Introducing The Winner Of The iPhone From Infosec

After three busy days at InfoSec Symantec received an excellent response to the research questionnaires. After two extra days, counting in all the entrants, we can, slightly later than expected, announce the lucky winner of the iPhone today as Mr. Keith Christie-Smith. We will be contacting Mr. Christie-Smith to inform him of his prize and thank you to all the entrants who participated – hope to see you there next year!

May 7, 2009 | Filed Under announcements | Leave a Comment 

It Seems Like Hotpants Will Get You Anything At InfoSec!

So InfoSec rounds up for another year. If you were in attendance you will have noticed that Symantec undertook some research on its stand and well it would seem that hotpants will get you whatever you want at a show! We managed to get 1 in 4 of respondents to give out their most commonly used password to our hotpant clad pollsters! Shocking but true. On a lighter note, those of you that did take part we be awaiting the results of our iPhone giveaway, I will be announcing the winner here on Tuesday – so watch this space.

May 1, 2009 | Filed Under data-loss | Leave a Comment 

Glamour At InfoSec 2009

InfoSec started today and that can mean only one thing… our Marketing Director, Sara, gets to dress up and provide a little glamour for the Symantec stand.

infosec2009-1

As for the show… well there are a lot of companies there, lots of old friends and customers. The content of the sessions seems to have been both entertaining as well as informative… let’s see what tomorrow brings… (apart from my session in the Business Theatre – which is not to be missed!)

April 28, 2009 | Filed Under Speaking, announcements, security | Leave a Comment 

David Blunkett At InfoSec

Infosec starts tomorrow and David Blunkett will be giving the opening keynote - the emphasis is going to be on cyber-attacks and the London Olympics.

In the article he says that there is a “woeful lack of awareness” and would like everybody to work together to combat the potential attacks. There is definitely a lack of awareness, but we all need to be involved not just governments and security professionals. It would be great to see a government backed education program to build on what they have already to increase people’s understanding of the risks. We need to start with the ’small stuff’ such as why bots are bad and to to protect information (be it individuals or customers or citizens). Using the Olympics as a headline to catch the attention of the public is great – and if people help by becoming more cyber-security savvy then this is great. OK, so it’s not just about the small stuff, but it’s a start – fewer bots, better understanding of phishing, less people falling for scams. As for the larger stuff, well, that’s where the security professionals and government can work together to watch for threats and mitigate against them.

I look forward to hearing his talk tomorrow.

April 27, 2009 | Filed Under security | Leave a Comment 

InfoSec 2009

Next week is InfoSec in London and this year it’s move to Earls Court. It’s always a good event with lots of new ideas and the usual meeting up with old friends and colleagues. My main talk this year is on Cloud Security, on the 29th April, and I will be previewing my presentation on the Symantec Stand along with a talk on compliance on both the 28th and the 29th.

See you there.

infosec-europe-2009

April 23, 2009 | Filed Under Cloud computing, Compliance, Speaking, announcements, security | Leave a Comment 

Cloud Computing & Journalists – An Analogy

I was reading the article on how a national newspaper is now using cloud technology to great effect and increase the amount of time the IT can spend on helping build revenue streams. It’s always good to hear positive user stories on how new technology really helped.

I have been using an analogy to explain cloud computing which uses journalists as a key part of the analogy and it goes something like this…

A lot of papers and magazines have the need for external writers, either because in-house they don’t have time or the necessary skills. So, they contract out – they find a writer who has a good reputation, capacity and at the right price to do the work for them. When it’s done, they get paid and the writer moves on to the next job. If they decide that they need that writer (or particular skill) in-house then they might enter into some longer term arrangement, or hire the person permanently. It makes for an efficient process of getting what needs to be done, done – and in a timely and cost effective manner.

So… onto the cloud. The premise is very similar, you have the need for something to be done because you don’t have the time or the skills in-house. Unlike an outsourcing arrangement, this is something that needs to happen ‘today’ so lengthy contract negotiations are not an option – and it’s probably relatively short term, so a ten year outsource deal looks a little unwieldy! So you go to ‘the cloud’… find a service provider, someone who has the service required and the capacity you need. Currently there aren’t too many providers, so ‘reputation’ is derived based on their name – and that’s OK. You upload the data or the application along with credit card details… and the problem is solved. At the end of the time the results come back in and the agreement terminates. It’s a win-win situation. Of course, if the service is one that you decide you need more often, then you might bring a copy in-house or create a longer term contract.

So, the similarities between the cloud and the contract writer are, from 30,000 feet, reasonably analogous. Of course, the quantity of data and its sensitivity are very different in the cloud – security is an issue. The journalist may get sick which will affect their availability – in the same way that the cloud being ‘off the net’ will affect it’s availability.

Where does that leave those wanting to use the cloud? Well, the trick here is to know what it is you are trying to do, what the data is you want to push into the cloud and how sensitive it is and then to know what questions to ask the service provider.

Security and the cloud is the topic of my upcoming InfoSec talk later this month at Earls Court in London. See you there.

April 8, 2009 | Filed Under Cloud computing, Speaking | Leave a Comment 

London & Stockholm

Symantec are at InfoSec 2008 next week in London’s Olympia. We are sponsoring the first of the Interactive Theatre sessions on Tuesday 22nd April - a Cyber Attack Special. So come along, take a look and vote on the questions we will be asking. Bruce Schneier is one of the special guests – it should be entertaining and informative at the same time.

I’m also in the Opening Keynote for the presentation of PwC Department for Business, Enterprise and Regulatory Reform Information Security Breaches Survey – which has some great information and a few scary statistics.

Later in the week, on Thursday 24th, I’m presenting at the Affärsvärlden Bank & Finans Outlook 2008 in Stockholm, where I will be talking about IT governance, risk and compliance.

So, if you are around, come and say hello.

April 15, 2008 | Filed Under Speaking | Leave a Comment