Posted by Joe Franscella

I’m not big on press releases or announcements that start off by stating “… is pleased to announce …” But, I gotta say that in this particular case I really am pleased to announce (on Security Heavy) Trainer TV, my firm’s video contribution to the IT, marketing and public relations spaces.

Trainer TV is Trainer VP Ross Perich’s long-developing idea in action. Ross has brought his experience and talent as a former TV reporter and AP award winner to the regular show that not only showcases what’s happening in IT, marketing and communications, but also Trainer’s prowess at producing video. I am proud to say that I am Ross’ right hand man in the endeavor, have the opportunity to do much of the shooting and editing and I get to apply my skill at chroma keying and inserting digital backgrounds (unlike agencies that outsource this level of technical production, Trainer does it all in-house).

The first two segments we’ve released feature insight from security executives  interviewed during the Executive Women’s Forum (EWF) party held during RSA Conference 2009. The one above is about what keeps security executives up at night and the one below is about threats execs are on the look out for. Both  include comments from the heads of security at enterprises including McCormick Spices and Braclays Bank. We have more IT security segments coming out over the next coupld of months.

Click here to view the embedded video.

Found threatpost.com to be quite intriguing – I think its good news for the news industry that corporations are stepping in to fill some of the gaps that the slowing print industry is experiencing. Had a chance to interview editor Ryan Naraine on video about the new Web tech news outlet, I’ll be posting it next week.

Security Blogger Network Meet-up – Appreciated being able to mix with and meet some of the people I read ever day outside of the pressure of trying to pitch them; especially enjoyed the conversation with Chris Christianson on firewall audits.

Appreciated Andreas Antonopolous‘ virtual security panel with Chris Hoff, Simon Crosby, Stephen Herod and – sorry – can’t recall the other panelist’s name. Thought Andreas did a great job pulling the whole thing together with some actual solutions to the challenge.

Posted by Joe Franscella

When queried on the potential effects of a budget decline, 30 percent responded that their chief concern would be protecting against new security threats. The second biggest concern from the group of respondents was that they wouldn’t have the staff or resources to comply with audits and other regulations.

The number one category of security spending expected to be negatively impacted by a security budget decline was security training — a full 30 percent of respondents classified this as the first area to be sacrificed. Next on the list was network security — where 25 percent of respondents believed this would be an area they could trim their budgets. The most protected area of security was remote access — only three percent of the respondents felt they could trim spending in this category. The next most protected area was desktop access, where only 13 percent of respondents would expect to cut spending in this category.

The survey polled 109 conference attendees that are involved in the IT decision making process for organizations within a wide variety of industries, including health care, government, financial, insurance and telecom.

Join Secure Passage in a discussion of this survey and other security related topics on Twitter @SecurePassage, Facebook, and LinkedIn. For more information on Secure Passage, stop by booth 553 on the RSA Conference 2009 Expo floor.

Posted by Joe Franscella (Disclamer – I represent Secure Passage)

Sixty-nine percent of respondents defined a virtual firewall as software running on a virtual system. However, the largest deployment of virtual firewalls provided by the leading vendors are firewall devices running multiple firewall instances. This gap indicates a lack of understanding of virtual firewall solutions available, vendors’ failure to meet market demand, or both. At a minimum, it strongly suggests a need to more clearly differentiate the solutions being provided today.

The number one management concern about virtual firewalls is the increase in complexity caused by the growth in the number of firewalls, polices, rules and objects. Closely following the top concern is the additional management burden caused by the lack of automated tools and resources to effectively address the increase in complexity. These concerns may explain why 64 percent of respondents do not feel that virtual firewalls will gain widespread adoption for another two to three years.

Forty-two percent of respondents identified that their top security concern about virtualization is users creating unauthorized virtual environments. Twenty-seven percent of respondents are concerned about their limited view into the host operating system and virtual network to identify vulnerabilities. Similar to traditional firewalls, misconfiguration of virtual firewalls is one of the top three concerns.

The survey polled 109 conference attendees that are involved in the IT decision making process for organizations within a wide variety of industries, including health care, government, financial, insurance and telecom.

Join Secure Passage in a discussion of this survey and other security related topics on Twitter @Secure Passage, Facebook, and LinkedIn. For more information on Secure Passage, stop by booth 553 on the RSA Conference 2009 Expo floor.

Posted by Joe Franscells (Disclaimer – I represent Secure Passage)

To participate in the discussions and view the survey results, join them on Twitter @Secure Passage, Facebook and LinkedIn.

The discussion-sparking surveys are “Virtual Firewalls: Myth vs. Reality” and “Impact 09: How Reduced Spending is Affecting Information Security.” The virtual firewalls survey will look at how enterprises are using virtual firewalls in their enterprises; the IT spending survey will reveal how the current economic situation is affecting IT security spending and security overall. Both surveys will poll IT security decision makers from a wide range of industries. Results from the virtual firewalls survey will be released on Tuesday, April 21 at 4 p.m. PST; the IT spending survey results will be released Wednesday, April 22 between 9 a.m. and 11 a.m. PST.

Trainer Communications will also be there in force. Several companies are meeting with the company’s CEO Susan Trainer and Security Practice Vice President Mary Van Zandt to discuss how to improve their current marketing and communications. Both Susan and Mary have been in the marketing and communications game for more than two decades and Mary has spent a majority of that time focused on IT security. If you are going to be at RSA next week and want to get a gratis competitive media analysis between you and a leading competitor, contact Mary at mvanzandt at trainercomm dot com.

Until then – see you at RSA!

Posted by Joe Franscella

Just this week Network World writer Tim Greene announced he’d be switching his newsletter focus to Cloud Security. In yesterday’s NAC newsletter, at the end he wrote: Not so for this NAC newsletter. Starting next week it becomes the Cloud Security newsletter, addressing security of cloud services as well as cloud-based security services.

Also this week, a number of thought leaders, with corporate backing, announced the formation of the Cloud Security Alliance. Ellen Messmer did an informative piece on it in Network World: Cloud Security Alliance formed to promote best practices.

We already know from early looks at the hot RSA Conference topics this year that Cloud Security is going to be a barn burner, wrote Greg Masters in an SC Magazine article earlier this month:

“We have quite a few sessions lined up to discuss cloud computing,” says Tim Mather, vice president and chief security strategist for RSA Conferences. “From an excitement perspective, it’s probably the single hottest topic.”

I know a lot of us are looking forward to some final definitions with regard to the space and a more cohesive understanding of exactly what it means. Developments like these may start to provide some answers.

Posted by Joe Franscella

According to RSA, Innovation Sandbox highlights include:

• Demonstrations from information security’s new rising stars, including start-ups and early-stage companies 
• “Most Innovative Company at RSA Conference 2009″ contest, judged by a panel of industry experts and thought leaders
• “Whisper suites” showcasing new R&D breakthroughs from industry-leading companies
• Interactive whiteboard sessions focused on tomorrow’s security challenges, facilitated by renowned information security experts Hugh Thompson (Chief Security Strategist at People Security) and Paul Kocher (President and Chief Scientist, Cryptography Research)

It sounds like a coo place to be, hope to run into some of you there.

Posted by Joe Franscella

For today, I want to talk about the building RSA 2009 buzz/excitement and how I am looking forward to opportunities to fully immerse in the “security” bliss of it all. I am especially looking forward to the fun stuff – Chris Hoff’s Sumo contest included.

Last year was my first RSA conference, I had a great time creating a man-on-the-street survey video for a Trainer Communications encryption client and then had the added satisfaction of seeing the video go viral and the survey grab the attention of Dark Reading.

Of course, this year we have some cool stuff planned for our clients that will be attending and our hope is that their customers, partners and media will find value in the information we present.

Yesterday, I for sure appreciated Martin McKeay’s “Tweet like your mother is going to read it” post and especially Tom McKeay’s Tony Mackey’s response. It got me thinking, what would I be tweeting to my mom … chocolate chip cookies not oatmeal please … I have my birthday present list ready…

Outside of security the IT stories I am finding most intriguing over the past few days are about IBM’s potential purchase of Sun and the Cisco System’s move into the server business. What does all this mean to IT security? I am sure we will find out soon enough.

Posted by Joe Franscella