I managed to sneak in a quick afternoon visit to Infosec last Wednesday. I'll admit the free (and, quite honestly, excellent) lunch that I'd been invited to by the chaps over at IRM was influential in making sure that I didn't miss the show completely this year. Good food, interesting conversation. Thanks Phil :-)
I'm not entirely sure what I made of this year's show. To my eyes, it seemed quite busy in terms of attendee numbers and a number of the brave souls manning the stands seemed to be losing their voices by the time I got there after lunch. Which means it's probably safe to assume that they'd been kept occupied pitching their wares and handing over the usual treasure trove of pens, t-shirts and cheap puzzles. However. Other than finding out some more positive details on the Forum Systems products and coming across a promising new cloud security vendor (CipherCloud - check 'em out!) I'm not sure that I got too much out of the exhibition. Primarily the same old(er) faces pitching the same old(er) solutions and, unfortunately, the same can probably said of the education streams. Can't help thinking that the information security scene needs an injection of new DNA to breathe some new life, enthusiasm and ideas into what seems to be becoming a somewhat jaded, self-serving and self-congratulatory sector. The irony of my posting that last statement on a blog has not escaped me :-)
Whilst I'm being a little negative, the big story from the cloud computing world has been the downtime over at AWS which even made it on to the BBC web-site: http://www.bbc.co.uk/news/technology-13160929. We're still awaiting details of the problem (other than that there was a problem with EBS volumes and dependent services) but the biggest surprise(?) was that the issue spanned supposedly isolated availability zones within the affected region. I'm really hoping that the promised "post-mortem" discussing this event provides sufficient detail to enable AWS customers to design for resilience with a full understanding of exactly how isolated availability zones really are...
Subscribe to:
Post Comments (Atom)
4 comments:
Told ya'so. When will you listen to me??? ;-)
I know, I know :-)
I guess the general clique-ish nature of the industry is just becoming a bit more apparent to me after Infosec. Either that or I've only just noticed how you tend to see the same names showing up on the various industry bodies and assocation boards. I've nothing against the individuals concerned, just a little worried as to how there can be any real innovation if we end up with the usual faces driving supposedly new thinking rather than just coming out with the same old platitudes and genericisms. Right, time to scuttle off back to my own pet projects and see if I can start my own clique spouting some different genericisms :-)
Is there any real incentive for vendors to innovate? Might that not damage their current business models? Why would they want to do that?
I guess I'm more disappointed with the 'names' than with the vendors. I just don't see much in the way of genuine thought leadership in the security space, rather an awful lot of repetition of worn-out, generic and not always terribly practical advice.
But I will tackle your point about the vendors as well :-) There's always space for innovation in the product space; just think about some of the changes over the last 10 years or so - Qualys and their security testing from the cloud model, Guardium/Secerno/etc with their database security products, Vordel/Layer7/Forum with their web services kit, CRYPTOCard and others doing managed authentication from the cloud, GRIDSure and others coming up with new authentication mechanisms, CipherCloud/Perspecsys etc with their cloud security products. So there's still money to be made by those pitching innovative and useful products imho - if only from eventual acquisition by the big boys! My problem is more with end users and their consultants not appreciating what new technologies offer and instead relying on tried and trusted (but no longer appropriate!) risk models and mitigations.
Post a Comment