Neil MacDonald

A member of the Gartner Blog Network

Entries Tagged as 'Security-Summit-NA'


DevOps Needs to Become DevOpsSec

by Neil MacDonald  |  January 17, 2012  |  Comments Off

DevOps seeks to bridge the development and operations divide through the establishment of a culture of trust and shared interest among individuals in these previously siloed organizations. However, this vision is incomplete without the incorporation of information security, which represents yet another silo in IT. Breakdowns in communications and processes across development, operations and security [...]

Comments Off

Category: Application Security Next-generation Security Infrastructure     Tags: , , , , , ,

Sand Castles and Advanced Persistent Threats

by Neil MacDonald  |  July 11, 2011  |  Comments Off

I’ve been absent from blogging for 2 weeks – first we had the Gartner Information Security Summit in DC and then I took some time off for a much-needed vacation. We spent some time at Hilton Head Island in South Carolina. They’ve got a pretty amazing flat beach where the difference between high tide and [...]

Comments Off

Category: Beyond Anti-Virus Information Security Next-generation Security Infrastructure     Tags: , , , , , ,

Real-world Systematic Workload Reprovisioning

by Neil MacDonald  |  June 23, 2011  |  Comments Off

I’m here at the Gartner Information Security summit on the fourth and final day. We had a record number of attendees – at least 1700 by my estimate. Attendees have the ability to book one on one conversations with the analysts and my schedule was completely full. One of the conversations with a client was [...]

Comments Off

Category: Information Security Next-generation Security Infrastructure Virtualization     Tags: , , , , , , ,

Don’t Trust Your Servers

by Neil MacDonald  |  June 17, 2011  |  3 Comments

One of the toughest problems in information security is addressing advanced intrusions that have bypassed traditional security controls and now reside undetected on enterprise systems. With financially motivated attacks and state-sponsored “advanced persistent threats” both on the rise, intrusions can remain undetectable for extended periods of time. We have reached a point where our systems [...]

3 Comments »

Category: Beyond Anti-Virus Next-generation Security Infrastructure Virtualization Virtualization Security     Tags: , , , , , , , ,

Improving Security by Killing Server and Desktop Workloads

by Neil MacDonald  |  June 16, 2011  |  Comments Off

It sounds counterintuitive, but today’s advanced threat environment requires new approaches to the ongoing security and management of server and desktop workloads. The trouble with Advanced Persistent Threats is that, by definition, they have evaded our traditional network and endpoint security controls and now reside undetected in our IT Systems. How many advanced intrusions will [...]

Comments Off

Category: Beyond Anti-Virus Next-generation Security Infrastructure Virtualization Virtualization Security     Tags: , , , , , , ,

Some Thoughts on RSA SecurID Risk

by Neil MacDonald  |  June 9, 2011  |  1 Comment

On 3 June 2011, RSA, the Security Division of EMC, confirmed that Lockheed Martin had proof that hackers attacked its network partly by using data stolen in a March 2011 attack on RSA. Subsequently, on 6 June 2011, RSA announced a program to replace customers’ RSA SecurID one-time password (OTP) authentication product tokens We’ve updated [...]

1 Comment »

Category: Application Security Endpoint Protection Platform Information Security     Tags: , , , ,

Forget Trust, Think “Trustability”

by Neil MacDonald  |  May 31, 2011  |  3 Comments

The term “trust” is too binary for the world of business and IT we are moving into. Trust sounds black and white / all or nothing. Either I trust you or I don’t. The reality is far more complex and a world of information security decisions based on shades of grey, not black and white. [...]

3 Comments »

Category: Cloud Cloud Security Next-generation Security Infrastructure     Tags: , , , ,

Redefining IT and Information Security: Symantec’s Industry Analyst Conference

by Neil MacDonald  |  May 24, 2011  |  Comments Off

I’m attending Symantec’s worldwide analyst conference in New York City today (24 May 2011). Symantec’s CEO, Enrique Salem, kicked off the morning with a discussion of Symantec’s role in the changing world of IT and information security. Enrique called out five megatrends that are challenging our preconceptions about the role of IT and information security: [...]

Comments Off

Category: Cloud Cloud Security Information Security Next-generation Security Infrastructure Virtualization Virtualization Security     Tags: , , , , ,

Four Security Breaches, Four Security Lessons

by Neil MacDonald  |  May 23, 2011  |  2 Comments

There’s been a bunch of highly publicized attacks recently. Each one has a major lesson for information security. 1) Barracuda’s breach Major lesson: Test all of your web-enabled applications for vulnerabilities as a part of the ongoing application development and change process. This was the root cause of the breach. Minor lesson: Web application firewalls [...]

2 Comments »

Category: Application Security Cloud Cloud Security Information Security     Tags: , , , , ,

IT Operations and Security Convergence? Not Really.

by Neil MacDonald  |  May 17, 2011  |  1 Comment

I’m having lots of discussions with clients on Microsoft’s new Forefront Endpoint Protection offering that was released in December of 2010. In addition to recent licensing changes, the biggest change over the pervious release (formerly called Forefront Client Security) is the change out of the management, policy and reporting infrastructure underneath to be based on [...]

1 Comment »

Category: Beyond Anti-Virus Endpoint Protection Platform Information Security     Tags: , , , , , , ,