I’m here at the RSA conference in San Francisco this week and attended the keynote yesterday afternoon given by Tom Gillis of Cisco.
Although full details of the new SecureX architecture weren’t given, context-awareness was the lead message. I’ve been talking about the need for context-aware and adaptive security for quite a while.
In this research note for clients “The Future of Information Security is Context-Aware and Adaptive”, I stated:
Rapidly changing business and threat environments, as well as user demands, are stressing static security policy enforcement models. Information security infrastructure must become adaptive by incorporating additional context at the point when a security decision is made, and we are already seeing signs of this transformation. Network security solutions are evolving to incorporate “application awareness” and “identity awareness” into their offerings. Information protection solutions are evolving to deliver “content awareness.” Application, identity and content awareness are all part of the same underlying shift to incorporate more context at the point when a security policy enforcement decision is made. To enable faster and more-accurate assessments of whether a given action should be allowed or denied, we must incorporate more real-time context information at the point when a security decision is made.
And this strategic planning assumption:
By 2015, 90% of enterprise security solutions deployed will be context aware.
Why context? In a world where increasingly IT doesn’t own key elements of the IT stack (consumerization, cloud computing and so on), security decisions that used to be based on outdated “black and white” notions of ownership and control are replaced by decisions that are more akin to “shades of grey”. More context at the point an information security decision is made leads to better information security decision making (prioritized, risk-based, and so on).
Context-awareness is also a key element of next-generation security architectures capable of supporting private and public cloud computing environments.
For clients, I’ve got an entire presentation I gave on the topic of context-aware and adaptive security from Gartner’s 2010 US Fall Symposium that I’ll be glad to send you. I will also be giving an updated version at Gartner’s 2011 Information Security Summit in Washington DC. I hope to see you there.