|
The timing couldnt have been more accurate but ominous. On April 21 this
year, the headlines in American media were about computer spies breaking into
Pentagons $300 bn Joint Strike Fighter projectthe Defense Departments
costliest weapons program ever. Within hours, the technology industrys apex
event in information security, RSA Conference 2009 opened with the first keynote
address by Arthur W Coviello, president, RSA Security, followed by many other
top security specialists from the industry, research, and government. Binding
these diverse set of speakers was a palpable sense of urgency in tackling
information security breaches that endangered the world.
 |
Coviello called for a fundamental change in the way security is architected
in todays information systems. Referring to cyber criminals, Coviello said,
Our adversaries operate as a true ecosystem that thrives through
interdependence and constantly adapts to ensure its growth and survival.
Coviellos idea was to extend the concept of ecosystem to the world of
information security products. He called for inventive collaboration between
various security vendors to make security an essential part of the information
architecture.
 |
| Arthur Coviello, president, RSA
Security, called for a fundamental change in the way security is architected
in todays information systems |
He urged the industry to embrace a common development process that allows us
to clean up this landscape, and creating a more secure infrastructure today.
Then, with an eye to the future, we can ensure that the new technical
infrastructure is designed around that process, rather than forcing a process
around a collection of technologies, added Coviello.
Operationalizing Security
Delivering the second keynote address was another luminary of the security
industry, Enrique T Salem, president and CEO, Symantec Corporation. Salems
message to the industry was about operationalizing security. Said Salem, We
know that the most effective programs are those that bring together security,
storage, and systems management to automate the repetitive tasks that consume
most of your time. Salems model is guided by four principles: risk-based which
means having an overall framework for policies; information-centric which means
that the focus is on protecting information along with infrastructure;
responsive which means being situation-aware, providing real-time view into the
threat landscape and internal operations; and workflow-driven which needs that
we automate the day-to-day processes and close the gaps between various
departments and people, policies, and technologies.
Product Strategy
RSAs products cover the following areas: authentication, fraud prevention,
access control, credential management, data loss prevention, security
information and event management, and encryption and key management.
 |
| The RSA conference proved to be
an ideal forum for cryptographers to gather and share the latest knowledge
and advancements in Internet security |
RSA Security is attempting to stake claim to leadership position in the
security market not only by dominating the commercial market but also by leading
an inclusive solutions portfolio comprising its products. The products strategy
at RSA is led by Chris Young, senior VP, who says, Our attempt is to embed
control mechanisms across all stacks of the current and future IT architecture.
He adds, The virtual machine layer is where this has to be embedded-a single
point of insertion for policy of data security.
Young revealed that RSA has done proof of concept for this around its
products, Data Loss Prevention (DLP) and VShield. The cloud is going to sit on
top of the virtual machine layer, which means that RSAs strategy can address
security challenges brought about the move to the cloud computing architecture.
Says Young, In the cloud, authentication suddenly takes on a new meaning and we
are working very closely with cloud providers to provide strong and borderless
authentication.
To lead the market it is not enough for RSA to link its own products
cohesively but also all security products from other vendors. Says Dan MacLennan,
senior director, product management, First, our own products have to
interoperate well, then we have to be able to centrally define policy, and
finally products have to be made aware of the ecosystem in which they live.
The goals are lofty but RSA claims to be steadily working towards making them a
reality. To centrally define policy, it has to mostly happen outside the
product, rarely within. RSA does not have the technology yet, so it will have to
either develop it, acquire it, or co-operate with someone. Essentially, RSA aims
to set deep hooks into networks, data centers, and systems levels that define
the computing infrastructure. It is not a one-act play, it is a journey that has
just begun. For example, RSA already has pieces of technology that meet the
vision: SecureID plugs and plays with about 500 other technologies; DLP can
discover and classify data inside various data types; and Envision can aggregate
logs from highly heterogenous environments.
 |
The Virtualization Game
RSA Security is the security division of EMC Corporation, which also
majority owns VMware, the leading virtualization vendor. Virtualization creates
tremendous opportunity for us and we work closely with VMWare, said Young. In a
joint effort, VMWare and EMC announced an expansion of their strategic alliance,
capitalizing on the work being done between VMWare and RSA to enable
information-centric security functions within VMware vSphere 4, a recent
operating system announced by VMware for building an internal cloud.
RSA and VMware are in a unique position to capitalize on the intersection of
virtualization and security, said Art Coviello, President, RSA, The Security
Division of EMC. The very dynamics of a virtual environmentwhere classic
perimeters and boundaries no longer existstrengthens the case for our
information-centric, contextual, risk-based approach to security. We believe
this combined approach will empower organizations to accelerate their journey
towards a 100% virtual infrastructure with confidence in the security of their
environment.
RSA Security developed the RSA Conference in 1991 as a forum for fifty
cryptographers to gather and share the latest knowledge and advancements in the
area of Internet security. RSA Conference helps drive the information security
agenda worldwide with its annual events in the US, Europe and Japan reaching a
global audience of more than 23,000 of the industrys most celebrated experts.
It is a meeting point for not only the best minds in security technology but
also diverse audiences like government officials, legal experts, scientists and
cryptographers, and national security professionals.
| Unisys Security
Index Findings |
- Two-thirds of consumers around the world believe that the current
economic crisis has impacted their personal risk for ID theft or fraud. An
overwhelming majority (84%) of Spanish consumers believe the financial
crisis will increase their risk and nearly three quarters of people in the
US (74%) and UK (72%) share a similar concern.
- The survey saw a 10 point increase in Internet security fears
worldwide, including near equal rises in concerns about online banking and
shopping as well as computer viruses and spam. The spike in Internet
security was driven by big increases in Spain (+22 points), New Zealand
(+18), and the UK (+10). Germany has the highest level of concern about
Internet security with a score of 167, nearly matching its overall
Security Index score of 169.
- National security declined globally, continuing a trend since the
research began in 2007.
- Compared to the last study in September 2008, financial security fears
increases the most in Germany, Spain (both countries scores increased 15
points), New Zealand (+14 points), and the U.S. (+12 points). Germany and
Brazil are tied with the highest scores (177) in financial security fears;
however, Brazils score was down nine points in the latest research.
- The Netherlands and Belgium have the lowest Unisys Security Index
scores in all categories. Citizens in these countries in particular are
least concerned about national security (scoring only 67 and 74,
respectively). In contrast, Brazil is the most concerned country overall
(scoring 178), and ranks top or second (to Germany) in all categories.
(The Unisys Security Index is a biannual global study that provides
insights into the attitudes of consumers on security related issues. The
results are tallied on a scale of 0-300, with 300 representing the highest
level of perceived concern) |
Ed Nair in San Francisco The author is editor, Global Services, a Cyber Media
Publication
maildqindia@cybermedia.co.in Page(s) 1
|
Print
Comment
Email
Digg
Del.icio.us
Reddit
Twitter
