Gartner Blog Network

Posts from Date:   2010-9

Building a Software Assurance Program

by Neil MacDonald  |  September 28, 2010

I work with clients daily on how to change their development (and procurement) processes to product more secure code. I wrote in this blog, that application security cannot be solved with technology alone, yet I still run into organizations trying to solve their application security problems with the purchase of a static or dynamic application […]

Read more »

More Pressure on the Antivirus Vendors: Free AV for Midsize Enterprises

by Neil MacDonald  |  September 24, 2010

Microsoft Security Essentials (MSE) is a free consumer offering originally delivered to market in 2009 based on the same engine and anti-malware feeds that are used within Microsoft’s for-fee enterprise-oriented Forefront Endpoint Protection (FEP). I saw this announcement from Microsoft earlier in the week. From the announcement: For this reason, Microsoft is announcing that beginning […]

Read more »

Virtualizing IE6 Using Application Virtualization Violates Microsoft’s EULA?

by Neil MacDonald  |  September 22, 2010

Migrating from IE6 to IE8 is not easy because of legacy web-enabled applications that don’t render correctly on IE8 and vendors that are slow to officially support it. There are a variety of ways to virtualize IE6 to help with this issue, including using application virtualization tools. I originally wrote about the potential issues using […]

Read more »

Security Thought for Tuesday: Program Policies, not Infrastructure

by Neil MacDonald  |  September 21, 2010

I’m here at the midsized enterprise summit in San Antonio. Earlier today, I presented on the same theme I will be presenting on at Gartner’s US Fall Symposium – the evolution of information security to address the security needs of private and public cloud-based services. In addition to the virtualization of security controls, one of […]

Read more »

Cloud Security Lessons from Google’s Internal Security Breach

by Neil MacDonald  |  September 16, 2010

Earlier this week, I saw this article describing a security breach by an internal Google employee where a site reliability engineer (now fired) had violated the privacy of multiple email accounts. From the article: Barksdale’s intrusion into Gmail and Gtalk accounts may have escaped notice, since SREs are responsible for troubleshooting issues on a constant […]

Read more »

How the Intel Acquisition of McAfee Could Make Sense

by Neil MacDonald  |  September 13, 2010

I was part of the Gartner team that published our First Take on the Intel acquisition of McAfee. Talking with financial analysts, there’s the immediate value of revenue diversification and McAfee’s gross margins are accretive to Intel. But there’s more here than meets the eye. I’ve been around the IT industry a while and there […]

Read more »

Why Stephen Elop Makes Sense for Nokia

by Neil MacDonald  |  September 10, 2010

Our mobile analysts are working on the official Gartner analysis of the announcement and I’ll link to this when it becomes available. As Gartner’s primary analyst on Microsoft, I interviewed Stephen at Gartner’s US Fall Symposium last fall. Over the past several years, I’ve gotten to know Stephen Elop pretty well. He is a great […]

Read more »

Thought for Thursday: Extending Whitelisting to Information Access

by Neil MacDonald  |  September 9, 2010

I’ve written multiple times on the power of whitelisting (default deny) for applications running on end-user workstations and servers. I am convinced that whitelisting should be foundational in our strategy for securing endpoints. So far, the application control vendors have focused on whitelisting what applications are allowed to run. This is straightforward in concept, but […]

Read more »