Trainer Communications’ PR and marketing professionals were, again, all over the RSA Conference, myself included. This year was especially exciting as the amount of client’s we were representing there increased 300 percent over 2009 and this year we conducted two surveys for our clients PacketMotion and Brocade and helped our client Secure Passage out with social media activities management and execution. In general, I’d estimate that Trainer’s increased RSAC presence and that of its clients is a great indication that, despite the slow pace of the improving economy, the IT security industry remains strong and continues to grow.

Angela Griffo’s crew did a bang-up job with the Brocade survey, I found some of the results to be especially interesting, especially the one on whom within enterprises security pros are the most concerned about spying on behalf of. I thought for sure that IT security folks would have a major concern that foreign government spies were after technological advancements, after all, the Constitution of the People’s Republic of China is riddled with amendments that almost say “economic advancement at all costs.” But not so, the vast majority of infosec pros surveyed, 41 percent, stated that they were more concerned that there might be internal spies working for competitors. Check out the conclusion:

A result that I found to be equally intriguing was the one that asked whether or not security policies were being enforced. Seventy percent of respondents said “yes,” but this made me wonder exactly how effective or comprehensive the “enforced” policies really are, especially in light of the use of social networks in the workplace and personal devices being used to access networks. If you check out this video we put together for PacketMotion, you’ll notice that eBay’s Information Security Chief of Staff points out that mobile devices are something everyone has and uses for work these days.

Click here to view the embedded video.

Back to the enforcement question, here’s the total results of the question:

I know I am behind a week on my “What is the Cloud? Film at 11 Post,” but that’s coming soon, I promise. Things are really picking up at Trainer and I have little to no time to blog lately, but I am starting to carve out room.

]]> http://www.securityheavy.com/2010/03/rsac-2010-survey-says-competitors-biggest-spy-threat/feed/ 0 http://www.securityheavy.com/2010/03/rsac-2010-defining-the-cloud-film-at-11/ http://www.securityheavy.com/2010/03/rsac-2010-defining-the-cloud-film-at-11/#comments Fri, 05 Mar 2010 22:55:18 +0000 Blogger in Chief http://www.securityheavy.com/?p=679 Posted by Joe Franscella, 3-5-2010:

Again, I had an excellent, educational experience at the RSA Conference. I run into editors, bloggers and analysts I know from time to time at the show and always ask them the same question, anything new, exciting or cutting-edge? Invariably, I get yes and no responses but this year I think I heard more say they were excited about the fact that innovation is starting to creep back into the game. At around 11 Tuesday night, I ran into Richard Stiennon crossing Howard Street, he was with an MSP friend of his and during our brief conversation he mentioned a few of the more “interesting” vendors he had come across. I look forward to reading his complete thoughts on them when he publishes.

Again, I had the privilege or shooting video during the Executive Women’s Forum party at the W Wednesday night. This year I had the chance to interview three of some of the world’s most well known players in the Cloud and Cloud security game. On camera, each were asked what is the Cloud and can it be secured? The answers were stunning, I got back a technical, business and metaphoric description — I’m pleased to be able to say that my hours of research have paid off as the definitions weren’t far from my own conclusions I had made prior to talking with them. Next week, I will be posting the video.

Rake Narang of Info Security Product’s Guide visited two Trainer Communication’s clients’ booths at RSA, Secure Passage and PacketMotion. Each did an excellent job at quickly and comprehensively telling their company’s stories:

Click here to view the embedded video.

Click here to view the embedded video.

Sixty-nine percent of respondents defined a virtual firewall as software running on a virtual system. However, the largest deployment of virtual firewalls provided by the leading vendors are firewall devices running multiple firewall instances. This gap indicates a lack of understanding of virtual firewall solutions available, vendors’ failure to meet market demand, or both. At a minimum, it strongly suggests a need to more clearly differentiate the solutions being provided today.

The number one management concern about virtual firewalls is the increase in complexity caused by the growth in the number of firewalls, polices, rules and objects. Closely following the top concern is the additional management burden caused by the lack of automated tools and resources to effectively address the increase in complexity. These concerns may explain why 64 percent of respondents do not feel that virtual firewalls will gain widespread adoption for another two to three years.

Forty-two percent of respondents identified that their top security concern about virtualization is users creating unauthorized virtual environments. Twenty-seven percent of respondents are concerned about their limited view into the host operating system and virtual network to identify vulnerabilities. Similar to traditional firewalls, misconfiguration of virtual firewalls is one of the top three concerns.

The survey polled 109 conference attendees that are involved in the IT decision making process for organizations within a wide variety of industries, including health care, government, financial, insurance and telecom.

Join Secure Passage in a discussion of this survey and other security related topics on Twitter @Secure Passage, Facebook, and LinkedIn. For more information on Secure Passage, stop by booth 553 on the RSA Conference 2009 Expo floor.

Posted by Joe Franscells (Disclaimer – I represent Secure Passage)