Speaking of Security – The RSA Blog and Podcast

Cybersecurity has been visible in EMC keynotes before. Last year Pat Gelsinger spoke about the importance of security in VMware architecture, for example. But this year is the first time that security has taken center stage in the opening keynote.

by Patrick Potter, RSA Archer GRC Solutions Business Continuity Management (BCM) programs typically do a good job of evaluating business criticality through performing Business Impact Analyses (BIAs) to determine recovery priorities.  However, how many BCM and IT Disaster Recovery (DR) programs adequately assess risks starting at the overall program level down to the process or [...]

A few months ago, I wrote a short blog using the “space between the 1s and 0s” as a metaphor to discuss dimensions of data that are beyond just the digits sitting on the disk drive. These dimensions included how the data was created, who created it and why it was created along with the security implications of those dimensions. Data created by a business process that includes personal information is much different than the invitation to the company monthly birthday party. Yet those 1s and 0s, many times, sit side by side on our laptops, servers and storage area networks. Recently, EMC announced the 2012 findings from IDC’s 6th EMC-sponsored Digital Universe Study. This study has some amazing and interesting results – some directly related to this “space between the 1s and 0s”.

Under the leadership of CyLab Adjunct Distinguished Fellow, Jody Westby, the CyLab team gathered information from CEOs, CFOs, CROs and board members of the Forbes Global 2000 regarding security governance practices in their companies. The results showed significant gaps in security governance in more than half the respondents. Even for someone like me who tends to see the glass as half-full, this is a major concern in a world of increasing threats to information security.

The Security for Business Innovation Council report published last month lays out a roadmap for responding “When Advanced Persistent Threats Go Mainstream” (as the report title puts it). One of the most important recommendations in that report is captured by Roland Cloutier, VP and CSO of ADP Inc, when he says: “you have to have the resources and a process for risk decision-making that enable rapid changes to your protection platform.” That is, the roadmap in the report doesn’t lead to a static, unchanging security monolith. It’s a model for a process that builds dynamism into security, not unlike the architectural model of the Dynamic Tower that David Fisher has designed for Dubai.

With great pleasure (and a lot of pride) we want to announce that Forrester Research Inc., an independent research firm, has ranked RSA Archer as a leader in both the IT-GRC and eGRC platforms! Not only is RSA Archer a platform leader in both categories but RSA Archer is the ONLY vendor ever to be named a leader in both IT and eGRC categories.

Welcome to one of Speaking of Security’s newest blogs completely focused on security management, something we’re calling Security Management Insights or SMInsights for short. I am honored to author the initial post in which should be a highly active and thought provoking forum for dialogue related to the challenges facing today’s information security professionals. This is a team blog so you will benefit from hearing from a multitude of product managers from the products and solutions which comprise RSA’s emerging Security Management Suite. We continuously receive the opportunity to interact with customers and analysts and will use this blog to share insights about organizations’ security challenges and strategies.

To my amazement, I still get asked “if I do everything I am asked to do for compliance, am I secure?” To be fair, this question often comes from non-security people.

Earlier this month was one of the highlights of the “Archer calendar year” – the RSA Archer GRC Summit. As always, this event brought our customers together to engage in deep discussions on security, governance, risk management, compliance and a whole host of interesting topics. This is exactly why my blog on this year’s event is about…Harry Potter.

The question of “why” EMC has acquired NetWitness will no doubt come up (beyond the fact that they are the obvious market leader with awesome technology) and how do they fit? Over the next few months that will become increasingly clear and in fact obvious if it isn’t already, but I thought I’d start with a simple analogy that I will connect first with RSA enVision (i.e. with Security Information and Event Management or “SIEM”) and then with RSA Archer (i.e. with Governance Risk and Compliance or “GRC”).