English   Deutsch   Русский   中文    

IT-SA conference takeaways

Oct 26, 2010 by Sachar Paulus

A long time ago my last post... Anyway, lots of first-year students and research grant applications kept me busy.

The IT-SA is now THE event for IT-security in Germany. It has not the flavour of the RSA conference, altough it may actually be of a similar size, at least in the exhibition area. It is much more about small conferences around the exhibition floor, organized / owned by different people and groups, such as e.g. the AppSec conference in Germany or the KuppingerCole Enterprise Cloud Security summit. Consequently, and this is especially true for folks from abroad, don't expect a huge number of people showing up at your booth - you need to organize traffic yourself.  But then - uh lala, lots of intense discussions...

A few takeaways more from the content point of view from my side about the IT-SA:

1. "bring your own device" is now a mainstream topic. Security folks: like it or not, you will need to cope with it. There are a number of arguments for this being financially-wise a good decision. But what does that mean security-wise, really? Well, my take is that the IT-security guys now need to think about how to protect corporate information instead of protecting the infrastructure from viruses. Come on, be honest: company confidential information is anyway already on devices that are not under your control, even today. The solution is: intelligent awareness, and - maybe some day - intelligent IRM.

2. IRM, IRM, IRM: the more I wandered along the different booths, the more I see the need for a good solution. All these different offerings that pretend to make your IT secure, but actually don't (no, I won't name them), all suffering from information not being protected adequately, still relying on a benign, controlled infrastructure. You that time is over, right? Unless you are a bank (you make your money yourself) or a government (you don't even need money in the first place ;-) chances are quite bad that you know what is going on in your network aeh on your machines, aeh I mean on the devices in your network...

3. Privacy-friendly IDM: there is a trend to use IDM against people's intention. And indeed, that may happen, if the data is under legitimate control of the authority maintaining the IDM information. Consequently, we need to think about how to make that happen in a privacy-friendly way. There are cryptographic protocols, and frameworks available, such as MS U-PROVE and the new German E-ID-Card. We need to spread the word that this is indeed possible!

And finally 4.: the Cloud is real. Companies do no longer think whether they will do it, but HOW, and how the security can be setup. Most importantly, companies were asking how to extend their security management processes to the cloud provider. And indeed, ISO 2700X et al can be applied, but they don't provide operational help. ITIL is much better suited, but does not really cover confidentiality...


Author info

Sachar Paulus
Scientific Advisor
Profile | All posts
KuppingerCole Blog
KuppingerCole Select
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live training sessions.
Register now
Customer-Centric Identity Management
As more and more traditional services move online as part of the digital transformation trend, consumer-centric identity management is becoming increasingly vital business success factor. Customers aren’t just physical persons, they are also the devices used by customers, they are also intermediate organisations and systems which operate together to enable the provisioning of the service.
KC EXTEND shows how the integration of new external partners and clients in your IAM can be done while at the same time the support of the operational business is ensured.
 KuppingerCole News

 KuppingerCole on Facebook

 KuppingerCole on Twitter

 KuppingerCole on YouTube

 KuppingerCole at LinkedIn

 Our group at LinkedIn

 Our group at Xing
Imprint       General Terms and Conditions       Terms of Use       Privacy policy
© 2003-2016 KuppingerCole