Turning Your Organization Inside-Out: Security and the Open API Economy

At the European Identity and Cloud (EIC) Conference 2012 last week, I finally got what Craig Burton has been saying for some time now: “Baking your core competency into an open API is an economic imperative.” What brought it home for me was the presentation by 3Scale’s Steven Willmott, focusing on what he called “turning [...]

Security Intelligence and Identity: Reflections from the Munich EIC Conference

Last week my colleague Matthew Gardiner and I, along with Kim Cameron of Microsoft and Edwin van der Wal of Everett Consulting, presented a panel on “Security Intelligence and IAM” at the European Identity and Cloud Conference in Münich. Prompted by questions from our moderator, Dr. Horst Walther, we had a lively discussion about the [...]

Learning to cook – Bake a Trusted Cloud Part 2

Proving that physical and virtual infrastructure of the cloud can be trusted can be prohibitively difficult, especially when it comes to cloud services from external service providers. Verifying secure conditions in the foundations of the cloud is important for a simple reason: If organizations can’t trust the safety of their computing infrastructure, the security of all the information, applications and services running on top of that falls into doubt.

Trusting Your Crowd Sources

Earlier this week I was at MIT Media Labs for a meeting with my colleagues in EMC technical leadership. While we there, we took a tour of the Media Labs, including talking with a couple of grad students and professors. One the projects we were introduced to is called Place Pulse, “a website that allows anybody to quickly run a perception study and visualize the results in powerful ways”. It was interesting from a lot of perspectives: as an investigation of perceptual clues we use in making decisions; as an exploration of visualization techniques; and as a model both for generating and for analyzing Big Data.

Orchestrating a New Solution for User Authentication

The problem that RSA and Zscaler are taking on is a fundamental one for the new dynamic of user interaction with enterprise information. User access increasingly comes from outside corporate networks, using devices not controlled by the enterprise IT teams. Connectivity with IT systems is increasingly in short duration bursts and employs many different approaches: HTTPS, VPNs, VDI. The security posture of the user device changes continuously as the user accesses different resources from different locations, and I don’t mean just between home and office, or between different cities as we travel. It’s being connected via our home wireless at 8 a.m, via the office LAN at 9, the Starbucks wireless at 10 and so on. We are all out in the cloud a lot of the time!

When Security is in the DNA: The Canopy Announcement

Last week, Atos, VMWare and EMC announced the creation of a new company, Canopy, dedicated to providing cloud services. One of the best things about this announcement, from my point of view, is knowing that for Canopy, security is no afterthought. This time, it’s part of the DNA. You may have heard of Atos as [...]

CyberShop ’til You Drop – Staying Safe Online this Holiday Season – Podcast #231

  Host Michelle Adams-Dixon talks with Angel Grant, Senior Manager, Identity Protection & Verification for RSA about protecting yourself while shopping online this holiday season.

Big Data and the Cloud Roadblock

EMC conducted a survey of U.S. Federal Government IT Security stakeholders recently, and one of the results that struck me was one around cloud adoption. We usually hear about security being an impediment to the wide-scale adoption of cloud and virtualization technologies, but our survey revealed another interesting barrier.

Built-In Data Discovery and Classification = “Awesomesauce”

In case you missed it last week, VMware announced their latest version of vShield App with Data Security, which has RSA’s DLP technology embedded to help discover and classify sensitive data in virtual machines. One of the key points here is that data discovery and classification capabilities are now built-in to the virtual infrastructure, making the virtual infrastructure content-aware for the first time. So you may ask, what’s the big deal about being built-in instead of bolted-on?

Security as a Service ≠ Securing the Cloud

What a week! The 20th RSA Conference is over and it was great to see the masses back out at the Moscone again. I don’t think it’s been this big in a while, but if the parties are any indication, companies are spending money again.