Yes, Cloud Offerings Can Have an On-Premises Element
by Neil MacDonald | May 25, 2012
One of the common misconceptions that I run into is that a public cloud services provider can’t have an on-premises element to their offering and that having this footprint somehow “breaks” the cloud model. The root of this misconception lies in equating cloud to a location. Cloud is a computing style, not a location. There […]
Information Security and Big Data–Hype or Hope?
by Neil MacDonald | May 22, 2012
I been a proponent of the use of big data analytics techniques being applied to the next-generation of information security problems. Is there bound to be hype? Absolutely. That’s why Gartner publishes a large number of technology hype cycles each year. Technologies invariably get overhyped, fall into the “Trough of Disillusionment” and ultimately assume an […]
Getting Ready for Gartner’s 2012 Infrastructure & Operations and Information Security Summits
by Neil MacDonald | May 21, 2012
I’ve been absent from my typical blogging routine getting my material finalized for two Gartner upcoming US-based summits in June 2012. The first is Gartner’s Infrastructure and Operations Management Summit being held in Orlando the week of June 4th. This conference is focused on infrastructure and operations solutions for managing desktops, servers, and mobile devices […]
Cloud Computing can be More Secure
by Neil MacDonald | March 31, 2012
In multiple Gartner surveys, security is cited as the number one inhibitor to the adoption of Cloud-based computing. Many IT professionals have a preconceived notion that cloud computing will be less secure than what they can deliver themselves on premises. This is a mistake. An absolute statement that cloud computing will be less secure is […]
Intrusion Prevention Systems? We Need Intrusion Resilient Systems
by Neil MacDonald | February 3, 2012
I’ve blogged before about advanced threats that easily bypass our traditional protection mechanisms and reside undetected for extended periods of time on our systems. On one of the panels I moderated on APTs, Dave Merkel from Mandiant put it best. “You are compromised, get over it”. Others in the US Government have come to the […]
Interactive Application Security Testing
by Neil MacDonald | January 30, 2012
Dynamic Application Security Testing (DAST) solutions test applications from the “outside in” to detect security vulnerabilities. In contrast, Static Application Security Testing (SAST) solutions test applications from the “inside out” by looking a source code, byte code or binaries. Both approaches have their pros and cons and, until recently, the market for these tools has […]
DevOps Needs to Become DevOpsSec
by Neil MacDonald | January 17, 2012
DevOps seeks to bridge the development and operations divide through the establishment of a culture of trust and shared interest among individuals in these previously siloed organizations. However, this vision is incomplete without the incorporation of information security, which represents yet another silo in IT. Breakdowns in communications and processes across development, operations and security […]
Link Web Application Firewalls to Dynamic Application SecurityTesting Tools
by Neil MacDonald | January 9, 2012
I called this a “security no brainer” years ago and the advice is absolutely still relevant today. In Gartner’s latest Magic Quadrant for Dynamic Application Security Testing (DAST) solutions for clients, one of the evaluation criteria we looked at was whether or not the vulnerability knowledge of the DAST solution could be exported and used […]
The Market for Dynamic Application Security Testing is Anything but Static
by Neil MacDonald | January 4, 2012
We’ve just published a new Magic Quadrant for Dynamic Application Security Testing (DAST) for Gartner clients. In Gartner research, we use the term DAST to refer to testing solutions and techniques that are designed to test an application from the “outside in” to detect conditions indicative of a security vulnerability in an application in its […]
Security Observations from Gartner’s Data Center Summit
by Neil MacDonald | December 9, 2011
I’m just back from Gartner’s US 2011 Data Center Summit held this week in Las Vegas. In my previous post, I talked about information security vendor’s concerns on the potential impact of the Eurozone crisis on information security spending. Here, I want to outline the top security-related issues and concerns that I discussed with attendees […]