Speaking of Security – The RSA Blog and Podcast

In his #EMCworld keynote on Tuesday morning, Joe Tucci used the phrase “the sea of trust” to capture the pervasive role that security has to have in the success of the “third platform” of mobile, cloud and big data. It’s a great metaphor, reflecting not only the pervasiveness that security has to have, but also the dynamism and power that it needs to embrace.

In my earlier blogs on Transforming Security Analytics and Transforming Trust, I wrote about the strong focus we have on cybersecurity at this year’s EMCworld, previewing several of the sessions that will highlight security topics. In addition to those presentations, we’ll also once again have a Birds-of-a-Feather session, focused on Building your Trusted Cloud. It’ll [...]

The application of Big Data analytics to security has resulted in a transformation not only in detecting and responding to threats. It also transforms how we establish and evaluate trust, based on understanding risk rather than expecting absolute security. This transformation doesn’t just affect security professionals. Understanding trust is critical for many of the topics that are explored at EMCworld, including cloud, virtualization, storage and document management. Understanding trust can help in enabling new business opportunities, finding more effective operational processes and working more effectively with partners.

A through risk assessment should be adopted by customers to ensure that the benefits for moving on to the cloud outweigh the potential security threats. Techniques like privacy impact assessment (PIA) and ‘Plan, Do, Act, Check’ are recommended to ensure a moderate, but comprehensive change for them. Evidences shows that there may be issues involving customers meeting their legal obligations when their data are hosted outside of their local context. Hence, this will trigger issues relating to the effectiveness of existing risk governance frameworks. There should be more evaluations conducted to assess the true potential and apparent risks to protect customers and Cloud Service Providers (CSP).

Contributed by Lauren Horaist, Senior Product Marketing Manager, RSA Identity and Data Protection Group I sometimes find myself making strange comparisons between real life and work life.  One of those stream-of-consciousness moments happened a few weeks ago while I was driving home in a snowstorm.  I was minding my business driving along my normal route, [...]

As I mentioned in an earlier blog, RSA is transitioning the PKCS #11 standards effort into OASIS. The call for participation for the new OASIS PKCS 11 Technical Committee has now officially gone out from OASIS leadership, describing the process for joining the TC. The new public page for the PKCS 11 TC provides information [...]

Following on from my last blog ‘Re-enforcing our doors in 2013’ solving all of the issues of disruptive innovations isn’t going to be possible in a year but we must take some strides towards making some of the changes. The four members of the disruptive family are Cloud Computing, Social Media, Big Data and Mobile. Let’s take Cloud Computing this week and examine some competencies organizations must start to build.

The Cloud Best Practices Network has just published the second installment of the e-magazine TRANSFORM. This issue, which focuses on various aspects of cloud security, includes my article on “Key Management Strategies for the Hybrid Cloud”, leveraging the use cases that we developed in OASIS KMIP for our work on the next version of KMIP. [...]

I was in Stockholm a couple of weeks ago to speak at an EMC Forum and was able to sit in on the keynote, given by Chad Sakac. As anyone who has attended EMCworld knows, Chad is a great speaker: energetic, interesting and insightful. His keynote explored the theme of transformation, including the transformation of [...]

According to a recent report by Icomm Technologies, 70% of cloud data centers keep customers in the dark about storage locations. To me that is a pretty scary statistic particularly as organizations are rapidly deploying cloud storage services and there doesn’t seem to be any evidence that organizations that have sensitive or confidential data are refraining from doing so. This statistic should set alarm bells going especially in the EU where organizations that store citizen’s data must have evidence of where their data is stored.