Entries Categorized as 'Cloud'
by Neil MacDonald | November 5, 2012 | 2 Comments
I still see people getting bogged down in rather meaningless arguments as to whether or not firewalls will be virtualized. They will (and, in fact, are). The bigger trend is the shift from proprietary hardware to software running on commodity hardware (in almost all cases, x86). That’s the big shift. Whether or not a given [...]
Category: Cloud Cloud Security Next-generation Security Infrastructure Virtualization Virtualization Security Tags: Adaptive Security Infrastucture, Best Practices, Defense-in-Depth, Next-generation Security Infrastructure, Software Defined Security, Virtual Appliances, Virtualization Security, VMware
by Neil MacDonald | May 25, 2012 | 4 Comments
One of the common misconceptions that I run into is that a public cloud services provider can’t have an on-premises element to their offering and that having this footprint somehow “breaks” the cloud model. The root of this misconception lies in equating cloud to a location. Cloud is a computing style, not a location. There [...]
Category: Cloud Cloud Security Tags: Cloud Security, Virtual Appliances
by Neil MacDonald | March 31, 2012 | 7 Comments
In multiple Gartner surveys, security is cited as the number one inhibitor to the adoption of Cloud-based computing. Many IT professionals have a preconceived notion that cloud computing will be less secure than what they can deliver themselves on premises. This is a mistake. An absolute statement that cloud computing will be less secure is [...]
Category: Cloud Cloud Security Next-generation Security Infrastructure Tags: Cloud Security, DC-Summit-NA, GartnerDC, Information Security, Next-generation Security Infrastructure, Security-Summit-NA
by Neil MacDonald | February 3, 2012 | 1 Comment
I’ve blogged before about advanced threats that easily bypass our traditional protection mechanisms and reside undetected for extended periods of time on our systems. On one of the panels I moderated on APTs, Dave Merkel from Mandiant put it best. “You are compromised, get over it”. Others in the US Government have come to the [...]
Category: Application Security Beyond Anti-Virus Cloud Cloud Security Next-generation Security Infrastructure Security Intelligence Tags: Adaptive Security Infrastucture, Application Security, Best Practices, Beyond Anti-Virus, Cloud Security, Context-aware Security, DC-Summit-NA, Defense-in-Depth, DevOpsSec, Next-generation Security Infrastructure
by Neil MacDonald | January 4, 2012 | 1 Comment
We’ve just published a new Magic Quadrant for Dynamic Application Security Testing (DAST) for Gartner clients. In Gartner research, we use the term DAST to refer to testing solutions and techniques that are designed to test an application from the “outside in” to detect conditions indicative of a security vulnerability in an application in its [...]
Category: Application Security Applications Cloud Cloud Security Tags: Application Security, application security testing tools, Cloud Security
by Neil MacDonald | December 9, 2011 | 1 Comment
I’m just back from Gartner’s US 2011 Data Center Summit held this week in Las Vegas. In my previous post, I talked about information security vendor’s concerns on the potential impact of the Eurozone crisis on information security spending. Here, I want to outline the top security-related issues and concerns that I discussed with attendees [...]
Category: Cloud Cloud Security Next-generation Data Center Next-generation Security Infrastructure Virtualization Virtualization Security Tags: Cloud Security, GartnerDC, Hypervisor Security, Information Security, Next-generation Data Center, Next-generation Security Infrastructure, Virtualization Security, vShield
by Neil MacDonald | October 24, 2011 | 1 Comment
Last week I attended Gartner’s US Symposium conference in Orlando. With 8,000+ attendees (25% of which were CIOs) and at least 1,000 more analysts, vendors and support staff, you can imagine it was quite a scene. In addition to three presentations, I had more than 30 fantastic one on ones with attendees over the four [...]
Category: Application Security Beyond Anti-Virus Cloud Cloud Security Information Security Microsoft Security Next-generation Security Infrastructure Virtualization Virtualization Security Tags: Adaptive Security Infrastucture, Beyond Anti-Virus, Cloud Security, Context-aware Security, DC-Summit-NA, Endpoint Protection Platform, Information Security, Microsoft Security, symposium, Virtualization Security
by Neil MacDonald | August 24, 2011 | 1 Comment
As I research into the future of adaptive security infrastructure, I am convinced that the future of information security lies in software, not hardware. If you think about it for a bit, most of information security policy enforcement is in the form of software already – it’s just embodied (entombed?) in physical hardware. Unfortunately, the [...]
Category: Cloud Cloud Security Next-generation Security Infrastructure Virtualization Security Tags: Adaptive Security Infrastucture, Cloud Security, Context-aware Security, Next-generation Data Center, Next-generation Security Infrastructure, Virtual Appliances, Virtualization Security
by Neil MacDonald | July 15, 2011 | Comments Off
1) Treating Cloud as one thing. At a minimum, clarify whether you are talking about SaaS, PaaS, or IaaS – and whether you are talking about public or private cloud implementations. 2) Assuming Cloud always means Public Cloud Cloud is a computing style, not a location. 3) Citing Security as the number one issue to [...]
Category: Cloud Cloud Security Virtualization Virtualization Security Tags: Cloud Security, Next-generation Data Center
by Neil MacDonald | May 31, 2011 | 3 Comments
The term “trust” is too binary for the world of business and IT we are moving into. Trust sounds black and white / all or nothing. Either I trust you or I don’t. The reality is far more complex and a world of information security decisions based on shades of grey, not black and white. [...]
Category: Cloud Cloud Security Next-generation Security Infrastructure Tags: Adaptive Security Infrastucture, Cloud Security, Context-aware Security, Information Security, Security-Summit-NA
