Gartner Blog Network

Posts from Date:   2009-5

We Are Toast (II)

by Neil MacDonald  |  May 19, 2009

In a previous post, I discussed IBM’s latest X-Force malware report that showed a significant increase in disclosed web application vulnerabilities (one of those curves that is heading geometrically upwards). Here’s similarly sobering chart from the latest Symantec Internet Threat Report: In 2008, 63 percent of identified vulnerabilities affected Web applications. This is an increase […]

Read more »

Stop Paying for Anti-Spyware

by Neil MacDonald  |  May 18, 2009

I had a conversation with a client last week where their incumbent antivirus provider was trying to charge them separately for antispyware capabilities in addition to their antivirus solution. Sigh. I thought we put this issue to rest years ago. In 2005, I wrote ”How to Get Free Anti-spyware (or Antivirus) Protection” so I was […]

Read more »

Save a Million Dollars

by Neil MacDonald  |  May 13, 2009

Seriously. Rather than pay for an expensive custom support agreement for NT v4 or (soon) Windows 2000, why not just keep these older systems around? Ditto for OSs from other vendors that are (or will soon be) “out of support”. Are these systems vulnerable? Probably. But this is a fallacious argument. Even our supported systems […]

Read more »

Security No-Brainer #5: Security and Management Tools Need to Work Off of the Enterprise Network

by Neil MacDonald  |  May 11, 2009

In my last post, I talked about several impending inflection points for information security. One of them was: More than half of our employees spend the majority of their working hours connected to networks we don’t own and don’t control (airports, hotels, home, wireless, 3G and so on) This brings me to my fifth security […]

Read more »

Are You Ready for These Security Inflection Points?

by Neil MacDonald  |  May 7, 2009

As I discuss IT security strategies and future architectures with clients, there are several inflection points that I don’t think many organizations are prepared for. Are you ready for the point where: More non-employees access our systems and information than actual employees (To be clear – I’m not talking about consumer-facing websites, I’m talking about […]

Read more »

A Refreshing CIO Perspective on Information Security

by Neil MacDonald  |  May 4, 2009

I’m here at the Midsize Enterprise Summit in Miami, Florida and I had the opportunity to sit down and discuss security issues with several CIOs this afternoon. One of the CIOs had a number of questions on SharePoint security. They described the grass roots adoption of the technology in their organization as “phenomenal” (consistent with […]

Read more »

Security No-Brainer #4: EV-Certificates for ISVs

by Neil MacDonald  |  May 1, 2009

Let me summarize my security no-brainers to date: The first was in reference to a global, industry-wide effort to create a shareable, standards-based application whitelist database built directly from feeds from ISVs. The second was in reference to the use of whitelisting in the hypervisor/VMM (especially the “parent” or Dom0 partition) layer to prevent the […]

Read more »