John Pescatore

Two weeks ago I traveled to Tokyo and spoke at Gartner’s Information Security and Risk Summit.  We surveyed the 300 attendees after the earthquake/tsunami/nuclear power plant disasters and they still wanted to attend the conference, so we were glad to hold it. (Gartner also had a Data Center conference last week in Tokyo, as well.)

While the disaster is topic 1 with everyone in Japan, business life in Tokyo is largely unaffected. There are many electricity conservation methods in place, and there was a 6.1 aftershock at 10:30 one night I was there that caused some unsettling swaying in my room on the 11th floor of the hotel in Shinagawa, but the conference was pretty much the same as any other conference, and the day after I had meetings with many Gartner clients at large companies around the Tokyo area that were like meetings anywhere else in the world. Well, they were actually different but not because of the earthquake.

I was last in Japan 9 or 10 years ago and I noticed the same difference back then: businesses have much less of a malware problem. Their interests in security are much more focused on business continuity and identity and access management vs. infrastructure protection.

I think the major reasons for this is that many Japanese people have for a long time done so much of their digital life on their mobile phones and they are less prone to doing dangerous things on their PCs. They seem to have much less of the “personal and business life mix on the business PC” problem but even home PCs are less prone to compromise. You can see this every year on Microsoft’s malware “heat map” – of the developed countries, Japan almost always has the lowest infection rate on PCs running Windows.

The other factor is that large Japanese companies seem to be more conservative about adopting new technology quickly. I had lots of conversations about security of public and private cloud computing but most of the conversations about public cloud were more of the “why would we ever allow that??” rather than the typical US conversation of “they are starting to talk about using public cloud, how can we secure that??” Many, many more concerns about maintaining configuration control and visibility and reliability than you see in US companies. This was true about remote access, allowing web mail, etc. years ago and is holding true with consumerization and public cloud adoption there as well.

Not universally true – I did talk to some Gartner clients in smaller business units in large companies that were very different. There were many similarities with US businesses, as well.  While the iPhone was pretty huge in Japan, Droid phones seemed largely invisible, Windows Phone 7 never came up.

2 Comments »

Category: Uncategorized     Tags:

Share

Tweet