Gartner Blog Network

Showing results for "0":

SSL Is About As Useful As Dumbo’s Magic Feather, But Security Blankets Are Hard to Outgrow

by John Pescatore  |  September 22, 2011

Jim Crow: You wanna make the elephant fly, don’t ya? Well, you gotta use a lot of ‘chology. You know, *psy*-chology. Now here’s what you do. First, you’ll uh… Jim Crow: [all the crows whisper] Jim Crow: And then right after that, you’ll uh… [whispers continue] Jim Crow: [plucks a feather from the youngest crow’s […]

Read more »

Twelve Word Tuesday: Forcing Standard Cloud Processes on Custom Business Problems Leads to New Vulnerabilities

by John Pescatore  |  September 13, 2011

Square pegs jammed into round holes leads to leaks and exposures galore.

Read more »

Turning Penetration Testing Inside Out

by John Pescatore  |  August 3, 2011

Back in early late 1990’s and early 2000’s, penetration testing got a bad name. Mostly because there were a lot of ┬ásmall security consulting firms sprouting up and offering penetration tests for $500 or less, and these pen tests weren’t all that much different than what more established firms had charging tens of thousands of […]

Read more »

Has OWA Really Caused Any Owwies?

by John Pescatore  |  July 27, 2011

I’m spending a lot of time with Gartner clients as they try to address the risks of letting employees use employee-owned smartphones to access business email and business systems. We go through all the risks, but one question I always ask is “Do you support Outlook Web Access?” The answer is invariably yes. OWA has […]

Read more »

No Insurance Policy Ever Protected a Customer, and Lots of them Don’t Even Limit Business Risk

by John Pescatore  |  July 22, 2011

Sony has publicly stated that the direct costs in 2011 in dealing with their failure to protect PlayStation Network customer data will top $170M – and that doesn’t even count what they may end up paying out in settlements and the associated legal costs. Sony, of course, had insurance and expected that would bound how […]

Read more »

What You Hold In Your Hand Can Be a Lot More Secure Than What You Open on Your Lap

by John Pescatore  |  July 21, 2011

From a security perspective, Blackberries and iPhones are lightyears ahead in security compared to a Windows laptop. ┬áRim and Apple have had the advantage of controlling both the hardware and the operating systems, where Windows grew up in a time where the mantra was the OS had to run on any commodity hardware that met […]

Read more »

The Perimeter Persists Because Infrastructure is Never Good at Protecting Infrastructure

by John Pescatore  |  July 14, 2011

Much the opposite of Generalissimo Francisco Franco, the perimeter is nowhere near dead. Mainly because it makes good business sense, even if it does not make for good PhD theses. Years ago the laptop was supposed to mean the perimeter was dead. Nope, we put a piece of the perimeter (firewall) on the laptop, required […]

Read more »

Still in Denial About Denial of Service?

by John Pescatore  |  July 13, 2011

Thirty five years ago today I was working at my summer job at JFK airport in New York and all the lights went out – only the control towers were lit, a very eerie sight from a truck driving around the tarmac. This was the great Northeast blackout of 1977. There have been a number […]

Read more »

Vacation Checklist: Put Lights on Timer, Hire Petsitter, Feed Facebook?

by John Pescatore  |  July 7, 2011

One of the major aspects of the advanced threats that are getting past “check the box” defenses these days is the level of targeting – these aren’t your grandfather’s worms that are succeeding today. There have been many attacks targeting CXOs that appear to have done research on social media to personalize phishing email and […]

Read more »

Au Revoir to Computer Security Pioneer Robert Morris

by John Pescatore  |  June 30, 2011

The New York Times has an obituary for Robert Morris. Morris was one of the smartest guys around in computer security. He is more well known for being the father of Robert Morris junior, who launched the Morris Worm back in 1988 – still the high water mark for percentage of the Internet taken down […]

Read more »