6. We want to allow BYOD.

We want to enable the business by allowing BYOD, but most CIOs are . They want security and data protection, but not necessarily to lock down or control the device. It makes it even harder when we get pressure from our executives to allow personal devices on the network. We need to be able to easily allow any device to access our network and data, but have full visibility and control of the data.

I believe the future is a hybrid of DLP and DRM mixed with virtual sessions. And for certain applications, data is then routed back into the data center. I do not believe the future is MDM. It just applies all the old ways of endpoint security to a new paradigm of mobile devices. It doesn't solve the real problem.

7. We NEED to stop spear phishing.

This is the number one way that most targeted attacks compromise users. Phishing may be an old method, but a researched, well-orchestrated socially engineered lure is very effective. I have asked 200 CISOs "How many of you feel confident you can stop on your CEO?" And not one said they could. We have to think out of the box to solve this problem. The most successful way to solve this is by mixing science and humanities together.