More solutions please

Last week’s IDC IT Security Conference 2009 in London offered free attendance for the first 100 guests, so it’s not surprising that there was a full house of security managers. As with many of these events, the presentations were primarily talks by sponsors, or case studies showcasing products. Now that’s fine if we get to hear about new ideas for solving emerging solutions. But this year’s crop of products does seem rather lackluster. 

The most illuminating talk was from Josh Pennell on cloud computing security attacks, a fascinating and fast-moving area, which justifies a lot more attention by users and vendors. The most entertaining presentation was from an exuberant Dr James Lyne on malware trends. Most of the rest were rather superficial discussions of long-standing challenges, such as de-perimeterisation, data leakage prevention and the difficulty of demonstrating return on investment. Managing the human factor was also a recurring theme. As Eric Domage, IDC’s French research manager quaintly put it ‘The user is king … of nightmare’. I couldn’t disgaree with that. 

It’s clear that we all agree on the list of problems. But where are the answers? Unfortunately, there were few suggestions of solutions. Even ISF, with their relatively generous research funds, could contribute little more than vague responses to unproductive questions such as ‘Is AV dead?’ and ‘Is DLP a fashion?’ As one of my colleagues put it afterwards ‘I felt like a drowning man listening to someone describing water’.