Subscribe to the RSA blogs and podcasts for the latest posts and security updates!
I was at a customer event recently and was party to a discussion on the ‘disappointment’ or disillusionment in deploying Data Loss Prevention and comments like ‘well, it just doesn’t do what it’s supposed to do’ or ‘it’s too tricky to deploy’. Well, the truth is DLP technology is not something that comes off the shelf in a one size fits all package. Here are the things DLP is not going to do for you:
Intel recently announced the Intel Xeon Processor Series that helps enable comprehensive and verifiable security and compliance in cloud environments. With these technologies Intel is providing a foundation to make cloud deployments suitable for increasingly sensitive workloads.
Proving that physical and virtual infrastructure of the cloud can be trusted can be prohibitively difficult, especially when it comes to cloud services from external service providers. Verifying secure conditions in the foundations of the cloud is important for a simple reason: If organizations can’t trust the safety of their computing infrastructure, the security of all the information, applications and services running on top of that falls into doubt.
Most of my friends and colleagues know that I like to cook so I will be doing a series of “recipes” in the next few weeks to address some of the key challenges based on conversations I am having with major organizations. So, to get started, here is part 1 on Creating a Trusted Cloud.
We are a funny lot in Europe, guarding our privacy and more importantly the privacy of our data is of paramount importance. The protection and privacy of personal data is a fundamental right within the EU. According to the Digital Agenda for Europe, concerns about privacy are among the most frequent reasons for people not [...]
In February I talked about the key aspects of the proposed changes to the EU Data Protection Directive. Breach notification within 24 hours (where possible) is one of the proposals. So, how do you prepare to meet this aggressive timeframe and what security management tools and processes do you need to implement?
Geolocation has been talked about a lot in IT circles in recent years. It’s one of those terms that means different things to different people, so it could be storing data in a particular place or it could be tracking some data or tracking an identity (person or machine). Scott Charney, Corporate Vice President, Trustworthy Computing at Microsoft discussed the concept of geolocation in his keynote. He used an interesting example of using GPS and tracking an individual and the types of data that can be obtained by doing that.
Today’s security standards are based on historical, legacy information technologies and don’t necessarily address Cloud Computing environments in an effective manner. Attempts to update them are an improvement, but will be able to create a single or limited number of standards that will be viable across all borders and jurisdictions. So, it’s no surprise that the Cloud Security Alliance Summit at RSA Conference had a panel discussion on this topic. The panelists were Marc Crandall from Google, Baber Amin from CA, Christ Wysopal form Veracode and Ashvin Kamaraju from Vormetric.
On the 25th of January the EU Justice Commissioner Viviane Reading proposed some changes to the 17 year old EU Data Protection Directive claiming that the new rules will both cost less for organizations and governments to administer and also improve the privacy rights of EU citizens. She also emphasized overall savings in the cost of Compliance of up the 2.3 million Euros.
RSA recently published the SBIC report entitled ‘Getting Ahead of Advanced Threats’ a copy of which can be found here; Security for Business Innovation Council report. It introduces the concept of Intelligence Driven Security as ‘Developing real-time knowledge on threats and the organizations posture against those threats in order to prevent, detect, and/or predict attacks, make risk decisions, optimize defensive strategies and enable actions’.
