Far too often, we fail to see the obvious weaknesses in our defenses. Over 50 million consumer passwords have been reported stolen in 2012 alone in highly visible ‘smash and grab’ attacks. Yahoo, LinkedIN, Zappos, eHarmony…the list goes on. This is the equivalent of robbery in broad daylight. How did we as an industry let [...]
The last time I witnessed a reboot of identity and access management (IAM) infrastructure was 1996. Web applications had taken hold and intranets and extranets were buzz words. The security industry responded with web access management (WAM), provisioning, strong authentication and directory services. The industry has since built on these technologies to deliver identity federation, risk-based authentication and identity and access governance. All these IAM technologies have served us well but a wave of new developments has revealed the need for a rethink.
At RSA, we have a legacy of authentication innovation from multifactor to risk-based, heuristic authentication. We challenged ourselves with “What’s Next?” As an industry we continue to conceive more usable yet stronger authentication but we have a bigger mandate to meet a need that has gone unmet for a long time.
In his keynote this week, RSA’s Executive Chairman Art Coviello challenged the security industry “…to jump ahead and intercept the future – to see things as they might be – not as they are”.
There is no question cloud/utility computing has arrived and is here to stay. But, something is afoot that deserves special attention. On May 6, the Federal Communications Commission (FCC) of the United States announced a plan to reclassify broadband Internet transmission service as a telecommunications service to be regulated as other ‘common carriers’ in the United States.
VMware’s acquisition of Zimbra is a big step towards delivering IT as a service and signals VMware’s intention to deliver the benefits of virtualization and cloud computing all the way from the infrastructure to the platform to the application layer.
A recent article in Computer World outlined several security and legal concerns that pertain to the current state of cloud computing and SaaS offerings of public service providers.
VMworld 2009 has been buzzing with an infectious energy since it opened this week. One can see the very visible and strong effect that virtualization is having on the entire IT industry. The emergence of virtualization as a major mainstream paradigm across datacenters has spawned a rich ecosystem of vendors and technologies that secure and manage virtualization.
I recently spoke at a VMware user group conference about securing virtualization. The audience comprised datacenter administrators and managers who are at the center of their organization’s virtualization initiatives. I was fortunate to be able to talk with several of them at length about their experiences in virtualizing datacenters. There are several trends to note.
What if virtualization makes security more effective and eficient?
What if virtualization actually reduces the cost of security?
The relationship between virtualization and security is indeed symbiotic. It reminds me of the endearing mutualism between the goby fish and the pistol shrimp.