Every Summer, Eskenzi PR organizes the IT security analyst and CISO forum. It basically consists of one-on-one meetings between vendors and analysts and round table discussions between vendors, analysts and end-users, typically CISOs. And the event this year was excellent!
The quality and density of information is quite high, and it allows to grasp trends, both on the vendor as well on the end-user side, quite well in a highly condensed format. So: an ideal opportunity to review a number of technology trends.
Here are a few insights of the event I want to share with my followers. This list is not exhaustive and represents my personal view on the products discussed, and obviously this is not an objective analyst review as it should be. Nevertheless, it might give you some fruit for thought...
- Regarding Cloud Security, there is always the discussion how to secure the information in the Cloud against the Cloud service provider, in case one might not trust him. Safenet has introduced the concept of pre-boot authentication, well known from Laptop security, to secure virtual machine images in the Cloud. A pretty neat idea - we will see how it will evolve, esp. because it of course uses a proprietary format (as all device encryption software manufacturers do).
- You don't know where your devices are? What is part of the standard for iPhones, now comes for all mobile IT devices, including Laptops of any kind: location services, including remote destruction, and even selected data retrieval. And the best: the solution is preinstalled in the BIOS of most manufacturers, so just turn on an the security is there. Great, because very pragmatic, solution. Go and visit Absolute Software's portfolio.
- Standard IRM solutions - and for those not reading my blog regularly, I believe this is a necessary technology for a Secure Cloud usage - are missing the identification and classification means for data to be protected, and thus leave the use alone with that mess. Secure Islands, a small innovative vendor from Israel, provides the solution: it re-uses standard IRM, but integrates nicely into e-mail suites, browsers and local programs. The Secure Islands solution really boosts the usage of IRM because of the high simplicity.
- Knowing where your data is - and who actually accesses it - is an important prerequisite for secure data management and access management in general. A totally different approach than we usually see is the one followed by Varonis, who enable IT people to discover - and track, if necessary - where the data is that people are using. And this across all shares, web content management systems, ftp servers and alike. Monitor who actually accessed a specific folder with insider information in the last 4 weeks? This information is just a few clicks away. Interestingly, most customers are buying the solution not because of security needs, but for optimizing storage concepts and their implementation.
- It just happened again this morning: a certificate expired, and I had this damned popup saying that I cannot trust a specific web site any more. I cannot really do anything about it and I blame the web site owner for not keeping its certificates up to date. Venafi takes care about this problem, and helps you manage the thousands of certificates and key pairs that are in use in a professional IT environment.
Overall, one might identify a trend: more and more vendors respond to the demand of end-users that preventive controls are nice and if doable and affordable they are the best one can do, but in the meantime it is necessary to manage the insecurity, so a lot of products focus on more transparency and thus helping at least knowing what is going on - right or wrong.