English   Deutsch   Русский   中文    

IT-SA conference takeaways

Oct 26, 2010 by Sachar Paulus

A long time ago my last post... Anyway, lots of first-year students and research grant applications kept me busy.

The IT-SA is now THE event for IT-security in Germany. It has not the flavour of the RSA conference, altough it may actually be of a similar size, at least in the exhibition area. It is much more about small conferences around the exhibition floor, organized / owned by different people and groups, such as e.g. the AppSec conference in Germany or the KuppingerCole Enterprise Cloud Security summit. Consequently, and this is especially true for folks from abroad, don't expect a huge number of people showing up at your booth - you need to organize traffic yourself.  But then - uh lala, lots of intense discussions...

A few takeaways more from the content point of view from my side about the IT-SA:

1. "bring your own device" is now a mainstream topic. Security folks: like it or not, you will need to cope with it. There are a number of arguments for this being financially-wise a good decision. But what does that mean security-wise, really? Well, my take is that the IT-security guys now need to think about how to protect corporate information instead of protecting the infrastructure from viruses. Come on, be honest: company confidential information is anyway already on devices that are not under your control, even today. The solution is: intelligent awareness, and - maybe some day - intelligent IRM.

2. IRM, IRM, IRM: the more I wandered along the different booths, the more I see the need for a good solution. All these different offerings that pretend to make your IT secure, but actually don't (no, I won't name them), all suffering from information not being protected adequately, still relying on a benign, controlled infrastructure. You that time is over, right? Unless you are a bank (you make your money yourself) or a government (you don't even need money in the first place ;-) chances are quite bad that you know what is going on in your network aeh on your machines, aeh I mean on the devices in your network...

3. Privacy-friendly IDM: there is a trend to use IDM against people's intention. And indeed, that may happen, if the data is under legitimate control of the authority maintaining the IDM information. Consequently, we need to think about how to make that happen in a privacy-friendly way. There are cryptographic protocols, and frameworks available, such as MS U-PROVE and the new German E-ID-Card. We need to spread the word that this is indeed possible!

And finally 4.: the Cloud is real. Companies do no longer think whether they will do it, but HOW, and how the security can be setup. Most importantly, companies were asking how to extend their security management processes to the cloud provider. And indeed, ISO 2700X et al can be applied, but they don't provide operational help. ITIL is much better suited, but does not really cover confidentiality...

Google+

top
Author info

Sachar Paulus
Scientific Advisor
Profile | All posts
KuppingerCole Blog
By:
KuppingerCole Select
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
Register now
Spotlight
Internet of Things
It is its scale and interoperability that fundamentally differentiate the Internet of Things from existing isolated networks of various embedded devices. And this scale is truly massive. Extrapolating the new fashion of making each and every device connected, it is estimated that by 2020, the number of “things” in the world will surpass 200 billion and the IoT market will be worth nearly $9 trillion.
KuppingerCole EXTEND
KC EXTEND shows how the integration of new external partners and clients in your IAM can be done while at the same time the support of the operational business is ensured.
Links
 KuppingerCole News

 KuppingerCole on Facebook

 KuppingerCole on Twitter

 KuppingerCole on Google+

 KuppingerCole on YouTube

 KuppingerCole at LinkedIn

 Our group at LinkedIn

 Our group at Xing

 GenericIAM
Imprint       General Terms and Conditions       Terms of Use       Privacy policy
© 2003-2015 KuppingerCole