Neil MacDonald

A member of the Gartner Blog Network

Archives for September, 2010


Building a Software Assurance Program

by Neil MacDonald  |  September 28, 2010  |  Comments Off

I work with clients daily on how to change their development (and procurement) processes to product more secure code. I wrote in this blog, that application security cannot be solved with technology alone, yet I still run into organizations trying to solve their application security problems with the purchase of a static or dynamic application […]

Comments Off

Category: Application Security     Tags: , , , ,

More Pressure on the Antivirus Vendors: Free AV for Midsize Enterprises

by Neil MacDonald  |  September 24, 2010  |  Comments Off

Microsoft Security Essentials (MSE) is a free consumer offering originally delivered to market in 2009 based on the same engine and anti-malware feeds that are used within Microsoft’s for-fee enterprise-oriented Forefront Endpoint Protection (FEP). I saw this announcement from Microsoft earlier in the week. From the announcement: For this reason, Microsoft is announcing that beginning […]

Comments Off

Category: Endpoint Protection Platform Microsoft Microsoft Security     Tags: , , , ,

Virtualizing IE6 Using Application Virtualization Violates Microsoft’s EULA?

by Neil MacDonald  |  September 22, 2010  |  11 Comments

Migrating from IE6 to IE8 is not easy because of legacy web-enabled applications that don’t render correctly on IE8 and vendors that are slow to officially support it. There are a variety of ways to virtualize IE6 to help with this issue, including using application virtualization tools. I originally wrote about the potential issues using […]

11 Comments »

Category: Microsoft Microsoft Security Virtualization     Tags: , , ,

Security Thought for Tuesday: Program Policies, not Infrastructure

by Neil MacDonald  |  September 21, 2010  |  Comments Off

I’m here at the midsized enterprise summit in San Antonio. Earlier today, I presented on the same theme I will be presenting on at Gartner’s US Fall Symposium – the evolution of information security to address the security needs of private and public cloud-based services. In addition to the virtualization of security controls, one of […]

Comments Off

Category: Cloud Security Next-generation Security Infrastructure Virtualization Virtualization Security     Tags: , , , , ,

Cloud Security Lessons from Google’s Internal Security Breach

by Neil MacDonald  |  September 16, 2010  |  6 Comments

Earlier this week, I saw this article describing a security breach by an internal Google employee where a site reliability engineer (now fired) had violated the privacy of multiple email accounts. From the article: Barksdale’s intrusion into Gmail and Gtalk accounts may have escaped notice, since SREs are responsible for troubleshooting issues on a constant […]

6 Comments »

Category: Cloud Cloud Security Next-generation Data Center Virtualization Security     Tags: , , , ,

How the Intel Acquisition of McAfee Could Make Sense

by Neil MacDonald  |  September 13, 2010  |  Comments Off

I was part of the Gartner team that published our First Take on the Intel acquisition of McAfee. Talking with financial analysts, there’s the immediate value of revenue diversification and McAfee’s gross margins are accretive to Intel. But there’s more here than meets the eye. I’ve been around the IT industry a while and there […]

Comments Off

Category: Beyond Anti-Virus Endpoint Protection Platform Information Security Next-generation Security Infrastructure Virtualization Security     Tags: , , , , , , , , ,

Why Stephen Elop Makes Sense for Nokia

by Neil MacDonald  |  September 10, 2010  |  1 Comment

Our mobile analysts are working on the official Gartner analysis of the announcement and I’ll link to this when it becomes available. As Gartner’s primary analyst on Microsoft, I interviewed Stephen at Gartner’s US Fall Symposium last fall. Over the past several years, I’ve gotten to know Stephen Elop pretty well. He is a great […]

1 Comment »

Category: General Technology Microsoft     Tags:

Thought for Thursday: Extending Whitelisting to Information Access

by Neil MacDonald  |  September 9, 2010  |  7 Comments

I’ve written multiple times on the power of whitelisting (default deny) for applications running on end-user workstations and servers. I am convinced that whitelisting should be foundational in our strategy for securing endpoints. So far, the application control vendors have focused on whitelisting what applications are allowed to run. This is straightforward in concept, but […]

7 Comments »

Category: Beyond Anti-Virus Endpoint Protection Platform Information Security     Tags: , , , , ,