A few weeks ago, I returned to my hometown, London, for Infosec Europe. I’ve attended this show several times in the past, so I knew generally what to expect. There were a few key trends that jumped out at me. Some – like the fervent warnings about increasingly sophisticated IT security threats – I fully expected to see. Others, like the growing interest in Public Cloud among UK organizations – came as a pleasant surprise. Below are some of my key takeaways from this year’s event.
Big Data is firmly in the trough of disillusionment. It needs to be said: These days, Big Data isn’t a solution. It’s a problem. At Infosec Europe, I was not alone in this sentiment. We’ve now reached the stage where there is data – data everywhere! – and barely a drop of insight to show for it. Vendors continue to promise a data-driven organization that makes smarter decisions based on a wealth of actionable information. What’s being delivered instead is a mountain of noise held hostage inside vendor-specific UIs and visualization tools, or silo’d within individual groups inside an organization. At the show, it was clear that Big Data is going to need a big makeover – more open, with better analytics and data visualization – before it can become the promised solution.
Public Cloud gains traction in the UK. While Big Data is languishing in the trough of disillusionment, Public Cloud seems to finally be gaining a foothold in the UK. UK businesses have long been cautious about moving to public cloud, in part due to concerns about the security of data and applications that reside off-premises. But according to Quocirca research director Bob Tarzey, quoted in a pre-show write-up in Computer Business Review, “[T]he message that actually many cloud infrastructure and application services are far more secure than many have credited should be getting through. In fact, in many cases they are far more secure than on-premise deployments.”
Indeed, the conversation around public cloud at Infosec Europe supported Tarzey’s conclusion. With growing recognition that public cloud is as secure, if not more so, than many on-premises deployments, coupled with the increasing availability of solutions that help monitor and manage workloads in the cloud, UK organizations seem to be warming to the cloud.
The rise of the security vendor doomsday cult. Enterprise IT has much to be concerned about when it comes to security these days. Just ask Target. Or Anthem. Or Premera. Or the US Office of Personnel Management (OPM). Security vendors at Infosec were keen to sound the alarm to attendees about the many looming IT security threats, and while I agree that businesses need to be prepared for and aware of increasingly sophisticated attack vectors, a few vendors preferred to sell fear. Like one gentleman who shouted from the podium, “There are traitors in your midst! You can’t trust your team!” We firmly believe that true security is the outcome of a disciplined approach to architecture, not a product you can buy off a vendor in a bazaar. I suppose it’s easier to sell products than solutions.
Calm prevailed in the face of looming EU data protection regulations. On June 16, it was announced that the proposed EU General Data Protection Regulation (GDPR), successor to the 1995 Data Protection Directive, had cleared a major hurdle on the way to becoming law. While this development came after Infosec Europe, by the time of the show, many assumed that the GDPR would go into effect by the end of 2015. While the GDPR is a major step toward harmonizing data protection regulations among EU nations – a net positive for many companies doing business in the EU – the regulation includes a host of new requirements, including appointing data protection officers, the new right of erasure, and hefty new fines for non-compliance. Before the show, I expected that this would be a major topic of discussion, but for the most part it seemed to be a non-issue among Infosec attendees. Perhaps this is a strong indication that the benefits of harmonization will outweigh the challenges posed by new requirements within the regulation.
[su_box title=”Raja Mukerji, Co-Founder & President, ExtraHop” style=”noise” box_color=”#336588″]
Raja Mukerji is the Co-Founder and President of ExtraHop, the global leader in real-time wire data analytics for IT operational intelligence. Where he is responsible for Customer Services, Systems Engineering, and Solutions Architecture. Raja ensures customer success, leveraging his background in the financial-services industry.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.