Gartner Blog Network

“There’s no Such Thing as ‘Secure’ Anymore”

by Neil MacDonald  |  April 5, 2011  |  Comments Off on “There’s no Such Thing as ‘Secure’ Anymore”

This sounds exactly like what I wrote here and here.

However, this quote isn’t mine. This quote comes from Deborah Plunkett who head the US National Security Agency’s Information Assurance Directorate.

Deborah is quoted in this article on Reuters:

“The most sophisticated adversaries are going to go unnoticed on our networks. We have to build our systems on the assumption that adversaries will get in,”

“We have to, again, assume that all the components of our system are not safe, and make sure we’re adjusting accordingly.”

The NSA must constantly fine tune its approach, she said, adding that there was no such thing as a “static state of security.”

Yup, I agree. That’s exactly the line of research I’ve been pursuing over the past several years with “adaptive security infrastructure”. I have published several research notes and presentations on how to change the mindset of information security to address these challenges. Virtualization of security controls is one way that information security can adapt more easily to address changing threats, but there are many others. For example, securing private clouds will require significant changes in security infrastructure as well.

Assume you are compromised today in a way that is undetectable by traditional network and host-based IPS and antimalware solutions. How would you know?

I hosted a panel on Advanced Persistent Threats at the US 2011 RSA conference and another APT summit in Washington DC a few weeks ago. The consensus is that you are compromised, you just don’t know it. It’s time to start designing information protection systems that work in spite of compromise.

It sounds counterintuitive, but think about this: it is reported that there are more bacteria in the human body than legitimate cells. Yet, we are able to carry on with useful and productive work. Why can’t our organizations?

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: beyond-anti-virus  next-generation-security-infrastructure  virtualization-security  

Tags: adaptive-security-infrastucture  cloud-security  defense-in-depth  information-security  next-generation-security-infrastructure  virtualization-security  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.