Friday, November 12, 2010

Cannes Symposium Round-Up

I just arrived home after an incredibly busy week at the Gartner Symposium in Cannes. At least I only had a couple of hours to drive, compared with the lengthy flights of some of my colleagues.

With the final day of the conference coinciding with Cannes basking in 24 deg C sunshine on a national holiday, the beach was full of sunbathers and even swimmers (no kidding!), and the restaurants along the beach and Croisette were thronging with folks enjoying the late summer weather. It was quite a struggle to get in my car and leave! Mais, c'est la vie! I suppose I should at least be grateful that our attendees were dedicated enough to resist the temptations outside and stay for the final sessions!

There were over 3500 attendees, with over 1600 of those CIOs (those are the advance figures we had - I am sure those stats will be updated to include on-site registrations if they haven't been already) and it seemed like most of them passed in front of me in my little one-on-one booth over the four days of the conference!

OK, maybe not quite. But I did have a pretty full one-on-one schedule, and it seemed like the majority (all except a couple on virtualization security, in fact) fell squarely into two camps:

1. Advanced Persistent Threats (APT) and what can be done (if anything) to secure against them and remediate following exposure (and we could be talking "real" APT or just targeted persistent threats here - I lumped them all together). What was alarming was that of the several meetings I had covering this topic, at least half of them were not inquiring out of academic interest – they had recently been or (in one case) were currently under attack and were struggling to cope.

2. Securing the iPad on the corporate network. Interestingly this was not usually phrased as “securing tablets” or “securing mobile devices” but was iPad specific, although several did require a more platform-agnostic approach. Typical questions were how to manage these devices, what kind of security policies to put in place, and exactly how secure is the data stored locally on them. I have a research note due for publication shortly which ties in directly with some of these issues, entitled "How To Secure Corporate Data on Your iPad or iPhone.”

I was allowed out of my little one-on-one cell for an occasional bathroom/meal break and to host an Analyst User Roundtable (AUR) on "Virtualising Security, Securing Virtualization". This was a very interesting session which exposed one key point. I had three broad groups defined by maturity, in-house vs outsourcing, and public vs private companies, and thus each group had different requirements and opinions. However, across all groups there was one idea which was common: “We do not trust the hypervisor…yet!”

This mistrust of the hypervisor is preventing them from consolidating some servers, since they are unwilling to mix assets with different security trust levels on the same piece of physical hardware.

Don't forget to follow me on Twitter (@bwalder) for news of published research notes, weather reports on the south of France and where to find the best loup de mer in Cannes...