Subscribe to the RSA blogs and podcasts for the latest posts and security updates!
I was in Stockholm a couple of weeks ago to speak at an EMC Forum and was able to sit in on the keynote, given by Chad Sakac. As anyone who has attended EMCworld knows, Chad is a great speaker: energetic, interesting and insightful. His keynote explored the theme of transformation, including the transformation of [...]
In case you missed it last week, VMware announced their latest version of vShield App with Data Security, which has RSA’s DLP technology embedded to help discover and classify sensitive data in virtual machines. One of the key points here is that data discovery and classification capabilities are now built-in to the virtual infrastructure, making the virtual infrastructure content-aware for the first time. So you may ask, what’s the big deal about being built-in instead of bolted-on?
More and more organizations are deciding to “go virtual.” And why not? The benefits are numerous–optimized resources, increased efficiency and a more dynamic infrastructure, among other things. IT departments around the world are collectively champing at the bit to deliver a centralized, optimally partitioned, easily scaled (yet physically small) data center. Shutter those football-field-sized data centers and open the door to a minimalist IT operations center. Sounds perfect right?
The release of PCI DSS V2 is a welcome update, even though most of the changes from PCI DSS V1.2 are relatively minor. But there are a number of areas that PCI DSS has not addressed and that are critical to the security of credit card information. Some of these, such as the impact of virtualization and cloud, are already recognized as concerns. But at least one area has, at least as far as I know, not yet been put on the table for discussion. This area concerns best practices for protecting against increasingly sophisticated social engineering attacks. These attacks may attempt to steal credit card information directly. Or they may seek to install malware that can steal the information, such as through man-in-the-browser attacks.
It’s been a year now, or a little more, since To The Heart of the Matter, and this year we’re stepping up the governance, risk and compliance (GRC) stakes in a big way with a new EMC/RSA initiative around enterprise GRC. At the same time, the race to the cloud continues; so it’s time to look at enterprise GRC in the context of Trust and in context of the Cloud anew for 2011. Before we dive into that subject, let’s start with a little more on tools and tasks though by looking at innovation in historical Japan.
What is a Man-in-the-Browser attack and how can enterprises combat them? Hear more on this week’s Speaking of Security podcast.
