Gary Palgon
VP, Product Management
nuBridges
Here I sit on the runway at Reagan International Airport. There’s a storm brewing and the plane’s engines are off, so I have plenty of time to reflect on the past three days at Gartner’s IT Security Summit. Here are a few thoughts for those of us who worry about protecting business data for a living. . .
The conference was held at the two-month-old Gaylord National Hotel, located just outside of Washington, D.C. in National Harbor, Maryland. Mark Burnette, Executive Director of IT Operations & Security at the hotel chain gave a great presentation at the conference – “Case Study: Security Information System at Gaylord Entertainment”. He covered the fact that they log more than 78 million digital events each day, which maps to more than 14 million correlated review items, alerting them to several high-profile security issues each day. Issues that are carefully inspected and quickly resolved. The centralized log management was required for PCI DSS compliance, but it’s also key to their overall security initiatives. Because of the Gaylord’s proactive approach to logging and auditing all electronic functions throughout the hotel, they are able to lower their level of risk, and provide a safer environment for their patrons to book reservations (online, by phone, etc.) and enjoy their visits to this beautiful property.
Being in D.C., there were lots of government representatives interested in security for their respective agencies along with the usual attendees from mid- and large-size enterprises. Given the continued proliferation of breaches since last year’s Summit, it’s no wonder there was plenty of information-packed sessions including many corporate case studies of company security successes.
Gone was last year’s focus on spam and phishing emails, replaced this year with topics like log management, thwarting bot attacks, identity and access management and end-to-end security. From thumb drives and full-disk encryption on laptops to locking down back-office applications, databases and servers. There was lots of talk of a more organic approach to security – building it in at the data and workflow levels.
Looks like the clouds are starting to clear – there’s hope we’ll take off soon.
Be back next week,
Gary
