Gartner Blog Network

Posts from Date:   2010-2

The Evolution of Cloud Security

by Neil MacDonald  |  February 25, 2010

I’ve researched virtualization security as it has evolved over the past several years, and I’ve come to the conclusion that Cloud Security (which is quite similar conceptually to virtualization security to begin with) will follow the same evolution: Phase I: Organizations are focused on how to use the Cloud securely. That’s pretty much where we […]

Read more »

It’s Time to Redefine DLP as Data Lifecycle Protection

by Neil MacDonald  |  February 24, 2010

The acronym DLP, Data Loss Prevention, is really just a subset of a broader issue better described as “Data Lifecycle Protection”. The latter is the real issue. The former is the symptom. Perhaps we should have two acronyms — “dlp” and “DLP” respectively? The important of the broader meaning of DLP and its issues hit […]

Read more »

Encryption Will be a Key Foundation for Cloud Security

by Neil MacDonald  |  February 22, 2010

Bad pun, but true. I originally talked about this in this post. Actually, the encryption itself is straightforward. It’s the management of keys that has to be done correctly. Hard ? Yes. Impossible? No. Will market forces provide workable solutions? Yes. The dollars in play are too great. Some of the emerging solutions will allow […]

Read more »

Virtualization Security Challenges the Status Quo

by Neil MacDonald  |  February 19, 2010

I’ve talked with several vendors over the past week that are considering the virtualization of their security controls for placement into a virtualized environment. There are multiple dimensions of how disruptive this change can be: 1) Business model changes and significantly lower pricing for users. Some of them sell hardware-based appliances and are grappling with […]

Read more »

A Downside to Hyper-V

by Neil MacDonald  |  February 11, 2010

In my post yesterday on MS10-015, I discussed a troublesome kernel-level vulnerability that affects most versions of Windows. Most of you will remember that Hyper-V’s parent partition is based on a slimmed down version of Windows called “Server Core”. Hmmm, could it be that the parent partition is affected? Yup, it’s affected. Don’t let the […]

Read more »

Microsoft’s Patch Tuesday – Watch This One

by Neil MacDonald  |  February 10, 2010

13 bulletins were released Tuesday as part of Microsoft’s regularly scheduled monthly security update cycle – five rated Critical, seven rated Important and one rated Moderate – to address 26 vulnerabilities in Windows and Microsoft Office. There are many vulnerabilities in this set that organizations should be aware of, but it was one of the […]

Read more »

Thought for Friday: The Two Sides of Application Security

by Neil MacDonald  |  February 5, 2010

One of my major areas of research is in application security, helping clients to change their development (and procurement!) processes to deliver more secure code. This is imperative. However, an equally important application security discussion must be had about how applications should consume security services within our organization. For example, do you have good answers […]

Read more »

This Just In: IPS is now DLP

by Neil MacDonald  |  February 4, 2010

Just program your IPS to look for credit card numbers (or similarly sensitive data) and presto, you now have content-aware DLP (well, a tiny piece of it at least). I’ve got vendors of antivirus solutions for SharePoint that can perform general expression pattern matching while they crawl the SharePoint content repository doing DLP. Seems everything […]

Read more »

Why Don’t Mobile Application Stores Require Security Testing?

by Neil MacDonald  |  February 3, 2010

As the number of mobile smartphones increases, as several platforms begin to dominate and as users begin to download lots of executable code, they will become targets for attack. Rather than repeat the mistakes of the PC world, why can’t we do things better from a security perspective this time around? So far, most mobile […]

Read more »