Entries Categorized as 'Cloud'
by Neil MacDonald | February 3, 2012 | 1 Comment
I’ve blogged before about advanced threats that easily bypass our traditional protection mechanisms and reside undetected for extended periods of time on our systems. On one of the panels I moderated on APTs, Dave Merkel from Mandiant put it best. “You are compromised, get over it”. Others in the US Government have come to the [...]
Category: Application Security Beyond Anti-Virus Cloud Cloud Security Next-generation Security Infrastructure Security Intelligence Tags: Adaptive Security Infrastucture, Application Security, Best Practices, Beyond Anti-Virus, Cloud Security, Context-aware Security, DC-Summit-NA, Defense-in-Depth, DevOpsSec, Next-generation Security Infrastructure
by Neil MacDonald | January 4, 2012 | 1 Comment
We’ve just published a new Magic Quadrant for Dynamic Application Security Testing (DAST) for Gartner clients. In Gartner research, we use the term DAST to refer to testing solutions and techniques that are designed to test an application from the “outside in” to detect conditions indicative of a security vulnerability in an application in its [...]
Category: Application Security Applications Cloud Cloud Security Tags: Application Security, application security testing tools, Cloud Security
by Neil MacDonald | December 9, 2011 | 1 Comment
I’m just back from Gartner’s US 2011 Data Center Summit held this week in Las Vegas. In my previous post, I talked about information security vendor’s concerns on the potential impact of the Eurozone crisis on information security spending. Here, I want to outline the top security-related issues and concerns that I discussed with attendees [...]
Category: Cloud Cloud Security Next-generation Data Center Next-generation Security Infrastructure Virtualization Virtualization Security Tags: Cloud Security, GartnerDC, Hypervisor Security, Information Security, Next-generation Data Center, Next-generation Security Infrastructure, Virtualization Security, vShield
by Neil MacDonald | October 24, 2011 | 1 Comment
Last week I attended Gartner’s US Symposium conference in Orlando. With 8,000+ attendees (25% of which were CIOs) and at least 1,000 more analysts, vendors and support staff, you can imagine it was quite a scene. In addition to three presentations, I had more than 30 fantastic one on ones with attendees over the four [...]
Category: Application Security Beyond Anti-Virus Cloud Cloud Security Information Security Microsoft Security Next-generation Security Infrastructure Virtualization Virtualization Security Tags: Adaptive Security Infrastucture, Beyond Anti-Virus, Cloud Security, Context-aware Security, DC-Summit-NA, Endpoint Protection Platform, Information Security, Microsoft Security, symposium, Virtualization Security
by Neil MacDonald | August 24, 2011 | 1 Comment
As I research into the future of adaptive security infrastructure, I am convinced that the future of information security lies in software, not hardware. If you think about it for a bit, most of information security policy enforcement is in the form of software already – it’s just embodied (entombed?) in physical hardware. Unfortunately, the [...]
Category: Cloud Cloud Security Next-generation Security Infrastructure Virtualization Security Tags: Adaptive Security Infrastucture, Cloud Security, Context-aware Security, Next-generation Data Center, Next-generation Security Infrastructure, Virtual Appliances, Virtualization Security
by Neil MacDonald | July 15, 2011 | Comments Off
1) Treating Cloud as one thing. At a minimum, clarify whether you are talking about SaaS, PaaS, or IaaS – and whether you are talking about public or private cloud implementations. 2) Assuming Cloud always means Public Cloud Cloud is a computing style, not a location. 3) Citing Security as the number one issue to [...]
Category: Cloud Cloud Security Virtualization Virtualization Security Tags: Cloud Security, Next-generation Data Center
by Neil MacDonald | May 31, 2011 | 3 Comments
The term “trust” is too binary for the world of business and IT we are moving into. Trust sounds black and white / all or nothing. Either I trust you or I don’t. The reality is far more complex and a world of information security decisions based on shades of grey, not black and white. [...]
Category: Cloud Cloud Security Next-generation Security Infrastructure Tags: Adaptive Security Infrastucture, Cloud Security, Context-aware Security, Information Security, Security-Summit-NA
by Neil MacDonald | May 24, 2011 | Comments Off
I’m attending Symantec’s worldwide analyst conference in New York City today (24 May 2011). Symantec’s CEO, Enrique Salem, kicked off the morning with a discussion of Symantec’s role in the changing world of IT and information security. Enrique called out five megatrends that are challenging our preconceptions about the role of IT and information security: [...]
Category: Cloud Cloud Security Information Security Next-generation Security Infrastructure Virtualization Virtualization Security Tags: Cloud Security, Information Security, Next-generation Data Center, Next-generation Security Infrastructure, Security-Summit-NA, Virtualization Security
by Neil MacDonald | May 23, 2011 | 2 Comments
There’s been a bunch of highly publicized attacks recently. Each one has a major lesson for information security. 1) Barracuda’s breach Major lesson: Test all of your web-enabled applications for vulnerabilities as a part of the ongoing application development and change process. This was the root cause of the breach. Minor lesson: Web application firewalls [...]
Category: Application Security Cloud Cloud Security Information Security Tags: application security testing tools, Best Practices, Cloud Security, Defense-in-Depth, Information Security, Security-Summit-NA
by Neil MacDonald | May 12, 2011 | Comments Off
I was a part of a discussion among Gartner analysts recently debating the implications of a Cloud SaaS provider that had moved their legacy application to the Cloud and was now offering it as a service. Because the application wasn’t “cloud-native” and was designed to be deployed on-premises, the vendor stated that there was a [...]
Category: Cloud Cloud Security Tags: Cloud Security, Security-Summit-NA
