Blog

Telling the Information Security Story

Written By:
Published:
Content Copyright © 2009 Bloor. All Rights Reserved.

To me, information security is the most interesting part of the information management story as it touches on every aspect of data management, from creation through to storage and disposal. But what is the Bloor information security story and how do we plan to tell it?

Information security is a vast subject, made the more interesting as the subject has only reached common parlance over the past decade or so. Prior to this, information security was only of interest to secret government agencies and a few academics. Their attempt to control knowledge of the subject was eroded by the widespread use of the internet and worldwide web for commerce and the need to secure the burgeoning number of financial transactions. In parallel with this, a whole industry has grown up offering bigger and better security products and services to those who need to use computers as part of their daily lives.

The taxonomy of information security has been a challenge, but one that had to be mastered before the story can be told, otherwise it would be like writing a book without a chapter plan. This has now been realised and the security team at Bloor Research suggest the following structure.

  • Enterprise Data Protection is an area that builds on work we have been doing for a few years. Essentially it encompasses data encryption, data loss prevention and transactional security.
  • Unified Threat Management is the area of core security products dealing with anti-malware, gateway protection, firewalls, cryptography, forensics and application (code) security. This area also includes the hugely important, and fashionable, cloud computing and SaaS security elements.
  • Policy Management deals with security standards and policy issues alongside the merger of physical with IT security, as this last area falls into non-IT related areas that are part of an organisation’s “bigger” security posture.
  • Regulations and compliance is a huge area that looks into how rules, laws and regulations are impacting the work of IT professionals. This is especially important due to the inevitable changes to legislation we will see following the recent worldwide financial problems.
  • Security management covers the important areas of budgets and reputation management alongside dealing with merger issues, de-perimeterisation, legal and ethical issues and content governance.
  • Identity and access management looks at identity as a service, SaaS, integration as a service and hosted strong authentication areas.
  • New and emerging is a catchall to cover areas that we don’t yet know about or feel they are worthy of some time, such as in the use of biometrics to support two factor authentication models.

As you can see, the information security story is huge and will lead to the creation of many interesting reports and insights. These will be articulated through a number of sources:

  • We will continue to write articles on interesting areas. This will hopefully offer insightful analysis but in a shorter written piece.
  • Blogs will be used to quickly highlight new and emerging stories or news that impacts the information security story and will be more of a commentary on developments.
  • Twitter has a part to play in pointing to interesting reports or news in a very concise form. In fact you can follow me now, using @securitynigel.
  • Reports, whitepapers, market updates and the like will continue to flow as and when we have a more in-depth story to tell. Expect to see revisions to the range of Market Updates we do including application (code) security, data encryption and data loss prevention.
  • Other channels we are developing include a Wiki and rich media channels such as webcasts, videocasts and webinars.

Do we have all the answers? Of course not. The richness of the work we do is enhanced by the input we receive from our clients, followers and friends that help us refine the story that we tell and help produce better and more insightful views we can share with others. Expect to see more refinements and ideas as our story telling gets underway, but in the meantime pull up a chair and get ready for information security story time.