From The Editor | June 25, 2009

Inside Gartner Information Security Summit - Day #1



Editor Gennifer Biggs is live from the Gartner Information Security Summit in Washington, D.C., Monday, June 29, through Wednesday, July 1.


Day #1: Hot Topics Range from Federal Oversight to SaaS

The Gartner Information Security Summit was buzzing with chatter about the federal government’s expected role in cyber security, the effort to set a standardized baseline for security that all businesses large and small should strive to achieve, the increasing role of SaaS, and ever-evolving challenge of securing and setting policy for Web 2.0 tools.

As part of our time at the summit, we sat down with several vendors to chat about what trends they are following and where they expect the security space to move over the next few months.

Not surprisingly, with keynote speakers such as Christopher Painter, Director of Cybersecurity at the National Security Council, a big portion of the summit revolved around the role of the federal and state government in security. It is no longer the world of HIPAA and Sarbanes-Oxley – vague suggestions, outdated technology and lackluster (if any) enforcement. The government – perhaps with Massachusetts leading the way - has set it sights on developing baseline security levels across the United States. How will that impact VARs? It not only opens the door to those businesses that have stuck their head in the sand prior, but also provides a well-publicized reason for security solutions providers to revisit existing clients.

As part of that effort, we found vendors such as LogLogic, RedSeal and Lumension, which focus on empowering companies and VARs to manage and understand security networks and potential breaches, are excited about the move from compliance driven security to decisions to full-fledged security that also addresses compliance. They all addressed the opportunity for VARs and MSPs to help companies – especially those with sprawling infrastructures – keep tabs on the success of security solutions in place. With 100s of firewalls, dozen of security products and an ever-shrinking IT staff, many companies don’t even realize how vulnerable they are – and VARs can help identify and remediate those issues. Perhaps BeyondTrust put it best: “We would rather talk about security and risk than compliance.” That said, no one denies that following compliance as it impacts particular verticals, such as healthcare (emergency medical records legislation has fired up HIPAA mandates anew) and retail (PCI remains a key baseline security mandate) can create opportunity for VARs.

Another hot topic at the summit, Software as a Service (SaaS), continues to see increased momentum, from email hosting to web filtering. While some of those vendors, such as Webroot, work closely with MSPs and managed security services providers (MSSPs), other vendors, such as web filtering SaaS provider ScanSafe are just rolling out channel initiatives with VARs and MSPs about the potential of adding SaaS offerings to their linecard.

One other area of opportunity is the increased pressure to defend against Web 2.0 risks, something many traditional reputation based security products cannot handle. For companies such as ScanSafe and appliance-based solution provider, Finjan, the evolution of Web 2.0 threats, tied so often to the coding embedded in open content websites such as Twitter, Facebook, and iGoogle, has been a boon to business and to its VAR partners. Because both vendor offer real-time web content threat assessment, they offer protection from Web 2.0, something every VAR must consider for customers.

Last but not least, the idea that security has moved from the perimeter in to encompass the full range of data assets in any business was getting a lot of attention at the summit. For major vendors such as CA, the challenge has been to move the conversation away from locking down and blocking access and actions and toward pairing access and identity control with security to assure your data is safe and your employees, often the unintentional case of breaches, are aware of potential policy breaches.

Overall, the first day was overwhelming in ideas and opportunity, but the message I’ll leave you with is that if you haven’t explored new products that will assist you in honing your customers’ network security perimeter and then drilled down with them about the threats that often come from within the walls of a business, you are missing opportunity and leaving cash on the table.