Visit one of the Subject Area Blogs or ESG Analyst Blogs by clicking any link below:
|Application Development & Deployment Truths||The Bigger Truth||Insecure About Security|
|Cloud Computing Truths||Big Data, the Universe, and Everything||IT Artillery|
|Data Management & Analytics Truths||The Business of Storage||IT Depends|
|Data Protection Truths||Channeling IT||Liquefying IT|
|Information Security Truths||Decoding Development and Developers||Technical Optimist|
|Networking Truths||ESG Lab Blog|
Individual Author Blogs can be found via EXPLORE, selecting the Author, and clicking on "Read blog."
I was able to get out of snowy Boston this week to give a presentation on enterprise security to a Federal IT audience in Washington DC. As usual, I stated my opinion that enterprises are in the midst of a profound transformation with how they address cybersecurity risk. This change will require a new strategy around security technology and a new type of leadership from CISOs.
Change may be an enduring theme in 2015. Geopolitically, economically, and of course, technologically. A quick scan of the day’s headlines only serves to confirm that changes (some quite scary) are rapidly taking place in each of these three areas. On a more personal level, 2015 has ushered in some very exciting changes as I joined the very talented ranks of the ESG team. As their newest IT infrastructure analyst, I’ll be focusing on how the software-defined data center (with a concentration on software-defined networking [SDN]) can help organizations transform or effect “change” to improve the vitality and health of their businesses.
For the past 15 to 20 years, the vast majority of organizations install commercial antivirus software on just about every PC residing on their networks. This resulted in a multi-billion dollar industry dominated by five vendors: Kaspersky Lab, McAfee (Intel Security), Sophos, Symantec, and Trend Micro. AV security efficacy has come into question over the past few years, however, as cyber-criminals and state-sponsored hackers regularly use customized malware and zero-day attacks to circumvent AV and compromise PCs.
Announced at a live event at the Oracle headquarters this week was a complete overhaul of the company's high-end engineered systems for the data center. These pre-integrated appliances have always been big and fast, with a big starting price to match, so it wasn't surprising to see them get bigger and faster. The interesting bit was how they also got cheaper. Or offer more price/performance value, if you prefer the spin.
Those of us in the cybersecurity community can name-drop dozens of data breaches from the last ten years, but the late 2013 breach at US retailer Target could be considered a game-changer. In addition to the $148 million price tag, the CEO and CIO were both ousted in the wake of the cyber-attack.
In my last blog, regarding the 12 questions that separate PaaS leaders from laggards, questions 8 and 9 asked about what features developers wanted to see in PaaS products and what importance developers would attach to each of these features. The challenge was that I had a list of 20 features. Expecting a developer to reliably rank order 20 features is as likely as Larry Ellison getting married again.
Endpoint security used to be a quasi “set-it-and-forget-it” category at many enterprise organizations. The IT operations team would provision PCs in an approved, secure configuration and then install AV software on each system. Of course there were periodic security updates (vulnerability scans, patches, signature updates, etc.), but the endpoint security foundation was set and dry by then.