Neil MacDonald

A member of the Gartner Blog Network

Archives for July, 2011


The Key to Successful Application Control is not to Control Applications

by Neil MacDonald  |  July 19, 2011  |  5 Comments

Counterintuitive? Yup. I’ve worked with hundreds of clients on the design and implementation of application control (whitelisting) solutions. The key to a successful application control implementation is *not* have to manually manage the whitelist on an application-by-application basis. Our goal should be to identify and approve how trust propagates to files on a system and [...]

5 Comments »

Category: Virtualization Security     Tags:

Seven Cloud Computing Pet Peeves

by Neil MacDonald  |  July 15, 2011  |  Comments Off

1) Treating Cloud as one thing. At a minimum, clarify whether you are talking about SaaS, PaaS, or IaaS – and whether you are talking about public or private cloud implementations. 2) Assuming Cloud always means Public Cloud Cloud is a computing style, not a location. 3) Citing Security as the number one issue to [...]

Comments Off

Category: Cloud Cloud Security Virtualization Virtualization Security     Tags: ,

Security Thought for Thursday: We are Overspending on Traditional Security Controls

by Neil MacDonald  |  July 14, 2011  |  Comments Off

We can’t secure everything equally, nor does everything need to be equally secured. What we need is a context-aware, risk-based view of where to focus our efforts where part of the context is the business value and sensitivity of the asset we are protecting.

Comments Off

Category: Information Security Security Intelligence     Tags: ,

Sand Castles and Advanced Persistent Threats

by Neil MacDonald  |  July 11, 2011  |  Comments Off

I’ve been absent from blogging for 2 weeks – first we had the Gartner Information Security Summit in DC and then I took some time off for a much-needed vacation. We spent some time at Hilton Head Island in South Carolina. They’ve got a pretty amazing flat beach where the difference between high tide and [...]

Comments Off

Category: Beyond Anti-Virus Information Security Next-generation Security Infrastructure     Tags: , , , , , ,