Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

Are You Ready for These Security Inflection Points?

by Neil MacDonald  |  May 7, 2009  |  3 Comments

As I discuss IT security strategies and future architectures with clients, there are several inflection points that I don’t think many organizations are prepared for.

Are you ready for the point where:

  • More non-employees access our systems and information than actual employees (To be clear – I’m not talking about consumer-facing websites, I’m talking about our internal systems and information opened up for collaboration and inter-enterprise processes).
  • More than half of our employees spend the majority of their working hours connected to networks we don’t own and don’t control (airports, hotels, home, wireless, 3G and so on)
  • Even on networks we do control, the majority of devices that connect won’t be devices we own or control (mobile devices primarily, but also including contractor machines, employee-owned laptops and so on)
  • The majority of server workloads connecting to our network will be virtual machines, not physical machines.

Some of you are already experiencing these. All of these will challenge our traditional assumptions about information security. I’d be interested in your thoughts, including any you think I might have missed.

3 Comments »

Category: Next-generation Security Infrastructure     Tags:

3 responses so far ↓

  • 1 Are You Ready for These Security Inflection Points?   May 8, 2009 at 1:58 am

    [...] News Sources wrote an interesting post today onHere’s a quick excerptAs I discuss IT security strategies and future architectures with clients, there are several inflection points that I don’t think many organizations are prepared for. Are you ready for the point where: More non-employees access our systems and information than actual employees (To be clear – I’m not talking about consumer-facing websites, I’m talking about our internal systems and information opened up for collaboration and inter-enterprise processes). More than half of our employees sp [...]

  • 2 Allen Baranov   May 12, 2009 at 9:05 am

    Hi,

    I have just completed a presentation on the future of Information Security and then I read this and saw that you are exactly on the same page as me.

    Then, I went to an older presentation of mine and found a quote by you.

    I think I’m going to add you to my RSS feed right now.

    Excellent stuff, keep up the good work!

    Allen

  • 3 Mehul Doshi   January 5, 2010 at 8:05 am

    The organizations using Sharepoint of intranet based applications similar to Knowledgebase be it for dealers, partners, collobrators or its own employees need to provide a access and in the process they share lot of content which are IPR or processes which need to be restricted within the community. Like we have attritions, similarly partners also change taking the IPR along with them.
    Mobile workforce is increasing in almost all organizations and it is a matter of time when 60% of the branch employees need to have regional spread using mediums like 3G, wimax, Broaband for connectivity to central site.Hence User now have mobile phones with or without internet, Broadband to laptops for roaming, broad band to homes or branches or using centralized internet via Central office or similar. We hence reach a inflection point of organization having to secure 2-3 medium of public access per user. Are this planned by security teams. The endpoint technology though may be converging best of breed cannot catchup with cybercrimals hence organizations need ADAPTIVE SECURITY models monitored by central security team for all the tiers. This security need to be Database and Application user mapped as this is the areas where all the action or repository access takes place. From Infrastructure element we are talking about linking the endpoints, with Network Security i.e Firewall and authentication technologies. Can we expect the fast growth companies to address this complexity? Vendors need to innovate fast to simplify this piece and while each one needs to do its piece the key owners to this blueprint need to be security organizations as they have the culture to address risk.