I am by no means optimistic that infosec organizations invest time on the areas of most strategic value to their companies, but having just read Stephen O'Grady's summary of where IBM sees enterprise client computing going, I am quite concerned. Here's the takeaways:
Maybe this should have been obvious, but when its laid out this bluntly by the most enterprise-y of all companies it seems like a very big shift. And all I can see is most infosec groups chasing taillights on this one again, I would be seriously surprised if anything other than point #1 above (web) is getting a major focus from infosec. And what is the sum total takeaway for 2-5? Just turning your whole enterprise inside out that's all (replete with some new HTML5 XSS bugs). The trends that are coming out of #3-5 above are of course driven by mobile factors, but these will require extensive integration which has not been infosec's strong suit.1. The enterprise client is going to be heavy on the web (we knew that)
2. The enterprise client is going to be heavy on HTML 5 (that one’s kind of new)
3. The enterprise client is, via Android & iPhone builds, going to be more consumer friendly – that’s a genuine surprise
4. The enterprise client UI is going to depend largely on the hardware form factor
5. The enterprise client is going to be available to consumers in ways it never has been before
Comments