Gartner Blog Network

Posts from Date:   2011-5

Forget Trust, Think “Trustability”

by Neil MacDonald  |  May 31, 2011

The term “trust” is too binary for the world of business and IT we are moving into. Trust sounds black and white / all or nothing. Either I trust you or I don’t. The reality is far more complex and a world of information security decisions based on shades of grey, not black and white. […]

Read more »

Redefining IT and Information Security: Symantec’s Industry Analyst Conference

by Neil MacDonald  |  May 24, 2011

I’m attending Symantec’s worldwide analyst conference in New York City today (24 May 2011). Symantec’s CEO, Enrique Salem, kicked off the morning with a discussion of Symantec’s role in the changing world of IT and information security. Enrique called out five megatrends that are challenging our preconceptions about the role of IT and information security: […]

Read more »

Four Security Breaches, Four Security Lessons

by Neil MacDonald  |  May 23, 2011

There’s been a bunch of highly publicized attacks recently. Each one has a major lesson for information security. 1) Barracuda’s breach Major lesson: Test all of your web-enabled applications for vulnerabilities as a part of the ongoing application development and change process. This was the root cause of the breach. Minor lesson: Web application firewalls […]

Read more »

IT Operations and Security Convergence? Not Really.

by Neil MacDonald  |  May 17, 2011

I’m having lots of discussions with clients on Microsoft’s new Forefront Endpoint Protection offering that was released in December of 2010. In addition to recent licensing changes, the biggest change over the pervious release (formerly called Forefront Client Security) is the change out of the management, policy and reporting infrastructure underneath to be based on […]

Read more »

Google’s Chrome Browser has a Zero Day – So?

by Neil MacDonald  |  May 13, 2011

I saw this article recently describing an attack against one or more zero day vulnerabilities in Google’s Chrome browser. Worse, the attack reportedly is able to break outside of the “sandbox” (created by the use of mandatory integrity controls within Windows) and execute code at a different trust level. The attack is reportedly not stopped […]

Read more »

Cloud Elasticity and Rubber Bands

by Neil MacDonald  |  May 12, 2011

I was a part of a discussion among Gartner analysts recently debating the implications of a Cloud SaaS provider that had moved their legacy application to the Cloud and was now offering it as a service. Because the application wasn’t “cloud-native” and was designed to be deployed on-premises, the vendor stated that there was a […]

Read more »

Since We Still Need Diesel Generators for Backup Power, Are Utilities Useless?

by Neil MacDonald  |  May 9, 2011

I don’t think so and I doubt many people would agree with this either. The reason I bring this up is that I was having an interesting discussion with colleagues on Cloud security and availability (spurred by the recent Amazon outage) and a statement was made something along the lines of “If I must have […]

Read more »

Removing Administrator Rights for Windows Users is not “Lockdown”

by Neil MacDonald  |  May 4, 2011

In discussions with clients, I still run into some confusion on whether or not removal of administrator rights constitutes “lockdown”. Perhaps this was the case a few years ago with older Windows applications and Windows XP, but this is not the case today with Windows 7.  For example: Standard users can install and execute well-written […]

Read more »

Two Lessons for Information Security from the iPhone and iPad

by Neil MacDonald  |  May 2, 2011

Rapid adoption rates, three hundred and fifty thousand apps, but not much malware. What gives? 1) The power of whitelisting. Call it what you may, but having Apple act as the steward of all applications via its App Store is a form of whitelisting (where the list of approved applications [whitelist] is defined by those […]

Read more »