andrew White, David Newman, Debra Logan, John Radcliffe Despite vendor claims, master data management has
More informationIAM can utilize SIEM event data to drive user and role life cycle management and automate remediation of exception conditions.
Research Publication Date: 1 September 2009 ID Number: G00161012 SIEM and IAM Technology Integration Mark Nicolett, Earl Perkins Integration of identity and access management (IAM) and security information
More informationPrivate Cloud Computing: An Essential Overview
Research Publication Date: 23 November 2010 ID Number: G00209000 Private Cloud Computing: An Essential Overview Thomas J. Bittman Private cloud computing requires strong leadership and a strategic plan
More informationHow Eneco's Enterprisewide BI and Performance Management Initiative Delivered Significant Business Benefits
Research Publication Date: 13 June 2008 ID Number: G00158605 How Eneco's Enterprisewide BI and Performance Management Initiative Delivered Significant Business Benefits Nigel Rayner Eneco was faced with
More informationThe Hype Around an Integrated Talent Management Suite Outpaces Customer Adoption
Research Publication Date: 3 February 2009 ID Number: G00164356 The Hype Around an Integrated Talent Management Suite Outpaces Customer Adoption James Holincheck Gartner surveyed 123 customer references
More informationXBRL Will Enhance Corporate Disclosure and Corporate Performance Management
Research Publication Date: 23 April 2008 ID Number: G00156910 XBRL Will Enhance Corporate Disclosure and Corporate Performance Management Nigel Rayner, Neil Chandler Extensible Business Reporting Language
More informationEnergy savings from well-managed data centers can reduce operating expenses by as much as 20%.
Research Publication Date: 29 March 2010 ID Number: G00174769 DCIM: Going Beyond IT David J. Cappuccio Infrastructure and operations (I&O) leaders must now go beyond performance management of IT equipment
More informationCritical Privacy Questions to Ask an HCM/CRM SaaS Provider
Research Publication Date: 31 July 2009 ID Number: G00168488 Critical Privacy Questions to Ask an HCM/CRM SaaS Provider Carsten Casper, Thomas Otter, Arabella Hallawell The vast majority (probably greater
More informationData Center Redesign Yields an 80%-Plus Reduction in Energy Usage
Research Publication Date: 10 August 2011 ID Number: G00213049 Data Center Redesign Yields an 80%-Plus Reduction in Energy Usage Jay E. Pultz The National Renewable Energy Laboratory's (NREL's) data center
More informationOvercoming the Gap Between Business Intelligence and Decision Support
Research Publication Date: 9 April 2009 ID Number: G00165169 Overcoming the Gap Between Business Intelligence and Decision Support Rita L. Sallam, Kurt Schlegel Although the promise of better decision
More informationBest Practice: Having a 'Big Picture' View of IP Telephony Will Give the Buyer More Control
Research Publication Date: 12 February 2008 ID Number: G00154811 Best Practice: Having a 'Big Picture' View of IP Telephony Will Give the Buyer More Control Steve Blood Companies spend too much on IP-PBXs
More informationGovernment 2.0 is both citizen-driven and employee-centric, and is both transformational and evolutionary.
Industry Research Publication Date: 11 November 2009 ID Number: G00172423 Government 2.0: Gartner Definition Andrea Di Maio Given the increasing confusion and hype surrounding Government 2.0, it is important
More informationFive Business Drivers of Identity and Access Management
Research Publication Date: 31 October 2003 ID Number: SPA-21-3673 Five Business Drivers of Identity and Access Management Roberta J. Witty The primary reasons to implement IAM solutions are business facilitation,
More informationRepurposing Old PCs as Thin Clients as a Way to Save Money
Research Publication Date: 30 March 2009 ID Number: G00166341 Repurposing Old PCs as Thin Clients as a Way to Save Money Mark A. Margevicius, Stephen Kleynhans Tough economic times are forcing customers
More informationCase Study: New South Wales State Department of Education Adopts Gmail for 1.2 Million Students
Industry Research Publication Date: 26 January 2010 ID Number: G00172722 Case Study: New South Wales State Department of Education Adopts Gmail for 1.2 Million Students Steve Bittinger Australia's New
More informationRisk Intelligence: Applying KM to Information Risk Management
Research Publication Date: 19 September 2007 ID Number: G00151742 Risk Intelligence: Applying KM to Information Risk Management French Caldwell Risk intelligence is the alignment of information governance
More informationEHR Advantages and Disadvantages
Industry Research Publication Date: 3 February 2010 ID Number: G00174011 The Limits of Certification and Guarantees in Buying Electronic Health Records in the U.S. Wes Rishel It is important not to rely
More informationThe Seven Building Blocks of MDM: A Framework for Success
Research Publication Date: 11 October 2007 ID Number: G00151496 The Seven Building Blocks of MDM: A Framework for Success John Radcliffe Gartner's Seven Building Blocks of Master Data Management (MDM)
More information