I had the opportunity to present some of my research on the IT security skills shortage at last week's RSA Conference. This is a serious issue that doesn't get nearly enough attention. Read more
The RSA Security conference 2014 has come and gone, and based on my experiences in San Francisco, it certainly appears we are in an "industrial revolution" as information security activity, innovation, and investment continue to grow. Early indications are that this was the biggest RSA Conference of all time.
Here are a few of my final thoughts on the show and the current state of cybersecurity: Read more
Last week's RSA Conference was a whirlwind of meetings, presentations, and unusual west coast rain storms. I'm not sure about the attendance numbers but it seemed especially busy - not surprising after the many cybersecurity events of 2013.
I met with around 40 different security vendors throughout the week and heard some encouraging news. Rather than crow about the latest technology fad or threat du jour, many security vendors are now focused on: Read more
In my blog yesterday, I outlined the hot topics I anticipate at this year's RSA Security Conference. Since the show is dominated by security vendors, the show hype will focus on products, services, and various technologies. Read more
It's the calm before the storm and I'm not talking about the unusual winter weather. Just a few days before the 2014 RSA Security Conference at the Moscone Center in San Francisco.
In spite of this year's controversy over the relationship between the NSA and RSA Security (the company), I expect a tremendous turnout that will likely shatter the attendance records of last year. Cybersecurity issues are just too big to ignore so there will likely be a fair number of first-time attendees. Read more
It seems like yesterday when I was logging onto the VAX system at my alma mater UMass so I could work on a market research project with a statistics program. When my time slot came up, I would sit in front of a VT100 terminal, input my user name and password, and voila - a timesharing session at the cutting-edge of high tech. Read more
Most companies now provide network access and application support for non-PC devices like smart phones and tablets and many are developing new applications and business processes designed specifically for these devices. Business managers look at iPhones, Android devices, and even Windows phones and see opportunities for revenue growth, cost cutting, and improved communication everywhere. Read more
With the Winter Olympics in full-swing, the cybersecurity community anxiously awaits another global event, the 2014 RSA Conference. Like Sochi, the RSA Conference comes with its own controversy, but I still anticipate that most of the global information security glitterati will be in San Francisco two weeks hence. Read more
ESG is about to publish its 2014 IT spending intentions research as it does each year. In reviewing this data, I found continuing bad news about the IT security skills shortage. ESG research found that:
Of those organizations planning on adding new IT staff positions in 2014, 42% say they will increase headcount in information security. This is the highest percentage of all IT skill sets (note: the #2 choice was IT architects at 35%). Read more
Now that it’s February, the entire security industry (sans a few noble protesters) is gearing up for this month’s RSA Conference in San Francisco. Once again, I anticipate a lot of buzz around all-things mobile computing security this year just as there was in 2013. MDM/MAM is sure to come up too – what with Citrix’s buying Zenprise last year, IBM’s purchase of Fiberlink, and VMware’s recent acquisition of AirWatch.
I started my high tech career in 1987, when I arrived at EMC fresh out of business school. The CEO at that time was Richard Egan, the “E” in EMC. At each quarterly meeting, Mr. Egan would get up in front of the entire company, review the quarterly objectives he had set forth for the company at the previous meeting, and grade the company on its ability to meet stated goals. This review kept the company focused on and accountable for meeting its metrics.
It’s highly likely that cloud security will be one of the hot topics at this year’s RSA Security Conference coming up in February. Yes, there will surely be a lot of rhetoric and hype, but this is a very important topic for our industry to discuss as cloud computing continues to gain momentum with enterprise organizations.
While information security is still the primary concern around cloud computing, enterprise organizations aren’t holding back on deployment, albeit with non-sensitive workloads for the most part.
It’s still early but 2014 is shaping up to be highlighted by M&A activity. The VMware/AirWatch marriage is the latest example.
So why was VMware willing to spend $1.5+ billion for an MDM leader? The easy answer is that the world is going mobile – new application development is focused on mobile or web applications alone while PCs are moving closer to mainframe status. AirWatch immediately bolsters VMware’s play for endpoint computing as well with mobile complementing virtual desktop technology.
I posted a blog earlier this week on the endpoint security market transition that ESG anticipates in 2014. ESG research already indicates that change is in the air --62% of security professionals working at enterprise organizations (i.e. more than 1,000 employees) believe that traditional endpoint security software is not effective for detecting zero-day and/or polymorphic malware commonly used as part of targeted attacks today.
Well here we are halfway through January and you can’t cross the street without hearing about a malware attack or security breach somewhere – Neiman Marcus, Target, Yahoo, Yikes!
When my non-technical friends ask me what they should expect moving forward, I’m not exactly a beacon of hope. My usual response is something like, “get used to it, things will likely get worse.” Read more
It is widely agreed that the security software market is over $20 billion worldwide and that endpoint security software (aka antivirus) makes up the lion’s share of this revenue. After all, AV is an endpoint staple product bundled on new PCs, required as part of regulatory compliance, and even available for free from reputable providers such as Avast, AVG, and Microsoft.
Yup, AV software is certainly pervasive but traditional endpoint security vendors will face a number of unprecedented challenges to their comfy hegemony in 2014 for several reasons:
I’m sure lots of CISOs spent this week meeting with their teams, reviewing their 2013 performance, and solidifying plans for 2014. Good idea from my perspective. The CISOs I’ve spoken with recently know exactly what they have to do but aren’t nearly as certain about how to do it.
At a high level, here’s what I’m hearing around CISO goals and the associated challenges ahead this year:
As an industry veteran, I’ve witnessed my share of IT transformations. Yup, I’m old enough to remember the transitions from mainframes to mini-computers, to client/server computing, to Internet computing, etc. Each of these IT tectonic shifts also led to changes in the balance of power within the industry. IBM owned business computing in the 1970s with its 370 mainframe but the transition to client/server gave rise to a number of new stars like HP, Microsoft, Oracle, and Sun.
I hope my cybersecurity colleagues enjoyed their holiday these past few weeks. It was surely well deserved as the year 2013 will be remembered as a whirlwind of activity featuring successful IPOs and scary security incidents. Given this, it’s likely that security professionals spent the last few weeks with one eye of family and holidays and another on emerging details about the massive breach at Target.