This article can also be found in the Premium Editorial Download "Information Security magazine: Tips from the 2007 Security 7 Awards."
Download it now to read this article plus other related content.
|CATCHING UP WITH Christofer Hoff|
ON HIS NEW JOB WITH UNISYS I spent two years with Crossbeam and it was a fantastic experience. I gained exposure to the Fortune 500, carriers, mobile service providers and other spaces. [Crossbeam] is in a growth pattern and they're focused on applying strategy, not crafting it. I looked at the position with Unisys (chief security architect, security innovation) as an opportunity to expand my horizons. They're in the middle of a business transformation, and it's a very interesting intersection.
After winning the 2005 Security 7 Award in financial services, Chris Hoff has become a prolific blogger, willing to share his opinions on the security market and new technologies, in particular the need for security in virtual environments.
I work for the office of business innovation, and one of the pillars of Unisys' business strategy focuses on security. That means more than information security; it means protecting borders of countries, working with the Department of Defense, container security, port security; it expands my horizons on the convergence of the physical and IT elements of security. It's been quite interesting.
ON SECURING VIRTUAL ENVIRONMENTS This technology is 30-40 years old; think about IBM and ALPARS (affinity logical partitions). People are looking for less footprint and more computing power. On the business side, CIOs are looking at cost savings, then think about security. One side of the market is centralizing with thin, dumb clients, and using hosted software as a service and Ajax applications, dispersing processing power to the edge. The two intersections are never secured.
Virtualization is fantastic: it does great things for cost, horrible things for security. But I think we're making progress on this portion of the uphill slant. Look at the classes of problems we have; we haven't eliminated any, we're creating more.
Ajax is an example, and we're at odds of how business and technology are approaching these problem sets. We've put all this power in users' hands and we yank it back because we never engineered proper security in the first place. it's not right.
ON ACQUISITIONS If there are 800 security companies in the dating pool, some of them were born to be commoditized, others were born to be snapped up. Data leak prevention, for example, is a feature without a market. And it's normal, and I welcome it.
You get these nascent products and the features either take hold or run out their lifecycles and get integrated into end-to-end suites. If you look back over time, this is natural and normal. Every time we carry over to another intersection of technology, economics and business problems, we end up having new niche companies. It will be a sad day if we don't have innovation.
ON BLOGGING I owe my blog (http://rationalsecurity.typepad.com/blog/) to one of the biggest agitators around, Alan Shimel [chief strategy officer, StillSecure]. He came out for a visit and told me, to blog and make a difference, it's something you have to do every day so that it becomes part of your life. It becomes addictive, like checking email. You gotta do it. And when people interact with you, it's quite amazing. I never expected it would open avenues of discussion, networking and more.
--Michael S. Mimoso
This was first published in October 2007