Simon Says – Musings of a Technology CTO

Last month I was invited to speak at our Executive Summit in Amsterdam, where 100 or so CIOs, CEOs and other executives from the Benelux area came to hear what McAfee was up to, and tell us where we were going right (and wrong).

Not content with talking at them for the day, we plied them with good wine, crispy bread and sandwiches which you could never find the equal in Subway or Quiznos. We also gave out some homework, asking participants to complete a survey of their security concerns which came back with some interesting results:

First up, we asked what the top 5 priorities were for 2010. You can see from the chart below that “Data Protection” (51%) (preventing leakage of personal information etc) and “Security & Compliance Management” (49%) (proving the protection of data etc) were clearly the most important. This is interesting because, perhaps unexpectedly, Europe does not have strong data disclosure regulations like perhaps seen in the USA. It’s true that some European countries have data protection regulations, for example the “Data Protection Act” in the UK, they tend not to insist on mandatory disclosure of loss, which is one of the prime drivers of data protection in the USA.

Top 5 Priorities of Benelux Attendees

Bottom of the list is “System Security” with 15% – This may seem surprising but perhaps when you consider how mature the AV, HIPS, Spyware, and general Malware protection market is, it may just indicate that people feel they have this risk under control.

Next up we asked attendees what they believed their top challenges would be over the next 12 months – The most biggest concern (ranked as “very serious” with 23% of the vote was of course budget constraints, but in terms of most concern in general, it was “Employees’ lack of adherence or security polices” (51%), and “Ever increasing number of mobile clients an unmanaged devices” (44%). These two go hand in hand in my opinion – if you have a robust policy, and a knowledgeable and conscientious workforce, unmanaged devices may indeed be not a great concern.

However, if, like most companies you have a workforce who are willing, but consider security secondary to getting the job done, and who also believe they have the right to connect the latest-and-greatest Smartphone to your corporate network and download the entire customer database “Just in case they don’t have service at a critical moment”, you could be in trouble.

To paraphrase Apple – “Is there an app for that?”

Top 5 Challenges in the next 12 months