The Latest RSA News
Product and Solution Information, Press Releases, Announcements
| RSA Executives Offer Seven Guiding Principles to Maximize Megatrends Redefining | |
| Posted: Wed Oct 28, 2009 01:18:00 PM | |
|
Building a systemic security strategy to help organizations better face challenges and exploit opportunities spurred by next generation technology trends was the theme of the opening keynote at the 2009 RSA Conference Europe. In a joint keynote address, Art Coviello and Christopher Young, President and Senior Vice President, respectively, with RSA, The Security Division of EMC (NYSE: EMC), highlighted the need for organizations to develop a systemic security strategy that treats escalating technology trends not as a burden to be lifted, but as an unprecedented opportunity to improve security and build a more secure information infrastructure. "While technology and information have evolved and grown dramatically over the past 100 years, people's behaviors to cope with this growth have evolved at a much slower pace and our ability to keep up with the complexity foisted upon us is limited," said Art Coviello. "So today, high value is found in taming the complexity so that humans can take full advantage of these dramatic developments and advancements in technology. This is the challenge facing IT organizations around the world." In the joint keynote address, both EMC executives addressed oncoming trends - data center virtualization, cloud computing, the growth of mobile applications and social computing, for example - that are redefining the way information security is applied. Rather than bucking these trends and ignoring the risks they pose, Coviello and Young encouraged organizations to embrace them and seize the opportunity to build better security into the information infrastructure. To accelerate this shift, they equipped the audience with Seven Guiding Principles encompassing the critical elements required to build an effective information security strategy within today's evolving security landscape. "Those who choose to embrace the trends will be best positioned to ride the wave of innovation reaping the associated rewards of increased revenues, reduced costs and faster, more flexible infrastructures," said Young. "To do so, we need to rise as an industry to meet next generation trends with a next generation information security strategy." RSA's Seven Guiding Principles: Building a Systemic Security Strategy RSA, The Security Division of EMC, asserts that the time is now for enterprise security leaders to define systemic strategies that will not only enable their organizations to effectively secure today's rapidly changing environment, but will also position them to deliver a more secure information infrastructure tomorrow. This system acknowledges independent products, but urges security practitioners to focus on how those products can work together to solve common problems and open up new opportunities. The following are concrete examples from RSA's own business that exemplify how the Seven Guiding Principles can be implemented: 1. 1. Security must be embedded into the IT Infrastructure - The first principle acknowledges that security should not just be integrated within the infrastructure, it should be embedded within it. This belief is driving major RSA initiatives, including its work together with Cisco. Teams from RSA and Cisco have joined forces to embed data loss prevention into devices such as the Cisco IronPort® email security gateway. RSA and VMware have also engaged in a technology partnership to embed core security controls into the virtual infrastructure to help organizations reduce risk and increase their overall security posture. 2. 2. Develop ecosystems of solutions - Ecosystems must be formed to enable products and services from multiple organizations to work together to solve common security problems. RSA has invested in the RSA eFraudNetwork™ community, an ecosystem created in collaboration with thousands of financial institutions across the globe to spot fraud as it migrates between and among financial institutions on a worldwide scale. 3. 3. Create seamless, transparent security - Making security largely transparent to users and systems that it is designed to protect is critical to bridging the gap between the rate of technological advancement and the ability people have to keep up with it. The goal to create seamless and transparent security was the motivation behind RSA's technology partnership with First Data Corporation, the largest payment processing company in the world. RSA and First Data recently announced a service designed to secure payment card data from merchants by eliminating the need for merchants to store credit card data within IT systems. This service is being built into First Data's payment possessing system, making it seamless and transparent to merchants and their customers. 4. 4. Ensure security controls are correlated and content aware - The average user's access to information is growing exponentially alongside the number of regulations and requirements that govern the protection of that information. In the EMC Critical Incident Response Center (CIRC), security information management is centralized so it can correlate data from information controls such as data loss prevention, identity controls like risk-based authentication, and infrastructure controls such as patch, configuration and vulnerability management systems. This advanced approach to security operations is designed to accelerate how quickly security analysts can get the intelligence required to distinguish a benign security event from something more threatening to the business. 5. 5. Security must be both outside-in and inside-out focused - RSA argues security must include a two-pronged approach that protects both the perimeter (the outside-in) and the information itself (inside-out). Since users are accessing information from a variety of devices inside and outside the network as well as in the cloud, security policy and controls must adhere to information as it moves throughout the information infrastructure. 6. 6. Security has to be dynamic and risk-based - Since they are not bound by rules and regulations, criminals and fraudsters are free to deploy increasingly creative attacks. To battle this reality, organizations need to be positioned to dynamically correlate information from a number of sources and respond to real-time risks related to both infrastructure and information. RSA announced today that it is offering new consultative and advisory services to help enterprises implement or improve their security operations function to more effectively manage both risk and IT compliance programs. 7. 7. Effective security needs to be self-learning - The dynamic nature of IT infrastructures and the malicious attacks launched against them is outpacing the ability of human beings to keep up with their speed and complexity. For this reason, information security strategy must be dynamic and behavior-based. To help support this goal, RSA today also announced it is teaming up with Trend Micro to leverage real-time threat intelligence from the Trend Micro™ Smart Protection Network™ to further enhance capabilities of the RSA FraudAction® service to stop online attacks. The RSA FraudAction service is now tightly connected with the Trend Micro™ Smart Protection Network™ to increase global fraud intelligence on suspicious crimeware - including viruses, spyware, spam and other malware. |