What an information-packed first day at the Gartner Security & Risk Management Summit in National Harbor, MD!
It was the kind of productive conference that was worth being inside even though outside was a sunny 80 plus degree day. And believe me, being based in Seattle, sunny days haven’t been abundant.
The day started off with some of Gartner’s heavy hitters: Senior analysts John Girard, Andrew Walls and Paul Proctor, who set the tone for the rest of the day’s discussions. John challenged the crowd in understanding why most enterprises don’t seem to stay current on their systems at a time when security vulnerabilities are more frequent than ever. Andrew stated that adding more end point controls have increased employee dissatisfaction, while Paul informed the attendees that taking the traditional approach to addressing security is only going too exasperate the problem. He emphasized that seeing the world through the eyes of the business executive by understanding the business itself enables IT to be more proactive in addressing security issues.
The Summit is well attended and covered a variety of topics related to security and risk management. I greatly enjoyed the first day. Here are some of the highlights.
The summit theme of “Digital Security” was constant throughout the sessions with emphasis on expansion to digital assets. In particular, securing the data and the access to it enables security to become part of the business priority instead of an afterthought. Planned security investments must include mobile and cloud. Gartner analysts Ray Wagner and Earl Perkins identified software- defined security, app isolation and people-centric security as three of the current Digital security trends.
Application security put apps in a protective environment even though it has had trouble evolving with the changes in the computer industry. App access control is a trend that should continue in the relative short-to-medium term. However, enterprises are finding it difficult to implement app access control that truly protects authorized access to specific data on the corporate resources.
One of the best sessions I attended was a round table discussion of a cross section of industries that included health care, manufacturing, education, and government, among others. The participants discussed the challenges they face trying to implement a BYOD strategy that takes advantage of cost savings while protecting the corporate assets. In fact, it was stated that the cost savings of BYOD doesn’t really exist. The point was made that any savings in transferring the cost of the devices is offset by the increased cost of the infrastructure, software and solutions they had to implement to secure the use of these untrusted devices. The consensus was that there isn’t a cure all for enabling the use of personal devices. Since this was a user roundtable I wasn’t able to mention how Dell Secure Mobile Access can address their BYOD challenges securely and cost effectively.
But my favorite session of the day involved a panel discussion of Gartner analysts Greg Young, Joseph Feiman, and Neil McDonald. Their question they debated was “what is the best way to protect from advanced threats; network security versus endpoint versus application?” This lively discussion among the analysts was an effective alternative to convey information to a group looking for guidance in prioritizing their IT budgets. Do you protect the perimeter? The end-point? Or the last point of defense—applications . Nearing the end of the session, one member of the audience said it best, “We need to evaluate your current security situation and allocate it across all the areas.”
This is just a taste of the information provided on the first day. I am looking forward to what the second day at the Gartner Security & Risk Management conference holds. Stay tuned!
Join my colleagues and the team of experts at Dell Security Booth 601and Dell SecureWorks 501for demos and discussion on the show floor.