Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Yes, Cloud Offerings Can Have an On-Premises Element

by Neil MacDonald  |  May 25, 2012

One of the common misconceptions that I run into is that a public cloud services provider can’t have an on-premises element to their offering and that having this footprint somehow “breaks” the cloud model. The root of this misconception lies in equating cloud to a location. Cloud is a computing style, not a location. There […]

Read more »

Information Security and Big Data–Hype or Hope?

by Neil MacDonald  |  May 22, 2012

I been a proponent of the use of big data analytics techniques being applied to the next-generation of information security problems. Is there bound to be hype? Absolutely. That’s why Gartner publishes a large number of technology hype cycles each year. Technologies invariably get overhyped, fall into the “Trough of Disillusionment” and ultimately assume an […]

Read more »

Getting Ready for Gartner’s 2012 Infrastructure & Operations and Information Security Summits

by Neil MacDonald  |  May 21, 2012

I’ve been absent from my typical blogging routine getting my material finalized for two Gartner upcoming US-based summits in June 2012. The first is Gartner’s Infrastructure and Operations Management Summit being held in Orlando the week of June 4th. This conference is focused on infrastructure and operations solutions for managing desktops, servers, and mobile devices […]

Read more »

Cloud Computing can be More Secure

by Neil MacDonald  |  March 31, 2012

In multiple Gartner surveys, security is cited as the number one inhibitor to the adoption of Cloud-based computing. Many IT professionals have a preconceived notion that cloud computing will be less secure than what they can deliver themselves on premises. This is a mistake. An absolute statement that cloud computing will be less secure is […]

Read more »

Intrusion Prevention Systems? We Need Intrusion Resilient Systems

by Neil MacDonald  |  February 3, 2012

I’ve blogged before about advanced threats that easily bypass our traditional protection mechanisms and reside undetected for extended periods of time on our systems. On one of the panels I moderated on APTs, Dave Merkel from Mandiant put it best. “You are compromised, get over it”. Others in the US Government have come to the […]

Read more »

Interactive Application Security Testing

by Neil MacDonald  |  January 30, 2012

Dynamic Application Security Testing (DAST) solutions test applications from the “outside in” to detect security vulnerabilities. In contrast, Static Application Security Testing (SAST) solutions test applications from the “inside out” by looking a source code, byte code or binaries. Both approaches have their pros and cons and, until recently, the market for these tools has […]

Read more »

DevOps Needs to Become DevOpsSec

by Neil MacDonald  |  January 17, 2012

DevOps seeks to bridge the development and operations divide through the establishment of a culture of trust and shared interest among individuals in these previously siloed organizations. However, this vision is incomplete without the incorporation of information security, which represents yet another silo in IT. Breakdowns in communications and processes across development, operations and security […]

Read more »

Link Web Application Firewalls to Dynamic Application SecurityTesting Tools

by Neil MacDonald  |  January 9, 2012

I called this a “security no brainer” years ago and the advice is absolutely still relevant today. In Gartner’s latest Magic Quadrant for Dynamic Application Security Testing (DAST) solutions for clients, one of the evaluation criteria we looked at was whether or not the vulnerability knowledge of the DAST solution could be exported and used […]

Read more »

The Market for Dynamic Application Security Testing is Anything but Static

by Neil MacDonald  |  January 4, 2012

We’ve just published a new Magic Quadrant for Dynamic Application Security Testing (DAST) for Gartner clients. In Gartner research, we use the term DAST to refer to testing solutions and techniques that are designed to test an application from the “outside in” to detect conditions indicative of a security vulnerability in an application in its […]

Read more »

Security Observations from Gartner’s Data Center Summit

by Neil MacDonald  |  December 9, 2011

I’m just back from Gartner’s US 2011 Data Center Summit held this week in Las Vegas. In my previous post, I talked about information security vendor’s concerns on the potential impact of the Eurozone crisis on information security spending. Here, I want to outline the top security-related  issues and concerns that I discussed with attendees […]

Read more »