That was honestly a question at our recent Security Forum. During every keynote, we collect questions for the audience and one of the attendees took the time to write down: “Can you please have someone from the hotel staff come and inform us of the evacuation plan. Specifically, where are all the emergency exits?”
I love putting on these events. I mean, seriously, only at a security and risk management conference do you get people worried about emergency evacuation plans.
But it did get me thinking and I asked myself: What are the best and worst audience questions from the forum? The event was based on the three shifts we see reshaping the security and risk management landscape in 2010. So I culled through the 78 unanswered question cards we rounded up from our eight keynotes. Here’s a quick breakdown of what was on our security execs minds:
App security: 2 Data security: 3 General information risk: 3 Social media security: 4 General threats and exploits: 6 Security talent and staffing: 7 Outsourcing: 9 Cloud computing: 14 BYOPC: 30
If you’ve been reading my blog, you’ll notice that “shift” is a common theme here at with the Security & Risk team. We believe 2010 represents a shift in how CISOs will support their businesses. Today I wanted to write about how we drew some of these conclusions. This last summer, Forrester conducted a series of in-depth interviews of the various roles we serve. For me, that entailed 30 interviews with various security and risk executives. The goal was to better understand information security and risk priorities and how we can better meet those needs. I must say, it was unlike any research project I’ve undertaken at Forrester. Sure, we asked the normal questions like “What is your role and responsibilities?” and “What are your top priorities?” But I also had the chance to ask very atypical questions like “Who do you turn to for trusted advice?” and “What sources of information do you find most valuable.?”
As a result, we’ll be changing our research heading into 2010. We learned that:
On Friday we wrapped up a very successful Security Forum. I’m very pleased at how well the theme — navigating the new security & risk reality — resonated with the two hundred security execs that joined us in lovely San Diego.
For those who attended, let me send out a big THANK YOU. I know it’s a lot to take two days out of your schedule and, as always, we appreciate your attendance. And remember, you can head to the link above to get all of the presentations.
But now we must return to work and start implementing all of the insight we discussed. To help, I thought I’d take an opportunity to summarize this year’s top three takeaways, in no particular order.
Takeaway 1: Giant squids are the stuff of horror movies, and stand-up comedy. For those of you following along, you’ll know I struggled with whether I should incorporate the recent squid invasion of San Diego in my opening remarks. I did — and it went over well. I shall live to host another event.
Ok, so maybe I didn’t nuke it, but I wiped it clean. It’s all part of an experiment. I’m one of a lucky few (20 to be precise) that are piloting iPhones here at Forrester. So far, it’s been great, although there are the usual bumps and stumbles you might imagine with any new technology. For example, has anyone else out there come across the mysterious disappearing calendar item? Every once in a while I come across something that’s on my desktop Outlook client, but not on my iPhone. I’ve done some pretty exhaustive scenario testing and I think I’ve isolated what triggers it, but of course there’s no discussion of it anywhere in the Googlesphere. Very strange, but I digress. As much as I’d like to talk about my iPhone experience, I’m actually more interested in any consumer mobile device in the enterprise.
(Psst. Apple, if you’re listening I can be contacted on this blog, on Twitter, or via email. I may not be one of our device analysts, but my analyst credentials would be revoked if I didn’t at least have an opinion.)
Ok, so why am I interested in mobile devices? Because in the last few weeks we’ve been swamped with clients’ requests to help craft their security policy for this technology populistphenomenon. Not only has iPhone proven to have enterprise staying power, but the promise of Palm Pre and Windows Mobile 6.5 has many an executive dreaming of replacing their old scroll-wheel driven BlackBerry with a slick touch interface.
In early September, Forrester
published its “The Forrester Wave™: Network Access Control, Q3 2008.” Forrester’s
findings revealed that Microsoft, Cisco Systems, Bradford Networks, and
Juniper Networks lead the pack because of their strong enforcement and policy,
but that Microsoft’s NAP technology, despite being a newcomer, has become the
de facto standard.
Any time you try and put some order
to vendor solutions, you are bound to find people in agreement – and to raise
ire in others. However, reaction in the blogosphere to a recent Network World article on the
research has raised some questions about Forrester’s Wave methodology which I’ll
aim to address:
As mentioned in my last post, I was recently at Cisco’s C-Scape. One reporter asked me to comment on my thoughts regarding a specific announcement (if you can call it that): Cisco will begin go to open up IOS. So you’ve probably got the same question I had: ‘What does “open” mean?’ As best I can tell, it means providing some standards-based APIs so that IOS can be controlled by third-party applications and infrastructure. Seems interesting, but I feel there’s more to it than that.
It’s that time of year. You know: shopping for the holidays, wrapping up end-of-year projects, and the annual Cisco analyst conference, now called C-Scape. OK, so maybe it’s not that big, but it has become an interesting event that acts a proxy for the overall networking industry. This year was a dramatic difference from years past. Namely, it was a lot more conversation with many more panels and breakouts. However, it was also noteworthy in that there was really no news! Cisco didn’t use this as a venue to announce any products or major initiatives. In fact, when I bumped into Matt Hamblen he commented that many of the journalists in attendance were bored! However, there were some interesting nuggets for those that follow Cisco:
My recent research has focused on the impact of server, storage, and desktop virtualization on your networking infrastructure – and I’ll write more about that in a future post. In short, it’s a boatload of unintended consequences.
In a recent conversation with Vyatta, I got thinking: what’s virtualization’s impact on the networking industry? We already see a handful of networking companies investigating the option of selling “VM” SKUs for their network appliances. These virtual appliances completely change the economics of consuming network infrastructure, although there are server performance specifications that must be considered. But imagine if the premium you pay today for all of your networking intelligence is suddenly free. That’s right… free! Think about it.
Your network is commoditizing rapidly. Routing, switching, VPN, and even firewalls are not the top criteria that determine tier one networking vendors. Manageability, supportability, reliability, and price are the factors which thin the field. As these functions mature – as do the communities that support them – we see viable open source alternatives. The interesting part comes when you can deploy open source appliances as a workload on a virtual server – providing you with the manageability and reliability of a mature virtual infrastructure player like VMWare. Add a vendor like rPath to the mix and you can even ease updating and patching.