Gartner's Pescatore on security

Forget about Security 3.0, what about Security 4.0?

Following his keynote speech at the Gartner IT Security Summit in Washington, D.C., this week, Gartner vice president and distinguished analyst John Pescatore answered a few questions from Vic Wheatman, managing vice president at Gartner. Here are some excerpts from the interview:

What's the greatest new threat; what should people be most worried about?

The consumerization of IT; mobile devices, working from home, etc., that's the biggest issue. [IT departments] aren't heading toward more control [over IT assets], in reality we're heading toward less control.

Is there a role for the CISO in physical security?

There's definitely a role. Having [information and physical] security owned by the same person may or may not make sense, but integrating assets such as badge systems, video systems into IT systems offers a big bang for the buck. So you have to make sure there are common processes and [departments] work together.

You talked about Security 3.0, what would Security 4.0 look like, say five years from now?

Globalization is growing and is not going to stop. There's grid computing, utility computing, virtualization, all coming along . . . we'll be saying 'Wait a minute, now we don't even own the computers.' There's a whole different [set of] security challenges there.

Along the lines of the consumerization of IT, the workforce in five years will be Facebook people, [instant messaging] people, kids who don't leave voice mails because nobody does that, they just send a text message in real time. That's going to influence how they do their job. Five years from now, we're going to have to have some less-bald analysts helping us think about this stuff, [for example,] which mobile carriers have the best security-in-the-cloud services.