November/December 2006 issue
2007 preview: What's rollin' round the bend?
Back to Q1, Q2,
Q3, Q4
5. Who has impressed you as innovative in terms of security
this year?
Adrian Asher, Global Head of Security, Betfair
Leveraging on the needs of compliance in a positive light, I feel
the company called Guardium, has very much lead the way in their
field. Whilst a part of their product is dedicated to compliance
with SOX, another very useful part has enabled information security
professionals to be able to audit the use of their databases.
This previously had been a very log oriented coupled with data
mining, time intensive task. By providing a device that could view
the data on the wire, and apply security policies, and indeed alerts,
in my view has gone beyond the competitors in the field in balancing
a real business benefit (control of data) with the business need
(compliance).
Brian T. Contos, CISSP, CSO ArcSight
I’m extremely impressed by the steps that power and energy
companies have made to protect critical infrastructure such as SCADA
systems. Usually financial organizations are amongst the thought
leaders in terms of innovating security solutions, but oil and gas
has stepped up in a big way. Much of this is because of potential
threats around nation-state attacks and terrorist groups. Oil and
gas has taken an approach of not only addressing the needs of the
individual organization, but actively working with one another,
sharing information, and collectively mitigating risk. These initiatives
are called to as “Project Logiic” http://www.cyber.st.dhs.gov/logic.html.
In short, the project demonstrates an opportunity to reduce vulnerabilities
of oil and gas process control environments by sensing, correlating
and analyzing abnormal events to identify and prevent cyber security
threats.
Leo Cronin, CISO, Reed Elsevier
The most innovative technology I have seen this year is in the data
protection arena. Examples of vendors in this space are Verdasys
and Onigma, a recent acquisition of McAfee. This class of technology
has real promise for protecting critical data assets in an increasingly
mobile and virtual workplace. Since most data is processed on a
client or host, this is the best place to monitor and control access.
Clients and servers now have the speed and memory capacity to allow
very sophisticated policy enforcement to occur on the local machine.
This includes controlling or monitoring data moving to and from
the machine over any interface. I am very excited about this emerging
class of technology.
Robert Gleichauf, VP and CTO, Security Technology Group,
Cisco
Quite honestly I look at 2006 as a year of preparation for the next
wave of innovation - both for vendors and customers. I see 2007
and 2008 as the years where we see what really works, and what doesn’t
work.Paul Henry, Secure Computing
CipherTrust with their global intelligence, reputation and trusted
source offerings. While other vendors were adding band-aids to their
products in effort to keep up with the huge increase in Internet
and Intranet threats, CipherTrust exhibited out-of-the-box thinking
and brought about a paradigm shift in network security that will
continue to gather support as we move in to 2007.
Evan Kaplan, CEO Aventail
We’ve seen radical transformation in education security. By
definition, university perimeters are extremely porous, with a transient
user base, and that’s traditionally presented a challenging
situation. But now they’re using security technology as a
business enabler. DePaul University, for example, inverted its network
to make its entire distributed campus a secure wireless network
zone. Now students can use any Web-enabled wireless device they
want to connect to the Wi-Fi network, but undergo a quick device
integrity check and authentication log-in before getting access
to data. This innovative approach keeps the data safe, while improving
user experience and convenience.
Tom Noonan, General Manager, IBM Internet Security Systems
In 2006 a number of interesting trends became prevalent both from
a business perspective and a technology/innovation perspective.
From a business perspective, consolidation is occurring. The good
news is that this is in response to the market demanding more streamlined
solutions versus the point product approach that characterized the
security industry for decades. The average enterprise can count
upwards of 32 different security vendors within their business.
This approach is no longer scalable because the business is prioritising
security integration, optimisation and integration to the business
operations. On the technology innovation side, two trends are interesting,
the move to an open standard for security and new solutions to deliver
software as a service.
Hugh Penri-Williams, Chairman of the Information Security
Forum
Being a strong believer in human behaviour as the underlying ‘evil’
for our security failures to a far greater extent than inherent
application and infrastructure problems, I follow Bruce Schneier’s
monthly Crypto-Gram-Newsletter with avid interest and genuine enjoyment.
Despite his background and reputation as a renowned cryptographer,
Bruce has a knack for explanatory simplicity that gets to the nub
of what the real security issues are. ‘Beyond Fear’
was a landmark treatise in that respect last year and I’m
eagerly awaiting further instalments.
Paul Simmonds, CSO, ICI
The Jericho Forum, who have moved from 'theory' to publishing practical
guidance on what the 'industry' needs to deliver and how the technology
will be used in a de-perimeterized environment.
Alex van Someren, CEO nCipher
Dell putting Trusted Platform Module (TPM) chips in its PCs is a
revolution and means that hardware crypto is becoming mainstream.
Authenticating users is only half the problem: it is also important
to know if their computing device can be trusted. Dell’s embedded
TPMs provide a ‘seat of trust’ for commercial computers
and laptops.
6. What do you think will
be the big new threat to enterprise security in 2007?
Features
index
|
|
