Speaking of Security – The RSA Blog and Podcast

Like most technologies, Identity and Access Management (IAM) has been challenged by new business and IT trends that are causing serious disruptions in how we approach information security. The exponential growth of digital identities coupled with the increasing use of software as a service and mobile and cloud platforms have made the traditional perimeter all but disappear. As a result, legacy IAM tools that have been a security mainstay for decades are simply failing to keep up.

• 

Risk-based authentication is one of the simplest security technologies to understand while at the same time being one of the most intelligent and adaptable. The concept of risk-based authentication is very similar to the risk decisions we make in our daily life – from how we drive our car to where we invest our money.

• 

The SBIC has produced a new report that is mobile centric called “Realizing the Mobile Enterprise.”  The council builds on data.  In this case, it builds on a fascinating series of online polls that show a rapid litmus-like test of the mobile landscape and, in particular, the degree to which “the enterprise” (an interesting notion [...]

• 

Big Data in security happens when you get the mathematicians to find patterns in data and then true that up with the security experts and then turn that into a meaningful set of tools and then set about improving it. The tools, from analysis and predictive tools to machine learning and response tools have to become intuitive and transparent to end users: as I’ve said before in a few places we have to focus on the task and not on the tools themselves. We need to be able to jump from the findings of a tool to another tool without stopping to think about interoperability and without a cool off period that winds up doing nothing but cooling our passion when pursuing the bad guy through a network.

• 

We can reinforce them with other form factors and can use multi-factor authentication in many places, but we have passwords all over the place and that is basically not going to change for the foreseeable future. Something must be done to beef up the security of passwords in general (and of other credentials) to force the bad guys to ever greater costs and difficulty (and lower likelihood of success), and that is the spirit behind RSA’s announcement today of RSA Distributed Credential Protection. But before diving into that, let’s talk about the landscape and the problem scope.

• 

“Opportunities multiply as they are seized” -Sun T’zu, the Art of War “It is difficult to understand the universe if you only study one planet” -Miyamoto Musashi, Book of Five Rings   Go Rin No Sho, Source RSA announced today a new solution to help customers ensure trusted identity and access management across enterprise and [...]

• 

As I’ve said before, the best practical measure of security that I can think of is “cost-to-break.” It’s a good reflection of the relative difficulty that someone has to go through to overcome a particular measure or control. It also helps to deal in “currency” as a consistent unit (for a given economy) for a lot of modeling purposes, and of course you can even factor in things like “windows” of opportunity and risk with a financial-model for defining security.

• 

A friend of mine is giving a security address and has 5 minutes to talk about “Security and the Cloud.” I tried this once for a partner of mine’s customer dinner…and I was awful at it. In my defense, I had the same subject and only 3 minutes.

• 

If you are a criminal, rogue state, rebellious activist organization or “non-state actor”1 and aren’t hacking, then you are stupid and destined for obscurity. The risk (:) reward ratio for “going cyber” is simply too big to ignore2. The attack on Wired writer Mat Honan is just one instance of the trend to progressively more-and-more motion by the chaotic and misdirected actors in our civilization to the Internet. If you haven’t read it, then read it now; and then look at your accounts and services and demand more. More authentication3. It’s time for multi-factor authentication to become the new normal.

• 

As with the advent of Spyware and Adware, the world of Malware has grown in new directions. While viruses and worms abound and are becoming increasingly (even exponentially) more common, we are still dealing with the personal, social and corporate implications of “Greyware”…and it’s exploding in an entirely new area around the exciting and largely wide-open world of mobile devices and services.

•