At the Gartner Symposium IT/Expo this week, thousands of IT managers packed into sessions on the topic of virtualization of enterprise computers, along with the prospect of adopting public cloud-based services or building private ones. Some say the revolution is under way, and security managers are caught in the middle, losing their earlier controls.
Gartner analysts, including David Cearley and Gene Phifer, trotted out user case studies involving FedEx, Presidio Health, Johnson Diversey, and others extolling the public or private cloud, while in a separate session Michael Lock, head of enterprise sales at Google, found himself looking like a budding rock star in front of an huge audience of high-tech execs eager to hear about Google Apps. With new ways of conducting enterprise computing and application development shaking up established IT practices, the darker mood about it all was mainly heard from Gartner's security analysts, recognizing the revolution underway is ripping away the security controls of today.
[ Get the no-nonsense explanations and advice you need to take real advantage of cloud computing in the InfoWorld editors' 21-page Cloud Computing Deep Dive PDF special report. | Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. ]
"Our nightmare scenario is here now," said Gartner analyst John Pescatore. Botnet-driven cybercrime is clearly accelerating as online predators involved in "cybercrime as a service" plunder corporate and consumer data for financial gain. In addition, corporate employees are now using handheld smartphones the company didn’t even issue and spending substantial time on networks not owned by the enterprise.
Now comes cloud computing as service offerings and "obviously attacks will come after this," Pescatore said. In many instances, the fact is the "IT organization is being driven to have less control over software and hardware."
The implication of this, Pescatore said, is they can sit and dream of something pleasant, like the return of the mainframe, or they will have to make a shift to using or developing "security as a service" to adapt to new threat scenarios in both public cloud computing and virtualization of their IT infrastructure.
With the cloud taking shape nebulously as many types of public, private and hybrid services, an important technology to turn to will likely be encryption services. "In the next few years, you'll see encryption services out there," Pescatore said.
Gartner analyst Neil MacDonald also minced no words in describing the implications for security in the virtualization and cloud-computing revolution. "We're at a critical point," MacDonald said. Adoption of consumer technologies and the transformation of the technical infrastructure in the enterprise means that there's "frustration of the business units with us," MacDonald said.
Get the independent advice and expertise you need to support a virtual workforce.
The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.
Download now »
Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.
Download now »
A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
1 Recommendation
