1. Great paper that complements the whole "SIEM is dead?" saga - "Most enterprises are looking for a product that will solve all of their problems in some sort of off-the-shelf miracle, and when they find out that the currently available tools can't do it, they either postpone their deployment or put them on the back burner. "
2. "The Mess: looking for someone to blame?" is an awesome piece on Internet security and its architecture - and so is Gunnar's follow-up ("If a tree falls in someone else's silo...")
3. Mike call to "Rise up against Mediocrity."  - "Dilbert makes the risk of the lowest common denominator approach abundantly clear."; in other words, you say 'best practices', I say 'mediocrity!' Mike also remind us, in vain, to do "Security FIRST!" (and compliance second)
4. A great piece from Burton: "On Response" - I think the world needs another 10-20 million reminders that PREVENTION FAILS. This is definitely a good one for those still in the "we'll just block the threat world" - "we will not win a continuing war of escalation" and "using response can be more cost effective than installing the latest and greatest preventative tool"
5. More on metrics, including the highly-awaited ISO27004.
6. Pretty dumb paper by a person confused by why PCI DSS exists (the guy needs to read this). PCI doesn't "fall short," it helps people who will otherwise not do anything and their systems will "power" those botnets of the future...
7. While we are on this subject: a really good coverage of PCI 1.2. changes, released Oct 1st. More PCI fun here. And more here ("PCI Compliance - dispelling some common myths"). And, more PCI myths. And more good ideas on PCI from Mike R. Sorry, can't stop thinking about PCI :-)  - also this is good.
8. Adrian on behavioral monitoring; mostly in DAM, but also elsewhere in security.
9. "Premature Chasm-Crossing"  - a must-read for all security vendors and especially their marketing (and  their easily-excitable PR teams...) - "Shouldn't vendors be spending more time fighting the problems that security managers are facing today, right this minute?" (Mike R also comments on that). A related - and  just as interesting point is made here: "Security is not a solution"
10. More on compliance and security checklists, good and bad: "I think this is a dangerous trend unless the "checklist" is all inclusive." (how can a checklist include ALL? :-))
11. "SANS Top 7 New IR/Forensic Trends In 2008"
12. Read "The three approaches to computer security!"  Why? Come on, it is from Joanna! :-)
13. A fun discussion about a hot new technology: network IDS. Is IDS absolutely indispensable to ALL companies? No. Can it be incredibly useful? You bet. End of discussion.
14. On an unrelated note, are lasers the future of warfare? Some say no.
15. Finally, some security humor from Gartner (!): "Get Rich Quick With Network Security"

Enjoy!

Previous security reading.

John talked about Microsoft’s mission, his perspectives on key industry trends and market opportunity; he touched on Cloud Computing and Virtualization and took some Q&A from the audience of Managed Service Provider executives.

One of his first proclamations - Microsoft has really embraced the heterogeneous environment. Really? How in the world is Microsoft going to help convince IT line managers, or mid level managers to believe this statement? I think they have a long way to go to achieve this vision with any credibility in the marketplace.  I do know that they are making small strides.

Microsoft has been widely credited with some very good blogs that are self critical and introspective. They have also been quite active in the standards boards within DMTF and many others such as Open WSMAN and CIMON (Open Pegasus). Microsoft in February published 30,000 pages detailed technical specifications – protocol documentation for Exchange, since that time they have published another 15,000 pages. They have had over 224,000 downloads since February 21, 2008. Thus they are trying to be more open by making some of these secret sauce protocol resources directly available on the web.

So for now, I will take a very cautious wait and see approach to this proclamation. Time will tell.

Trends

• Rapid growth continues
• Hosting Competition has a new face
  • Platform gorillas (amazooglesoft)
  • Ad supported Web 2.0 hosters (Google, Facebook,)
• Utility Cloud Computing models are expanding to non-traditional hosting companies
  • Wells Fargo vSafe - hard to believe that a big bank would start to offer a SaaS offering
  • New tools and markets digital ribbon, CohesiveIT

IDC Data shows that growth of SaaS ISV’s is the biggest layer of growth. The fastest growing services are complex, custom applications. IDC says this area will be bigger than the hosting area in the next 5 years. John said that Microsoft is spending a lot of time, money and energy on this right now.

John said:

“when Microsoft thinks about the building blocks that make-up the cloud, virtualization is a core piece of the puzzle. However you also need also identity services, Operating system with standard set of libraries to tap into… or remote storage that application developers will tap into.. Developers will consume these set of services, but you will also need a set of tools to manage your physical, virtual and geographically distributed datacenter infrastructure.” (that is where ScienceLogic comes in!!)

He went on to say,

“In some ways, virtualization enables decentralization – allows you to move from data centers, enables fast scaling out, business to move from on premise to the cloud and off again…. Automation is very important – this will help you scale your business – this is core to your future success.”

He talked about a new breed of knowledge worker: He called them Digital Natives (compared to grey haired guys like me who are left out of this category).

Definition of a Digital natives? A young adult who has grown up with cellphone, web based applications, Facebook account, as their primary mode of communications.

John commented that we are 5 years into a 10 year journey. Only 12% of all servers in the world are virtualized today… in the next 4 years it will double to 25%. This is the time to think through how this business will affect you.

‘Virtualization without good management is more dangerous than not using virtualization in the first place.” Thomas Bittman, Analyst Gartner

Patching and provisioning nightmare – no scalable administration – sprawl chaos.

John posed a question to the audience: How do you partner to provide the ISV support in application development with specific market needs… partner by keeping the hosting to SaaS solution providers up and running and provide the quality of service that their customers expect…. Complimentary services of storage and backup is a big win with a huge market-upside over the next 5 years..

John said that Microsoft continues to make  huge investments with Managed Service Providers.

• Investing in the windows hosting platform
• Hyper V and SQL2008 GoLive program - getting beta code out to service provides to find as many bugs as early as possible.
• Software + Services (S+S) incubation center program
• Partnering for cloud platform market offers
• Cloud platform guidance and best practices

During the Q&A, David Burns from Cincinnati Bell asked the very best question… “when are you going to make it easier for the Service Provider market to deal with the Microsoft Service Provider Licensing Agreement (SPLA) quarterly statistics pull and change the SPLA pricing to be more efficient and creative for the new Virtualization and Cloud offerings you have talked about?”

John’s response: “We hear your frustrations loud and clear and are working on some new ideas for the future version of SPLA.” My interpretation – “Dear Service Providers don’t expect anything new or easier to deal with in the next 6 months!”

His closing remarks: “Cloud is evolving = very early stages, lots of hype, but think of how this evolution will effect your business and how you can plug into it.”

As we get closer to the conference dates, I wish that I had made plans to fly back to the US to meet everyone.    However, I have been cutting back on public speaking, taking a break since May.  In addition, Gartner did not ask me to speak at their Event Processing Summit this year, I assume because they did not want to pay airfare for my flight from Thailand to the US.    Also, Gartner always likes to fill their conference speaking slots with as many Gartner speakers as they can, unless you are a paid sponsor; and I noticed a number of Gartner employees speaking in multiple slots.

(Editorial Note) Then again, maybe I complained to much about the lack of organization and conference problems when I was invited at be a Gartner keynote speaker last time - reservations not made propertly,  problems with the guest speaker registration list at sign-in, rooms shifted without notifying the speakers and panelists.   Admittedly, I was not happy with the conference organizers at the last get together.  This was my fault, as I am accustomed to better conference execution and am probally too “picky” about details these days - my bad.  Anyway, the Gartner organizers apologized numerous times, saying they had too many conferences going on at the same time and not enough people to cover them all.

One of the problems with spending so much time in Asia, especially in Thailand, is that guest speakers are really treated as VIPs.  There are usually special comfy couches set up for the speakers and the conference staff really treat you very nice, taking care of you every step of the way.   In fact, there is an entire very nice culture around how guest speakers are treated in Thailand.   Often, they pin flowers on the VIP speakers and take your photos like you are a star.    Very nice culture.

I absolutely look forward to speaking on event processing or CEP at a future venue and meeting everyone face-to-face instead of over the net.  My sincere and deepest apologies for not attending either the Gartner or the EPTS event this year.   

PS:  If you take up a collection and send me a RT business class air ticket, I might change my mind