Gartner Blog Network

Erik Heidt
Research Director
1 years at Gartner
20 years IT Industry

Erik Heidt is a Research Director on the GTP Security and Risk Management Strategies team. His research focus areas include IT risk management, IT GRC, application security and cryptographic controls. Read Full Bio

Webinar “When Encryption Won’t Work: Implementing Practical Information Protection”

by Erik T. Heidt  |  July 21, 2014

Enterprise data breaches are occurring all-too-often. Many enterprises have overestimating or misunderstood the protection provided by current, or planned, encryption deployments. This presentation focuses on the attacks that are resulting in expensive and embarrassing data disclosures, and provide prioritized actions for you to consider for addressing these threats.  Portable media and data outside the data […]

Read more »

Trusting SaaS With Your Data, eh?

by Erik T. Heidt  |  June 19, 2014

Two significant SaaS data loss events is short order… May 6th,, a SaaS solution for qualitative research announced a major data loss event and today (June 19) announced that they are down,  have lost significant amounts of client data, and may be out of business. What should current or prospective SaaS users learn from this […]

Read more »

Attending Gartner Security & Risk Management Summit 2014 Next Week ?

by Erik T. Heidt  |  June 18, 2014

I am speaking at the Gartner Security & Risk Management Summit next week and there are a few talks that I believe will be of particular interests to folks who follow my blog. But first… Please be aware that I am now also using Twitter as @CyberHeidt — my schedule next week is very booked, […]

Read more »

Heartbleed Exploit in OpenSSL – How Should You Respond?

by Erik T. Heidt  |  April 9, 2014

What is the fault? It has been discovered that a coding error in OpenSSL enables attackers to examine memory on remote servers, or devices. Specificly: “A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal … memory to a connected client or server.” – For those of you […]

Read more »

CERT IT Risk Podcast

by Erik T. Heidt  |  March 26, 2014

Julia Allen invited Ben Tomhave and I to collaborate with her on a podcast for CERT “Comparing IT Risk Assessment and Analysis Methods” (link).  (Note, there is a full transcript available for folks who prefer to read their podcasts.) The podcast includes a summary of recent research that Ben, Anne E. Robbins, and I published […]

Read more »

Wizard Lays Waste to Acme Data Analytics with Chef Spell…

by Erik T. Heidt  |  March 10, 2014

As reported today on the front page of Cloud Wizard’s Journal: Easy come, easy go. The same Cloud Wizard that created Acme Data Analytics cloud based data services, the differentiator that has enabled their dominance, their literal Midas Touch in every market they have entered… Undid it all when she cast a angry curse, scripted […]

Read more »

New Self-Audit Toolkit

by Erik T. Heidt  |  September 25, 2013

In “Achieving IT GRC Success“, Gartner recommended that enterprises consider six core activities in the Execution phase of the IT GRC practice. These included: Risk Assessment KRI Measurement and Management Ad Hoc Risk Decision Support Compliance Management Audit Support Policy Management There are many aspects of Audit Support that are discussed in the document, and […]

Read more »

Effective Selection and Implementation of IT GRC Solutions

by Erik T. Heidt  |  September 20, 2013

The basic question is, how do you select tools to support your IT Governance, Risk Management and Compliance (IT GRC) needs? This has been a major focus for my research over the last 10 months. The first phase of that exploration focused on defining a guidance framework that could be used to identify the IT […]

Read more »

Relativistic Control Theory

by Erik T. Heidt  |  September 19, 2013

A few weeks ago I had the pleasure of attending a roundtable of IT Risk Managers. Most of the participants were folks involved in day-to-day risk and governance in financial institutions. During one of the presentations there was an exchange that occurred between one of the speakers and myself, that has helped me to understand […]

Read more »

Raspberry PI & Securing the DIY Internet of Things

by Erik T. Heidt  |  September 3, 2013

(Note, if you know what a PI is and just want to jumpstart the security posture of your device, skip to How do I secure this thing?) What is a Raspberry PI and who are these Makers? You have probably heard a number of organizations discussing the “internet of things” or “industrial internet”, an emerging […]

Read more »