John Pescatore

A typical day in the life of a Gartner analyst means being on the phone with Gartner clients most of the day and Gartner conferences are like compressing a few weeks of that into just a few days – interspersed with giving presentations every few hours and the occasional hospitality suite visit… Doing formal one-on-ones with conference attendees all day, as well as all the “hallway design review” type conversations I have all week is a nice reality check. Some quick thoughts on the top of mind issues:

1. Budget pressure is not really a very big issue but CEOs and CIOs are not shoveling money towards the security program either. Both of these are good things.
2. Everyone says “no one is doing NAC” but they are all asking “what can we do to allowed unmanaged PCs to connect to our network and still stay secure” which is NAC.
3. No one is actually using cloud computing but they are all asking about the security of cloud computing. When they ask about the security of cloud computing they are really asking about the security of software as a service – which they have all been using for several years already.
4. What Gartner calls the “Consumerization of IT” is the biggest disruptive issue hitting everyone. Most are still either taking an “Ignore” or a “Block” stance – they are fooling themselves, just like when the Internet first hit or WLANs first hit.

On the closing day we had planned a keynote panel that would feature the new Cybersecurity “Czar” President Obama has been talking about but they still haven’t selected one yet. So instead the Executive Office of the President provided Chris Painter, Director of Cybersecurity at the National Security Council. I set it up sort of like a Town Hall meeting, and Howard Schmidt and Gary Mcgraw had agreed to provide video “testimony.”  IDG News has a piece on the session here.

I did a lead-in going through all the numerous government initiatives in cybersecurity – going back to Computer Security Act of 1987. Chris talked about the President’s 60 Day Cybersecurity review and where things were likely to go from here, and then I played Howard and Gary’s thoughts. All this was thrown together at the last minute, but there were many common threads across my comments and Gary and Howard’s – some of which they have addressed in the Cybersecurity report, but many of which they have not. I’ll be putting out a Gartner research note on this for our clients, but the biggest issue is really an over-focus on threats and an under-focus on efforts to spur faster vulnerability reduction.

The most bizarre aspect of the Gartner conference: adjacent to where we were at the Gaylord National Harbor hotel, Dancemasters was having what appeared to be a summer camp for pre-teen ballerinas. Seeing dozens of their attendees weaving their way through the hundreds of security geeks was like like seeing a gaggle of gazelles bounding through a herd of Herefords…

Submit a Comment »

Category: Uncategorized     Tags:

Share