There was some great food for thought (and action) that came out of the Gartner Security Summit (#GartnerSEC) I attended in DC last week. The most pervasive message from attendees is that they feel the need to do a security reset given the recent changes to the threat landscape with targeted attacks (Advanced Persistent Threats) as well as pervasive and persistent malware. The folks I spoke with were definitely open to making changes that would help their organizations respond to, or better yet, get ahead of these new threats. That said, they also expressed concerns that the rate of change out there is so fast-paced that some of the newest, trendiest solutions might not even be relevant in another 18 months.
Another key takeaway for me was that everyone feels like they're behind the curve when it comes to security. In closing sessions, the analysts reported that the vast majority of organizations think they're behind the ball with their implementations and lagging on their security posture. As it turns out, most organizations are in exactly the same boat, simply because the cyber threat landscape has changed so dramatically in the past 12-18 months. Their advice to everyone in the room? Seek out the experts, take a look at your current security posture, and adapt it to protect what is most at risk.
Another popular topic at the event was threat intelligence. To protect better from known exploits, organizations are starting to share information about the threats affecting them. Our partner Imperva is a great champion of this kind of sharing; Imperva allows its customers to anonymously share their data back with their central services and — as long as customers contribute — Imperva doesn’t charge additional maintenance for the service.
Security in the cloud was also on attendees' minds as they seek to protect what matters while benefiting from the economic benefits of embracing cloud technologies. Our booth staff received strong interest from enterprises and cloud providers alike on how Vormetric could help them protect sensitive data in the cloud. Additonally, during our conversations with Gartner analysts Brian Lowans and Ramon Krikken, they were impressed by our recent successes in the cloud space, especially our customer Virtustream’s implementation of a secure cloud-based data security environment for Virtustream customers.
As for interesting sessions I attended, there was one by a Gartner analyst we haven’t typically dealt with before, Earl Perkins, on creating a new category called “Data Access Governance.”
This new category takes into account the fact that both structured and unstructured data are increasingly at risk from newer attacks – and part of the response is to closely control who and how the data is accessed. As described, the new Data Access Governance category includes Database Access Protection (DAP), Data Loss Prevention (DLP), Mobile device protection, Digital Rights Management (DRM). Core technology requirements include fine-grained access controls, policy-based data access linked to Identity management solutions, encryption of critical data, and data classification / discovery.
When you think about it, Vormetric already covers many of the critical areas he noted. Our Data Firewall, delivered using Vormetric Encryption includes fine-grained access controls (linked to LDAP and local system user definitions) and strong encryption linked to those access controls. Moreover, we offer additional capabilities that are critical to helping our customers protect what matters, including:
- Security Intelligence data from data access logs information that helps identify malicious insiders and Advanced Persistent Threats (APTs)
- Simple, strong key management to encrypted data
- Automated deployment and operation
We’ve been thinking about how enterprises and cloud providers need to protect their data since the inception of the company, and have a mature, proven product portfolio that already meets many of the requirements Earl Perkin sees organizations needing in the future. It's heartening to hear such a strong validation of our approach from a Gartner Research VP!
I wish I'd gotten to attend all the sessions at last week's event, but I definitely missed more than a few. If you attended the Gartner Security Summit, what were your key takeaways?