Gartner Blog Network

Security Observations from European Symposium

by Neil MacDonald  |  November 14, 2011  |  1 Comment

I spent the last week in Barcelona with 4,000+ attendees at the 2011 Gartner European Symposium. It was a new venue for Gartner (we were displaced from Cannes by the G20), and I’m happy to say it was a fantastic with record attendance.

Security was front and center of attendee interests. We had a total of 23 security sessions throughout the 4 days. Like US Fall Symposium, I was fully booked with 1-1 sessions where attendees are able to meet and discuss their issues and questions with analysts.

The top issues of our European attendees differed from those at Gartner’s US Fall Symposim. Here’s what was top of mind in Europe:

1) Protecting information. I had a large number of discussions on how to move information security beyond just a “bottoms up” approach to information security. These organization felt they had a good handle on traditional firewalling, IPS and endpoint protection but hadn’t done much for information protection beyond encrypting laptops. In addition to encouraging them to think about information security protection as a process, we also discussed specific technical controls such as database activity monitoring, file activity monitoring and web application firewall/monitoring solutions.

2) Cloud security. Cloud isn’t one thing, security isn’t either, so these discussions varied. Most were focused on how to better secure access to cloud-based services at the Software-as-a -service level. There were some questions on IaaS, but only one on securing PaaS. In that case it was a leading -edge client moving their entire business as a service provider to Microsoft’s Azure platform and we discussed encryption options within Microsoft’s Azure.

3) Hosted Virtual Desktop  (or if you prefer, Virtual Desktop Infrastructure). In these conversations, the interest was driven primarily as a way to provide access to legacy Windows applications while maintaining control of the information. Several conversations were on the pros/cons of VDI as compared to traditional terminal services.There are strengths and weaknesses to each approach. In a separate roundtable on virtualization and security that I moderated, the preference of the attendees of the session was to use full VMs (VDI/HDV) rather than terminal services..

4) Application security This is really a form of #1 above, but focusing on securing the applications that handle the sensitive information. Most had adopted some amount of security testing, but were interested pushing testing further back into software development. There was a significant amount of interest in testing as a service offerings, many of which are quite inexpensive as compared to testing in house. In most of these cases, testing as a service wasn’t replacing what they were doing, just augmenting it.

Overall, the biggest difference I saw in the interests of European attendees from US attendees was the intense interest on specific ways and mechanisms to augment traditional “bottoms up” security mechanisms with a “tops downs” approach to protecting information. Both are needed.

That’s a good sign that information security organizations are understanding that in a world where IT increasingly doesn’t own or control much of the IT stack (end user device, network, server, OS, etc), our focus absolutely must shift up to various ways to protect the information.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: application-security  cloud-security  virtualization-security  

Tags: application-security-testing-tools  cloud-security  gartnerdc  information-security  symposium  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Thoughts on Security Observations from European Symposium

  1. Bill Caelli says:

    What a difference from Gartner on the Gold Coast!
    Security is definitely on the “back burner” here with very little interest.

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.