Gartner Blog Network

Erik T. Heidt
IoT Agenda Manager, Research Director
4 years at Gartner
23 years IT Industry

Erik Heidt is the Research Agenda Manager for Gartner for Technical Professionals (GTP). Mr. Heidt covers Internet of Things (IoT) architecture, IoT strategy as well as security and risk management within the IoT context. Mr. Heidt focuses on developing and delivering research related to the architecture, development and operation of IoT for both users and suppliers. Mr. Heidt has more than 24 years of IT industry experience, with a significant focus on information security and risk management. Read Full Bio

10 Catalyst Presentations, 9 Reports and Now… The 2017 IoT Planning Guide !!

by Erik T. Heidt  |  October 14, 2016

“2017 Planning Guide for the Internet of Things” published yesterday. The first Planning Guide to have a 100% IoT focus and summarizing our analysis and insights into this technology. This is the seventh in-depth IoT research report GTP has published this year – and there are still 78 days to go! (Yep, there is more to […]

Read more »

Webinar “When Encryption Won’t Work: Implementing Practical Information Protection”

by Erik T. Heidt  |  July 21, 2014

Enterprise data breaches are occurring all-too-often. Many enterprises have overestimating or misunderstood the protection provided by current, or planned, encryption deployments. This presentation focuses on the attacks that are resulting in expensive and embarrassing data disclosures, and provide prioritized actions for you to consider for addressing these threats.  Portable media and data outside the data […]

Read more »

Trusting SaaS With Your Data, eh?

by Erik T. Heidt  |  June 19, 2014

Two significant SaaS data loss events is short order… May 6th,, a SaaS solution for qualitative research announced a major data loss event and today (June 19) announced that they are down,  have lost significant amounts of client data, and may be out of business. What should current or prospective SaaS users learn from this […]

Read more »

Attending Gartner Security & Risk Management Summit 2014 Next Week ?

by Erik T. Heidt  |  June 18, 2014

I am speaking at the Gartner Security & Risk Management Summit next week and there are a few talks that I believe will be of particular interests to folks who follow my blog. But first… Please be aware that I am now also using Twitter as @CyberHeidt — my schedule next week is very booked, […]

Read more »

Heartbleed Exploit in OpenSSL – How Should You Respond?

by Erik T. Heidt  |  April 9, 2014

What is the fault? It has been discovered that a coding error in OpenSSL enables attackers to examine memory on remote servers, or devices. Specificly: “A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal … memory to a connected client or server.” – For those of you […]

Read more »

CERT IT Risk Podcast

by Erik T. Heidt  |  March 26, 2014

Julia Allen invited Ben Tomhave and I to collaborate with her on a podcast for CERT “Comparing IT Risk Assessment and Analysis Methods” (link).  (Note, there is a full transcript available for folks who prefer to read their podcasts.) The podcast includes a summary of recent research that Ben, Anne E. Robbins, and I published […]

Read more »

Wizard Lays Waste to Acme Data Analytics with Chef Spell…

by Erik T. Heidt  |  March 10, 2014

As reported today on the front page of Cloud Wizard’s Journal: Easy come, easy go. The same Cloud Wizard that created Acme Data Analytics cloud based data services, the differentiator that has enabled their dominance, their literal Midas Touch in every market they have entered… Undid it all when she cast a angry curse, scripted […]

Read more »

New Self-Audit Toolkit

by Erik T. Heidt  |  September 25, 2013

In “Achieving IT GRC Success“, Gartner recommended that enterprises consider six core activities in the Execution phase of the IT GRC practice. These included: Risk Assessment KRI Measurement and Management Ad Hoc Risk Decision Support Compliance Management Audit Support Policy Management There are many aspects of Audit Support that are discussed in the document, and […]

Read more »

Effective Selection and Implementation of IT GRC Solutions

by Erik T. Heidt  |  September 20, 2013

The basic question is, how do you select tools to support your IT Governance, Risk Management and Compliance (IT GRC) needs? This has been a major focus for my research over the last 10 months. The first phase of that exploration focused on defining a guidance framework that could be used to identify the IT […]

Read more »

Relativistic Control Theory

by Erik T. Heidt  |  September 19, 2013

A few weeks ago I had the pleasure of attending a roundtable of IT Risk Managers. Most of the participants were folks involved in day-to-day risk and governance in financial institutions. During one of the presentations there was an exchange that occurred between one of the speakers and myself, that has helped me to understand […]

Read more »