Posted by: Leigha
Security Management, Security Vendor News
I’m just back from the Gartner IT Security Summit in Washington D.C., looking around the blogosphere to see if other attendees left with the same impression as I did.
The prevailing view in Blog Land is that the confab offered nothing new, and I while I respect Gartner’s security analysts and solicit their views often, I have to agree. But that doesn’t mean the conference wasn’t worth my time.
I’ll focus on what two bloggers had to say, then offer my take:
In the ConSentry Networks blog, Michelle McLean wrote about the theme of the conference, Security 3.0. The concept, which I blogged about Monday in the SearchSecurity.com Security Bytes blog, is that security needs to be more integrated into the larger IT architecture and infrastructure. McLean said she didn’t react as negatively to the title as Security Incite blogger Mike Rothman did. She noted that Gartner analyst John Pescatore was just using that scheme to call out a third era of security.
“What I object to with that title is posing this concept as something new,” McLean wrote. “I think most people thinking about security have been trying to get ahead vs. just react[ing] for a while now. That aside, though, I do believe that thinking about what you can do to get security built in vs. layered on later is a really helpful exercise.”
Rothman offered a much more scathing verdict:
“The mere thought of it makes me want to puke,” he ranted. “Why do we have to number everything today? Do we think things aren’t advancing fast enough? Is our industry’s self-esteem problem (actually make that the entire tech industry) finally coming to roost? How about SECURITY DONE RIGHT? I don’t care if it’s 2.0, 3.0 or 15.0. There will always be new applications and new attack vectors and pretty much new everything. And don’t these guys know that customers never buy a .0 release?”
OK, here’s my two cents: I found nothing new in the Security 3.0 concept. We’ve been writing about the trend toward more integrated security for more than two years now. Every time Microsoft rolls out a new security tool or another IT solutions vendor buys up a security software maker, you’re seeing Security 3.0 in action.
At the same time, there’s nothing wrong with giving people a reminder of what’s going on around them. We’ve seen time and again that companies fail to heed security advice or acknowledge technology trends that have been in motion until they get caught with their guard down. I can sum it up with one three-letter example: TJX.
IT professionals need to be reminded to take care of certain things now and then. So while I saw nothing new during my stay in D.C., I still heard plenty of useful advice.
I was amused to find Andrew Noyes writing in the National Journal’s Technology blog about his hunt for showroom floor swag during the Gartner event.
“I picked up a few pens, a notepad and a tin of breath mints,” he confessed. “While I was wandering, I realized that this must be the year of the ‘mini-mouse.’ VeriSign and several others were handing out those little buggers, which have retractable cords and plug into laptop USB ports. Handy for business travelers, I guess.”
Meanwhile, he wrote, SurfControl was passing out Etch-A-Sketch key rings and intrusion prevention provider Snort had a barrel full of squishy pig-shaped stress relievers that employees were stuffing into the hands of anyone who came near the booth.
“The giveaways certainly don’t stack up to the stellar conference goodies I remember when I attended events during the dot-com boom, but I’m sure attendees were pleased with the loot,” he said. “It’s like trick-or-treating for adults. Who could resist?”
I didn’t pocket anything from the show room floor. Instead, I used whatever free time I had to collect desk trinkets from the White House Historical Society gift shop. Besides, my desk drawers are already overflowing with funky pens I’ve collected during three years worth of conferences.
They hate the SPY Act
Another item that caught my eye this morning was all the negative reaction to the Securely Protect Yourself Against Cyber Trespass Act (SPY Act) that was passed this week by the U.S. House.
Software makers and online advertisers would face stiff requirements under the bill, which would require software distributors to clearly notify and obtain consent from consumers before programs can be loaded onto a computer
Those who oppose it say the legislation would penalize companies who distribute legitimate software and Web sites.
Eric Goldman wrote in his Technology Marketing and Law blog that he had hoped the House’s passing of the I-SPY Act would forestall further action on the harsher bill passed this week, “but unfortunately I was wrong.” The SPY Act, he wrote, “is a terrible solution to problems that may be already self-correcting, so let’s hope the Senate either takes a pass on both bills or at least takes a pass on the SPY Act a third time.”
Sunbelt Software president Alex Eckelberry wrote in his blog that the Spy Act appears to be as useless as the CAN SPAM Act.
“Let’s face it: We are good at writing some pretty useless laws in this country,” he wrote. “One of the hall-of-famers was the CAN-SPAM act, which was a complete joke [as the recent spike in botnet-generated spam illustrates]. So congress is barreling through another piece of legislation, called the SPY-ACT. You know what would be really scary? To have the same ‘success’ with the SPY-ACT as we did we CAN SPAM. In that event, the only people being helped would be security vendors. In other words, good for me, bad for you.”
The Senate still has to act on this bill, so expect plenty more heat on the issue.