Thoughts from the IDC Security Roadshow in South Africa

Greetings from the IDC Security Roadshow in Johannesburg, South Africa! I am sitting here in the hotel lobby looking out at the Nelson Mandela Square listening to the explosive track from DJ Fresh – The Feeling (Ft. RaVaughn) (Metrik Remix), reflecting on the last couple of days and the discussions Ive had with various people.

I have been giving a few interviews and I was also presenting at the IDC security conference; my presentation is called The Diary of a Security Geek and it includes material from a one year long research project I have had. It basically contains observations made during these conferences and some really interesting facts on how security managers see IT security, how they prioritize and some interesting false perceptions on IT security and risks. I know that some of you might be interested in this research, so don’t worry – I will publish my research at a later date and I will also be giving the same presentation on quite a few conferences around the world this year.

The presentation was very well received and I had some really interesting discussions afterwards. Maybe it is time to write another diary?

During the conference I also had the opportunity to listen to some interesting presentations. They included:

• Mythbusting Converged Physical, Logical and Remote Access by Paul Anderson from Active Identity.
• Stepping Away from Your Desk: Shifting Perspective And Going Mobile by Nader Henein from Research In Motion.
• Security Privacy and Social Networking by Kovelin Naidoo from eBucks NFB
• Securing The Next-Generation Enterprise by Ranjit Rajan from IDC

It was really interesting to see what some of the IT security companies out there are working on, and also some of the issues the CXO and other IT managers struggle with every day. Coming from a European country with fast Internet and suitable weather for building data centers, you get a different view on IT security.

When traveling the world and meeting all these interesting people it becomes really clear that IT security is not just a product, a service and a mindset; it can also be a cultural problem. For example, how do you enforce a security policy when people from different cultures simply have a different mindset on what constitutes confidential information, or about access rights? When, for example, the king of a country can make changes in the nations firewall rules? When certain religious views affect working hours?

IT security is not only a local problem for your organization, it is also a global problem because we are all connected with each other, and we rely on each others security. I’m pretty sure that everyone who read this have heard about the saying: The security is only as secure as the weakest link. Today we share data with many different partners, and we simply have to rely on their security. To really build good security we all need to work together, share experiences and ideas. And speaking at conferences around the world provides a really good opportunity to share this information with everyone.

I had the opportunity to talk about this for a quick five minutes at Summit TV while I was down in South Africa. They have published the interview online and if you are keen to see it, just tune in here: http://multimedia.avusa.co.za//view_video.php?viewkey=23d28836e5de55882f1e

I hope to see you at a conference close to you and hear about your experience on this journey!