Gartner Blog Network

Posts from Date:   2009-12

Doing Things Better With Virtualization

by Neil MacDonald  |  December 22, 2009

As I talked about in this post, virtualization will offer new and interesting ways to improve security. VM state inspection (or “Introspection”) is one of the ways that this will happen. For clients, I talk about the transformative opportunities using virtualization and introspection techniques in these two research notes from 2008 – the first research […]

Read more »

Virtualization Security Assessments

by Neil MacDonald  |  December 21, 2009

One of my frequent blogging topics is virtualization security. I’ve researched the issue for years and have watched the industry and enterprises deploying virtualization mature in their processes and tools. One area of interest from clients is for external third parties to come into an organization and assess the security of the enterprise’s virtualization deployment. […]

Read more »

No Security (or Management) Controls are Absolute When Users run as Administrators

by Neil MacDonald  |  December 17, 2009

I had a discussion with a client this week on their desktop security strategy. They had ruled one vendor out because the vendor wouldn’t guarantee their security agent couldn’t be disabled by end-users running as administrators (ideally, we’d run all users with ‘standard user’ privileges and not with administrative rights, but there are reasons why […]

Read more »

Identity-Awareness Should be a Feature, not a Product

by Neil MacDonald  |  December 16, 2009

I’ve been absent from my normal blogging routine during the month of November attending various Gartner conferences and onsite visits with clients. With travel slowing down for the holidays, there are a few posts that I’ve been meaning to get around to that I’ll tackle. Back in late August/September, I saw that yet another network access control […]

Read more »