Consumerization of IT and state of the security industry

Yesterday was a bit of a surprise for me, I met someone I never would have expected to meet and be an actual co-worker too. There were several talks today, focusing on the "consumerization" of IT, the state of the security industry from a Wall Street analysts' perspective, what makes up an effective infosec program, and how to sell security to management.

Consumer trends in IT industry is scary from a security standpoint. Our customers will increasingly expect to use third-party (unsupported) systems and applications and it is important we draw the line now. For example, work email and webmail, Skype and other WebEx type software. Our customers ask why they should pay for email access when they have Gmail or spends thousands per month on conference numbers. We are seeing a shift towards letting users have external IM and we need to decide [quickly] how we are going to prevent intellectual property data leakage through monitoring, encryption, etc.

On Wall Street, we see Symantec and McAfee losing ground to Microsoft and Cisco, who own much of the security space today. Companies are being bought up left and right while customers are shifting away from one company and towards another. It was interesting to hear opinions on some of the recent acquisitions and IPOs that went public. You know there have only been two security IPOs in the past five years? GUID and FIRE

The talk on what makes an effective infosec program had good data, but the information was conveyed poorly and made the presentation very dry. My eyes began to glaze over trying to take in the information (big words), and I soon started to daydream.

In my next blog post, I'll discuss what we thought were vulnerabilities with a low probability of being exploited, but would severely impact the business if successfully exploited.

Posted by Marcin on Thursday, May 17, 2007 in Security and Work.