'

Gartner Symposium 05

To call the annual Gartner conference at Disney World a trade show is not completely fair. It is a mind share event where attendees get to absorb as much as they can hold on IT Architecture, best practices, a whole bunch of stuff I never heard of, and a smattering of security.

To call the annual Gartner conference at Disney World a trade show is not completely fair. It is a mind share event where attendees get to absorb as much as they can hold on IT Architecture, best practices, a whole bunch of stuff I never heard of, and a smattering of security.

Security seems to be dropping off the list of important stuff for Gartner. Is that a reflection of the resurgance of IT spending (up 5.5% this year?) Was security a big deal back in 2003 because everything else was in the doldrums? Now that enterprises are investing and building out new stuff does security get pushed to the back again?

No mention of security at all in the opening Keynote addresses Monday morning. If the only time you have been in an audience of 6,500 people has been a rock concert you should consider attending a Symposium Kenote. Amazing to see that many people interested in technology all in one place. Andy Kyte gets top marks for his performance. Pure entertainment.

What about the theme of this year's event? Rapid results. It rings true for me. I learned in my mechanical engineering days that the more prototype and test phases you included in a project timeline the more chances of success you had. Perhaps that is why Gene Hall (Gartner CEO) did such a great job of describing it. He has a mechanical engineering background.

The expo floor seems also to be light on security. Webroot is there, TNT from Atlanta is there and a few other "pure play" security companies. But it is a short list.

I wonder if Gartner's new security mantra is hurting their visibility in the space. That mantra being "HIPS and Suites on the Desktop", "Monitor, respond and NAC, in the Network".

Just a quick snipe at NAC once again. Network Admission Control is the concept that if your laptop configuration is not up to snuff you will be denied access. In other words if you do not have the latest AV Dat file, or your configuration has been changed, or your patch level is out of date when you try to connect you will be shunted to a server to get you back in shape before being allowed on the network. There are so many things wrong with the very idea of NAC that it is hard for me to get beyond the flaws and discuss implimentation issues.

Rather than that do that again I will just go on the record as saying:

The only controls on access should be access controls. Who are you and what are you allowed to do? Health, configuration, and state checks breaks the idea of networking, which is all about getting connected.

If the network were secure a machine infected with MSBlaster should not cause any harm. Secure your network. Leave the hosts to the desktop guys.

My mantra is different from Gartner's:

"Old threats, old solutions. New threats, new solutions".

Picture of 6,500 chairs: 6,500 chairs