Neil MacDonald

A member of the Gartner Blog Network

Archives for July, 2009


Security Thought for Thursday: Information is Like Inventory

by Neil MacDonald  |  July 30, 2009  |  1 Comment

It is an asset It represents potential (revenue) for our organization Sitting idle and locked in a warehouse, its potential is wasted Its value typically diminishes over time Why aren’t we laser-focused on putting information in motion to the people that need it, when and where they need it? “Locking down” information has never been [...]

1 Comment »

Category: Information Security     Tags:

IBM Acquires Ounce Labs

by Neil MacDonald  |  July 28, 2009  |  Comments Off

Our full analysis of the acquisition will be published for clients shortly along with advice for customers of Ounce Labs and IBM’s Rational software offerings. IBM acquired a leading dynamic application security testing tool with Watchfire in 2007. With the acquisition of Ounce announced today, IBM adds a lesser known (smaller, but still positioned as [...]

Comments Off

Category: Application Security     Tags: ,

From the Gartner Information Security Summit on SharePoint Security

by Neil MacDonald  |  July 27, 2009  |  2 Comments

We had a crowd of several hundred people for my presentation on SharePoint security at the recent Gartner Information Security Summit. It’s pretty much as I suspected – just like virtualization projects where security tends to be an afterthought (if considered at all), SharePoint deployments are pretty much following the same course. When I polled [...]

2 Comments »

Category: SharePoint Security     Tags: , , ,

Byte Code Analysis is not the Same as Binary Analysis

by Neil MacDonald  |  July 24, 2009  |  5 Comments

I’ve posted many times on the importance of application security. Recently, my colleague Joseph Feiman and I published a magic quadrant for static application security testing tools – rating the vendors and tools that analyze an application from the “inside out” looking for coding conditions indicative of a security vulnerability. In the research we describe [...]

5 Comments »

Category: Application Security     Tags: ,

Security Thought for Thursday: It Shouldn’t Matter Where Your Data Is

by Neil MacDonald  |  July 23, 2009  |  6 Comments

When data is encrypted, the location of the data doesn’t matter (including in the Cloud). The location and management of the decryption keys is what matters.

6 Comments »

Category: Next-generation Security Infrastructure     Tags: ,

My Positive Experience With Bing

by Neil MacDonald  |  July 22, 2009  |  Comments Off

I’m just back from a vacation after the Gartner Information Security Summit. More on that later. While on the trip, twice I had a better experience with Microsoft’s Bing search than with Google search. Both times, I has a specific goal in mind: find a hotel for the family (with three children!) with an indoor [...]

Comments Off

Category: General Technology     Tags:

Security No-Brainer #7: If You Have Intellectual Property Embedded in Software, Protect it.

by Neil MacDonald  |  July 7, 2009  |  5 Comments

I saw this in an article today on Bloomerberg: July 7 (Bloomberg) — Goldman Sachs Group Inc. may lose its investment in a proprietary trading code and millions of dollars from increased competition if software allegedly stolen by a former employee gets into the wrong hands, a prosecutor said. Full details of the theft were [...]

5 Comments »

Category: Application Security     Tags: ,