Subscribe to the RSA blogs and podcasts for the latest posts and security updates!
Nirav Mehta (CISSP, ISSAP) Director of Product Management; Identity and Data Protection RSA, the Security Division of EMC Nirav Mehta is Director of Product Management at RSA, the Security Division of EMC with responsibility for Identity & Access Management and data protection. He also leads the cloud security initiative at RSA. Prior to his current role, Nirav led the development of virtualization security solutions at RSA working closely with VMware, Citrix and Microsoft. Prior to RSA, Nirav was a key member of the Hewlett Packard Identity & Access Management products team as an expert consultant on web access management and PKI products. Nirav led several high profile security infrastructure deployments at HP. Nirav has also worked as a network and security architecture consultant at BBN in Cambridge, MA where he helped architect and critique security architecture for Fortune 100 companies. Nirav has over 15 years of global experience in conceiving, managing, assessing and deploying network and security solutions. Subscribe to Nirav's RSS feed
Far too often, we fail to see the obvious weaknesses in our defenses. Over 50 million consumer passwords have been reported stolen in 2012 alone in highly visible ‘smash and grab’ attacks. Yahoo, LinkedIN, Zappos, eHarmony…the list goes on. This is the equivalent of robbery in broad daylight. How did we as an industry let [...]
The last time I witnessed a reboot of identity and access management (IAM) infrastructure was 1996. Web applications had taken hold and intranets and extranets were buzz words. The security industry responded with web access management (WAM), provisioning, strong authentication and directory services. The industry has since built on these technologies to deliver identity federation, risk-based authentication and identity and access governance. All these IAM technologies have served us well but a wave of new developments has revealed the need for a rethink.
At RSA, we have a legacy of authentication innovation from multifactor to risk-based, heuristic authentication. We challenged ourselves with “What’s Next?” As an industry we continue to conceive more usable yet stronger authentication but we have a bigger mandate to meet a need that has gone unmet for a long time.
There is no question cloud/utility computing has arrived and is here to stay. But, something is afoot that deserves special attention. On May 6, the Federal Communications Commission (FCC) of the United States announced a plan to reclassify broadband Internet transmission service as a telecommunications service to be regulated as other ‘common carriers’ in the United States.
A recent article in Computer World outlined several security and legal concerns that pertain to the current state of cloud computing and SaaS offerings of public service providers.
VMworld 2009 has been buzzing with an infectious energy since it opened this week. One can see the very visible and strong effect that virtualization is having on the entire IT industry. The emergence of virtualization as a major mainstream paradigm across datacenters has spawned a rich ecosystem of vendors and technologies that secure and manage virtualization.
I recently spoke at a VMware user group conference about securing virtualization. The audience comprised datacenter administrators and managers who are at the center of their organization’s virtualization initiatives. I was fortunate to be able to talk with several of them at length about their experiences in virtualizing datacenters. There are several trends to note.
What if virtualization makes security more effective and eficient?
What if virtualization actually reduces the cost of security?
The relationship between virtualization and security is indeed symbiotic. It reminds me of the endearing mutualism between the goby fish and the pistol shrimp.
