Div0 Blog Editor
A Day at GovWare 2012
GovWare was not quite the same this year ...
But, the usual discussion on Advanced Persistent Threat (APT) ran its course. Not only is it in fashion with “Flame” and “Stuxnet” making headlines, it is also something to fear especially when large amount of valuable data is at stake. It is not a new topic, but I am glad that a standardised and accurate definition of APT has sunk into the crowd at GovWare this year, especially with the people at sales. Vendors are starting to acknowledge that there is no “one size fits all” security solution at an enterprise level. While there were still vendors essentially offering a solution that is fundamentally the same from the previous year, it was encouraging to see some with new approaches to mitigate APT. Only time will tell how effective these solutions stack up against each other. Overall, GovWare 2012 was a different experience for me (apart from its venue) because of the exhibition and conference topics.
Placing APT aside for a moment, from the experience at GovWare 2012, I gather two trends emerging in the security landscape here.
Big Data – Security Analytics
Consummerisation – A challenge that comes with Bring Your Own Device (BYOD)
More commonly used in the commercial world to spot business trends by collecting and analysing data from vast and relevant sources (hence the name big data). This technology can be applied into security too. Security products that involve analytics are usually called “security information and event management” (SIEM).
According to Gartner, “SIEM technology aggregates the event data produced by security devices, network devices, systems and applications. The primary data source is log data, but SIEM technology can also process other forms of data. Event data is combined with contextual information about users, data and assets. The data is normalised, so that events from disparate sources can be correlated and analysed for specific purposes, such as network security event monitoring, user activity monitoring or compliance reporting. The technology provides real-time security monitoring, historical analysis, and other support for incident investigation and compliance reporting.”
Such products can be found in the RSA and Palantir booths. They complement existing traditional security infrastructure and allows the organisation to effectively analyse and investigate large amounts of “security data” (your archives, logs, network packets, notifications, etc) from the “big picture” point of view. This is especially important when an organisation plans its security strategy.
It is defined in Wikipedia as “the growing tendency for new information technology to emerge first in the consumer market and then spread into business and government organisations. The emergence of consumer markets as the primary driver of information technology innovation is seen as a major IT industry shift, as large business and government organisations dominated the early decades of computer usage and development.”
It means that employees are invading the workplace with personal devices like tablets and smartphones with their own installed applications, faster than the company’s policy can react. I firmly believe that consummerisation will only become more pervasive and it is unavoidable. It is not surprising that most companies do not have formalised and comprehensive strategy in place to solve this issue. For those embracing the BYOD trend, there are hidden costs and security implications involved that your company might not be prepared for. Hence, companies should approach BYOD with caution. But as usual, there was no lack of vendor solutions at Govware 2012 to mitigate the risks involving BYOD.
Andre Ng, First Mate, Div0