Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

It’s Time for Security to Ascend

by Neil MacDonald  |  August 24, 2011  |  1 Comment

As I research into the future of adaptive security infrastructure, I am convinced that the future of information security lies in software, not hardware.

If you think about it for a bit, most of information security policy enforcement is in the form of software already – it’s just embodied (entombed?) in physical hardware.

Unfortunately, the rigidity of hardware slows down our ability to support rapidly changing computing environments. As data centers are increasingly virtualized, as users become more mobile and as organizations increasingly adopt public cloud-based services, security controls must shed their physical shackles and exist as software-based enforcement points that can be placed when and where needed.

If you are a science fiction fan, it’s kinda like “ascension” – as intelligent species evolved they shed their physical bodies and exist as pure energy – like this example in StarGate (and I’m sure there are many other examples). As described in the StarGate Wiki:

Ascension is a process that allows beings to be able to separate from their physical bodies and to live eternally as pure energy in a superior plane with greater amount of knowledge and power. It can be a mental, spiritual or evolutionary process—a direct result of obtaining a certain level of wisdom and knowledge

Superior plane? More knowledge? Wisdom? Bring this to information security! OK, so the analogy may be a stretch.

Regardless, the future of information security is a set of context-aware, software-based security policy enforcement points that can be placed when and where needed within a virtualized or cloud-based computing architecture. Depending on the context, there may be a need to embody the control in hardware, at other times as a virtual appliance in my own data center and in other situations as a cloud-based service provided by someone else. Supporting hybrid scenarios will be an absolute requirement.

Even when embodied in hardware, many architectures are shifting to x86 based hardware foundations with proprietary hardware typically only required for encryption offload and even here, the latest Intel chipsets support encryption instruction acceleration.

The core value proposition and differentiation of security vendors will come from their software, not hardware, and their ability to use context to support dynamic computing models with adaptive security policies that can adjust in real-time as users and devices move between on-premises and cloud-based services.

1 Comment »

Category: Cloud Cloud Security Next-generation Security Infrastructure Virtualization Security     Tags: , , , , , ,

1 response so far ↓

  • 1 Margaret Dawson   August 25, 2011 at 4:36 pm

    Leave it to you to give a StarGate analogy!! Love it. But I also agree completely. The future of IT is in the data and how we access, store and secure that information easily across on-premise and cloud environments. Security must be inherent to the information and around access controls not contingent upon either the hardware or the environment in which it sits.