Eric Ogren's Most Recent Posts

Firewall rules management vendors are responding to the demand for security to be baked into the infrastructure by prioritizing features that facilitate the integration of security operations with network and IT teams.

IT security teams can investigate these three identity-oriented strategies for efficient security services beyond traditional access control.

Presently, the industry offers to protect data with endpoint agents for transparent encryption, data leakage protection, digital rights management, and removable device control. Perhaps it is time to work on the evolution of data protection as data flows between corporate data centers, cloud-based applications, and user devices.

Webroot's announced acquisition of Prevx is interesting for its statements about the future direction of endpoint security, and leveraging cloud-based security services.

The answers to the next wave of security enlightenment are not going to come from host-based software solutions targeting enterprise IT, but are going to evolve from a ground-swell of consumers that introduce a new way of doing security for the enterprise. This may be a more rational approach for new security vendors than trying to drag risk-averse IT kicking and screaming into the cloud.

VMware is in the infrastructure business, which means it also has to be in the security business. VMware doesn't want to say that, but needs to learn from Cisco, Intel and Microsoft by baking security into the fabric of virtual data centers and virtual desktops.

There were noteworthy cases of innovative security at VMworld 2010 that can be applied to both virtual and physical environments that captured my "Top Security in Show" awards.

One pleasant surprise of the VMware keynote speeches is the persistent importance of integrating security into the virtual infrastructure.

Expect security impact of virtual workspaces, virtual desktops, cloud access to data, and provisioning systems to be discussed at VMworld this week.

Intel's intended acquisition of McAfee for $7.68 billion is a real head-scratcher. They could have purchased comparable security technology or more attractive security businesses for much less. This deal just does not make sense on so many levels, except for McAfee shareholders who were last seen in the streets hugging and giggling.

There are still gaping holes in PCI so IT and security teams will have to use their own best judgment in balancing requirements for securing their business, complying with PCI, and controlling expenses.

Microsoft realizes that security will soon be driven by the major infrastructure vendors as customers look to purchase security as part of something else (e.g. application, infrastructure) more than a standalone capability. Unique business advantages position Microsoft to have a major impact with its Forefront products.

Security teams need to be evaluating security vendors that allow them to effectively bridge multiple application architectures - especially those featuring virtualization.

The federal government is looking to play a leadership role in tackling data security problems for consumers. An independent rating system for endpoint security products will put sanity into testing labs that are funded and driven by security vendors, and establishing utility-oriented regulations for providers of applications, messages and content will also shift the primary burden of security where it can most effectively be managed by professionals.

The RSA Conference is wrapping up, and it was a much more upbeat experience than the past couple of years. Exhibitors were happy with the booth traffic, many interviewed executives reported sizable year-over-year revenue gains, and most were optimistic about prospects for the balance of 2010. A by-product of the ugly 2009 business climate is that innovation – something I had given up on ever seeing again – has returned to the security industry.