Gartner Blog Network

The Future of Information Security is Context-Aware and Adaptive

by Neil MacDonald  |  May 15, 2010  |  Comments Off

In previous posts, I talked about the need for information security to become more adaptive – adaptive to changes in the threat environment and adaptive to changes in the business and regulatory environment. This is the subject of my ongoing research project on Adaptive Security Infrastructure as a Gartner Fellow.

I’ve also discussed how the move to virtualization and cloud computing forces security policy to move “up the stack” to policies defined on higher level attributes and context – such as the application being run, the identity/group/role of the entity making the request and the content being handled.

Most of today’s security infrastructure is static — enforcing policies defined in advance in environments where IT infrastructure and business relationships are relatively static. This will simply not scale to effectively support an environment that is highly dynamic, multisourced and virtualized, and where consumer-oriented IT is increasingly used in lieu of enterprise-owned and provisioned systems.

I see some progress in addressing these requirements from the security vendors, Different security vendors playing in different security silos add agility by coming at the problem from different angles. For example, some are adding “application-awareness”, some are adding “identity-awareness” and others are adding “content-awareness”.

The most visionary are adding all three – and more.

I’ll argue all of these are part of the broader shift to make security infrastructure more context-aware and adaptive. And, we are just getting started. There’s more to context-aware security than just adding identity, application and content awareness. For clients. I discuss the evolution of this concept in detail in this research note that was just published: The Future of Information Security is Context-Aware and Adaptive.

Category: next-generation-data-center  next-generation-security-infrastructure  virtualization-security  

Tags: adaptive-security-infrastucture  next-generation-security-infrastructure  virtualization-security  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.