Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

Cisco Announces SecureX and Embraces Context-Aware Security

by Neil MacDonald  |  February 17, 2011  |  Comments Off

I’m here at the RSA conference in San Francisco this week and attended the keynote yesterday afternoon given by Tom Gillis of Cisco.

Although full details of the new SecureX architecture weren’t given, context-awareness was the lead message. I’ve been talking about the need for context-aware and adaptive security for quite a while.

In this research note for clients “The Future of Information Security is Context-Aware and Adaptive”, I stated:

Rapidly changing business and threat environments, as well as user demands, are stressing static security policy enforcement models. Information security infrastructure must become adaptive by incorporating additional context at the point when a security decision is made, and we are already seeing signs of this transformation. Network security solutions are evolving to incorporate “application awareness” and “identity awareness” into their offerings. Information protection solutions are evolving to deliver “content awareness.” Application, identity and content awareness are all part of the same underlying shift to incorporate more context at the point when a security policy enforcement decision is made. To enable faster and more-accurate assessments of whether a given action should be allowed or denied, we must incorporate more real-time context information at the point when a security decision is made.

And this strategic planning assumption:

By 2015, 90% of enterprise security solutions deployed will be context aware.

Why context? In a world where increasingly IT doesn’t own key elements of the IT stack (consumerization, cloud computing and so on), security decisions that used to be based on outdated “black and white” notions of ownership and control are replaced by decisions that are more akin to “shades of grey”. More context at the point an information security decision is made leads to better information security decision making (prioritized, risk-based, and so on).

Context-awareness is also a key element of next-generation security architectures capable of supporting private and public cloud computing environments.

For clients, I’ve got an entire presentation I gave on the topic of context-aware and adaptive security from Gartner’s 2010 US Fall Symposium that I’ll be glad to send you. I will also be giving an updated version at Gartner’s 2011 Information Security Summit in Washington DC. I hope to see you there.

Comments Off

Category: Cloud Security Next-generation Security Infrastructure Virtualization Security     Tags: , ,