Gartner Symposium Opens in Orlando

Gartner Symposium ITXpo is opening today in Orlando. Security Now is there to bring you the latest from the analysts and consultants at one of the most influential firms in the IT industry.

ORLANDO -- Gartner Symposium and ITXpo -- Security Now is on the road again. After a week in Orlando for Microsoft Ignite, we’re back in The City Beautiful for Gartner Symposium/ITExpo, an annual gathering of CIOs, CEOs and executives eager to learn what the future holds for their IT operations. Security will be a big part of the proceedings and we look forward to bringing you the news on the Big Next in IT security.

As I type this on Monday morning, though, the word "security" has taken on a new importance. The word from Las Vegas is grim: the current news is more than 50 are dead and more than 400 have been wounded by a shooter who decided that spraying bullets into a crowd was the correct response to... something. As the hours flow by, there will be more news, there will be analysis, there will be predictable political responses and predictable outrage. That much I know. What I don't know is whether there will be lessons learned that can be applied in order to make future gatherings more secure.

It's impossible to pretend that this will be just another week. When a hole the size of the one blasted open in Las Vegas is ripped into our collective lives, it leaves profound lingering pain and a vivid scar. Yes, this conference will go on (as business, school and life will go on for millions of Americans), but not precisely as was planned 24 hours ago.

One notion that I'll write about today, and will talk about with people here all week, is the notion of friction. A security leader I spoke with several months ago talked about "differential friction" as a key concept in security. That is, you ideally want to make things as difficult as possible for the bad guys, while making things as easy as possible for legitimate users and people just living their lives. Unfortunately, in the rush to respond to a catastrophe, many of the initial suggestions have the effect of throwing sand into the gears driving every process and event.

Bruce Schneier has written a great deal about "security theater" -- actions and processes that are designed to make people feel more secure while doing little to actually improve security. We've been trained to believe that security must be intrusive, bothersome and inefficient. Therefore, if we inject intrusion, bother and inefficiency into the system, users will think that they’re being made more secure.

In IT security there are a number of problems with security theater, not the least of which is that it provides both users and business executives with the illusion that they (and the organization) are far more secure than facts would support. The illusion can lead to complacency and complacency leads, in more cases than not, to new and devastating breaches that are the cause of new reaction and a whole new cycle of theater and illusion.

I truly hope that officials and managers will allow their organizations to learn from this horrific event. After the wave of grief has crested and crashed all around us, there will be time for reflection and new ideas.

Here at Gartner, the morning started with a moment of silence. I'll be back with more information on what the analysts and guests have to say about security and the enterprise. Until then, I'll ask: What do you think the lessons from Gartner will be this year? What's your take on the flow of security?

Related posts:

— Curtis Franklin is the editor of Follow him on Twitter @kg4gwa.

Read more about:

Security Now

About the Author(s)

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights