Speaking of Security – The RSA Blog and Podcast

The application of Big Data analytics to security has resulted in a transformation not only in detecting and responding to threats. It also transforms how we establish and evaluate trust, based on understanding risk rather than expecting absolute security. This transformation doesn’t just affect security professionals. Understanding trust is critical for many of the topics that are explored at EMCworld, including cloud, virtualization, storage and document management. Understanding trust can help in enabling new business opportunities, finding more effective operational processes and working more effectively with partners.

by Patrick Potter, RSA Archer GRC Solutions Business Continuity Management (BCM) programs typically do a good job of evaluating business criticality through performing Business Impact Analyses (BIAs) to determine recovery priorities.  However, how many BCM and IT Disaster Recovery (DR) programs adequately assess risks starting at the overall program level down to the process or [...]

The SBIC has produced a new report that is mobile centric called “Realizing the Mobile Enterprise.”  The council builds on data.  In this case, it builds on a fascinating series of online polls that show a rapid litmus-like test of the mobile landscape and, in particular, the degree to which “the enterprise” (an interesting notion [...]

Albert Einstein defined insanity as doing the same thing over and over again and expecting different results. Reflect on that for a moment. For the past 10 years, the Internet has become a ubiquitous form of communication. Growth of digital content and use of mobile devices have soared, organizations have opened their infrastructures to enhance [...]

I was in a meeting with a major telecommunications company recently in which they presented their security strategy for the mobile environment. The speaker outlined the threat landscape that they saw themselves confronted with. Then, for each threat, he showed the technology they were using to address that threat.  For lost devices, for example, there [...]

Some colleagues and I were discussing DDoS attacks earlier this week: who is waging DDoS attacks, what techniques they’re using and how to deal with attacks when they occur. While discussing the value of advance warning of such attacks, one person said offhandedly, “the problem with advance warning is that the threat may be just the threat of the attack, not the attack itself.” It was an interesting and valuable insight, one that deserves some exploration.

Last week, Atos, VMWare and EMC announced the creation of a new company, Canopy, dedicated to providing cloud services. One of the best things about this announcement, from my point of view, is knowing that for Canopy, security is no afterthought. This time, it’s part of the DNA. You may have heard of Atos as [...]

Whether its data that’s governed by regulations or vital to a company’s competitive advantage, every organization has information they’d like to protect from outsiders. One logical place to start when looking to protect this information is with a Data Loss Prevention (DLP) tool. But, what many companies struggle with is how to figure out what information is sensitive for different groups and how it should be handled. Everyone knows that there is highly sensitive data across the organization that needs to be protected, but how do business managers let the IT security team know what specific data needs to be protected?

I recently returned from Berlin after attending the EMEA RSA Channel Partner Council with the purpose of discussing RSA’s Security Management and GRC strategies within Europe. For many of the RSA channel partners, this was their first exposure to these concepts. Channel partners have a unique perspective because they are on the front lines selling products and providing implementation services Their success is directly influenced by RSA’s ability to provide the right training, messaging and tools to make them effective.

The “team sport” theory can be applied to a company’s control environments as well. The classical “defense in depth” approach quickly comes to mind. Controls always depend on a collection of activities. As Risk and Compliance professionals, we all know the “single point of failure” is a verboten persona non gratis.