Breaking the Value Ceiling

As the conversation around the value of connecting processes within GRC progressed, the idea of a “Value Ceiling” for certain operational enablers and processes emerged. Certain niche technology enablers have a point where the tool is bringing value for the immediate needs but there is more value to be extracted if that technology enabler could be used for broader purposes. In other words, there is POTENTIAL value that could be derived beyond the initial scope of the technology IF the technology can share data or enable other processes. A Value Ceiling is the point where the technology enabler achieves its operational value but can no longer provide greater potential enterprise value due to constraints, disconnectedness or some other barrier.


Rebooting IAM: Transforming IT at its Foundation

IAM must be retooled at its very foundation. We need to add intelligence and business context at the heart of IAM. It all starts with the user. If we get a solid handle on ‘who’ the user really is in the business context and ‘what’ they should have access to, all downstream functions like authentication and provisioning will be much more effective. This was the primary driver for RSA’s acquisition of Aveksa, the leader in business-driven identity management.

Cybersecurity@EMCworld 2013: Transforming the Trusted Cloud

In my earlier blogs on Transforming Security Analytics and Transforming Trust, I wrote about the strong focus we have on cybersecurity at this year’s EMCworld, previewing several of the sessions that will highlight security topics. In addition to those presentations, we’ll also once again have a Birds-of-a-Feather session, focused on Building your Trusted Cloud. It’ll…

Business Continuity: How to Apply Enterprise Risk Management to Your BCM Planning Efforts…and Vice Versa!

by Patrick Potter, RSA Archer GRC Solutions Business Continuity Management (BCM) programs typically do a good job of evaluating business criticality through performing Business Impact Analyses (BIAs) to determine recovery priorities.  However, how many BCM and IT Disaster Recovery (DR) programs adequately assess risks starting at the overall program level down to the process or…

The Space Between the 1s and 0s – Redux

A few months ago, I wrote a short blog using the “space between the 1s and 0s” as a metaphor to discuss dimensions of data that are beyond just the digits sitting on the disk drive. These dimensions included how the data was created, who created it and why it was created along with the security implications of those dimensions. Data created by a business process that includes personal information is much different than the invitation to the company monthly birthday party. Yet those 1s and 0s, many times, sit side by side on our laptops, servers and storage area networks. Recently, EMC announced the 2012 findings from IDC’s 6th EMC-sponsored Digital Universe Study. This study has some amazing and interesting results – some directly related to this “space between the 1s and 0s”.

Privacy and Public Spaces

One of the great things about traveling is the interesting folks you meet. That’s true not only in meetings and conferences and such, but also on the plane. I’ve had fascinating conversations many times with the people sitting next to me — sometimes about computer security, as when the director of consulting at Verisign and I spent hours talking during a long transatlantic flight. But often the conversations are on wide-ranging topics far removed from security.

Time to Change the Game Plan on DLP

I was at a customer event recently and was party to a discussion on the ‘disappointment’ or disillusionment in deploying Data Loss Prevention and comments like ‘well, it just doesn’t do what it’s supposed to do’ or ‘it’s too tricky to deploy’. Well, the truth is DLP technology is not something that comes off the shelf in a one size fits all package. Here are the things DLP is not going to do for you:

Be Secure, Be Confident in the Cloud

Intel recently announced the Intel Xeon Processor Series that helps enable comprehensive and verifiable security and compliance in cloud environments. With these technologies Intel is providing a foundation to make cloud deployments suitable for increasingly sensitive workloads.

EU Data Directive Privacy by Design and PETs

We are a funny lot in Europe, guarding our privacy and more importantly the privacy of our data is of paramount importance.   The protection and privacy of personal data is a fundamental right within the EU. According to the Digital Agenda for Europe, concerns about privacy are among the most frequent reasons for people not…

When Security is in the DNA: The Canopy Announcement

Last week, Atos, VMWare and EMC announced the creation of a new company, Canopy, dedicated to providing cloud services. One of the best things about this announcement, from my point of view, is knowing that for Canopy, security is no afterthought. This time, it’s part of the DNA. You may have heard of Atos as…