One thing John brought up was the mobile vs. desktop virtualization debate. His stance was that, far from detracting from desktop virtualization, mobile devices and tablets actually helped start the conversation in getting companies to seriously look into a broader desktop virtualization strategy.

“A lot of times people want to use their iPhone and hook it up with their corporate e-mail, or use an iPad at work,” he said.  ”That starts the conversation about what are we going to do about people wanting to bring their devices in, and how are we going to manage them.”

Whaley also said that that desktop would still dominate for the foreseeable future, even in more tablet-friendly businesses. “It’s not ‘We’re going to give iPads only,’” he said “It’s, in every case, an iPad is in addition to a laptop. It’s good for consuming but it’s not as good for creating content.”

[kml_flashembed movie="http://www.youtube.com/v/ScUKZoDwJzw" width="425" height="350" wmode="transparent" /]

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.

II. We must apply active defenses. It’s no longer enough to apply the automatic patches and call it a day: Just like the DoD, IT departments need to proactively root out threats before they bring down the network and, from an operational standpoint, always assume security is compromised and work to minimize vulnerability.

III. Critical infrastructure on which the military relies must also be secure. Losing Internet connectivity, power or even a functioning financial system would cripple the United States’ military readiness, and IT departments are the same way: Are your VAR’s on steady ground? Will your vendor be around in 2 years, and just as importantly, will their technology do what you need it to do? IT is an ecosystem that extends well beyond your farther firewall.

IV. We are building collective defenses with our allies. Too much is at stake to lock down your network and your knowledge, even if the business side would let you. Today’s IT departments need to support gracefully adding temporary workers on loan from other businesses, giving them simple access to what they need while securely cordoning off what they don’t, and then closing those rights when the work is done. There’s a lot of work to be done here, as 10% of IT professionals report they can still access sensitive administrative rights … at their previous jobs.

V. Drawing on outside resources. The military has taken a more proactive approach, alerting private sector companies of security risks it discovers while also partnering to look for solutions to tomorrow’s problems. We have a simple way to build your own public-private partnerships: The ITKnowledgeExchange forums and community, but there are numerous other great opportunities from local meetups (which often have free chow!) to conferences and IRC chats. Connecting with your peers can not only answer your current problem, but help ensure you avoid future pitfalls.

And while it wasn’t a solid pillar, Lynn did close by highlighting the importance of making technology careers “cool” to kids, stating that the United States desperately needed more technical individuals to help prepare for the future. Mentoring and encouraging others in the field is not only the right thing to do, but it helps make the workplace a more team-minded, positive environment.

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.

As Michael Mimoso reported earlier, cryptography and security pioneers Ron Rivest, Adi Shamir and Len Adleman were honored at the 2011 RSA conference with the Lifetime Achievement Award. While it might be a bit of an obvious choice – RSA is named after them and all – the tribute video beforehand was excellent as both a primer on the cryptography and history that underlies modern security practices. It’s not embeddable, but you can pop over to RSA’s conference page to watch the presentation, which runs about 10 minutes and is completely worth it.

It was a great, sentimental crypto-geek moment … until it was shattered by a weird pop montage touting the conference’s take on Alice, Bob and Eve with a weird mashup of Madonna and Journey (I think). When will people learn to leave well enough alone? In the meantime, go watch the video.

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.

Yesterday I wrote about how Lenovo, talking up its new Full-Drive Encryption (FDE) tools, bragged that the technology was used to secure Coca-Cola’s famously guarded secret recipe. Well, that security measure (if accurate) was recently trumped by a 125-year-old vulnerability and an unlikely Black Hat: Ira Glass and NPR’s This American Life, which stumbled upon a 1979 stock photo which, the program’s reporters believe, was actually a photo of the original handwritten recipe.

It’s not the first time the alleged recipe has been released (Wikipedia currently lists a host of candidates), but the release highlights a theme I heard again and again this morning from the wonkier side of RSA: Technology is an incredibly small part of any true security solution. Adi Shamir, the “S” in RSA, made a point of saying that even the bleeding edge in security, and particularly cryptography, can do very little to nothing to stop WikiLeaks-style attacks or even Stuxnet attacks.

The end result is this: Enterprises (and governments) must constantly evaluate the total security scenario and always consider their assets compromised, just like the the NSA does, while evaluating ways to minimize harm.

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.

@atwalls: Gartner analyst who specializes in infosec practices, enterprise governance, security program management, and more.

@rcheyne: This self-described “hacker of the old-school variety” is also CEO of Safelight Security, a security training company.

@Simply_Security: David Lingenfelter, Information Security Officer at Fiberlink Communications, is sending out highlights and reactions to the goings on in San Fran.

@merrittmaxim: Works in Identity & Access Management at CA Technologies. He’s giving frequent updates on his reactions to what’s happening at RSA.

@JDeLuccia: James DeLuccia works in risk management and IT security. Check out more in-depth coverage of the conference at his blog.

@jhaggett: This “lover of all things mobile” is at RSA. Whether he’s interacting with other members of the conference or observing a session, Jamie Haggett’s tweets are just as entertaining as they are informative.

@themeworks: Chief Technologist at Palm Tree Technology UK and Mastlabs USA, is tweeting out questions for his fellow RSA-goers and IT enthusiasts alike.

@Reflex_mike: UPDATE! How did we miss Mike Wronski? He’s VP of Product Management at Reflex Systems, and he’s been tweeting the heck out of RSA the past week.

@morisy & @ITKE: Editor Michael Morisy is on the scene in San Francisco. Check out his in-depth coverage at the Enterprise IT Watch blog.

And of course, for official updates on the conference, check out @RSAConference and hashtag #RSAC for more general, up-to-date information. Did we miss anyone? Send me an email at Melanie@ITKnowledgeExchange.com or leave it in the comments section.

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.

“Evolving threats to databases require enterprises to look at new security solutions,” said Vipin Samar, vice president of Database Security, Oracle. “Oracle Database Firewall offers organizations a first line of defense that can stop internal and external attacks from reaching databases. Easy to deploy and manage, Oracle Database Firewall helps reduce the costs and complexity of securing data across the enterprise without requiring any changes to existing applications and databases.”

Read the full press release here.

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.

• Cloud security challenges dominate
• RSA Conference study to reveal cloud frustration
• RSA Conference Adds Focus on Cloud Computing Security

“Adoption [of hardware-based encryption] has been slow,” admitted Clain Anderson, a director of Software Business at Lenovo. ”I thought, being Mr. Security, that the big interest would be in fewer vulnerabilities and stronger security, but the hottest topic is gaining 6 to 10% performance just for switching.” Those performance gains come from switching to on-drive encryption which takes the work load off the CPU.

Anderson said that Lenovo has embraced the Opal standard, particularly as enterprises have indicated being uncomfortable signing on to any single vendor’s encryption solution. Now that they have assurances that the drives they buy from one vendor will work with solutions from another, they are beginning to come around to the benefits of hardware-based encryption.

“It’s the regulated industries – medical, pharmaceutical, banking, and anyone with significant intellectual property,” he said. “Coca-Cola has their secret formula on here.”

Several analysts I’ve talked to have said that this awareness is going all the way up to the C-level, and that it brings some real measurable impacts in how attacks are carried out:

• For one, the attacks are not typically planned in the back channels that financially-driven attacks are, but often out in the open, in forums and Facebook.
• All press is bad press: One security-minded firm stated that companies are complaining that any mention in the major media is driving attacks.
• While the tools are often the same (DDoS attacks, data leakage), the participants are a different class, operating from both the inside and the outside in ways that opt more towards disruption and high-profile publicity rather than sustained effort.