During the opening keynote at RSA Conference Art Coviello, President of RSA, The Security Division of EMC cautioned that the global cyber-threat continues to escalate and online fraudsters are more organized, collaborative and effective than ever.
He addressed major forces such as the economy and emerging technologies that are driving the information security industry to evolve and adapt – and how these forces provide an opportunity for “inventive collaboration” to effectively restructure the information infrastructure. Coviello also provided examples on how RSA is working to foster inventive collaboration around key practices.
“To combat the cybercriminals requires far more purposeful collaboration on the part of the industry and a strong security ecosystem built around a common development process focused on risk,” said Coviello. “Today’s security technologies are applied as independent applications cluttering the information landscape and leaving perilous gaps of risk.”
Coviello cited three major forces driving the information security industry to evolve and adapt, including: the challenge posed by the criminal threat; the demand upon enterprises and governments to achieve unprecedented levels of productivity to restore value to the faltering economy; and the opportunity to rethink the approach to security based upon emerging technologies and trends such as virtualization, cloud computing and social networking.
He argued that these three forces have placed the industry at a critical inflection point by providing the opportunity to restructure the information infrastructure almost from the ground up – and warned that the industry must avoid repeating past mistakes.
According to Coviello, “We must embrace a common development process that allows us to create a more secure infrastructure today. Then with an eye on the future we can ensure that the new technical infrastructure is designed around that process, rather than forcing a process around a collection of technologies.”
Coviello urged the industry to foster inventive collaboration around three key practices and provided examples of how RSA is pursuing them:
- Collaborate on standards such as the Key Management Infrastructure (KMI) standard led by RSA, HP and IBM
- Practice technology sharing. The RSA™ Share Project, which provides the leading RSA BSAFE® encryption software developer toolkits at no cost, is a good example of this practice
- Integrate technologies and embed controls directly into the infrastructure itself. Examples of these integration points were discussed onstage between Coviello, Brett Galloway, Senior Vice President, Wireless and Security Technology at Cisco and Scott Charney, Corporate Vice President of Trustworthy Computing at Microsoft
“We must develop a stronger and healthier ecosystem than the fraudsters and ensure the fluid and frictionless exchange of information on which our global economy depends. It’s not about changing the game; it’s about winning the game,” said Coviello.
- The RSA Share Project, a new initiative designed to bring world-class security tools within reach of corporate and independent software developers and project leaders. The Share Project features the launch of a new online community designed to provide support, answers and strategies from security experts as well as no-cost access to technology from RSA. RSA’s first Share Project offering to application developers is a no-cost download of the RSA BSAFE Share encryption toolkit, encouraging built-in versus bolted-on security, using tools based on RSA BSAFE products, the world’s most trusted and widely-deployed encryption software. The goal of the RSA Share Project is not merely for the distribution of free technologies, but to promote and build a vibrant community of security-focused engineers, developers and users committed to software security assurance.
- Three new solutions for Microsoft SharePoint® from EMC and RSA provide organizations the ability to better secure critical information, identities and infrastructure while achieving enhanced security and availability of their SharePoint environment. These solutions provide validated architectures and best practices to accelerate time to deployment, deliver predictable results and achieve improved performance. For organizations to successfully leverage SharePoint it requires the ability to understand risk and how to best remediate it. The RSA Solution for Microsoft SharePoint – including the new RSA® Secure View for Microsoft SharePoint tool, RSA® DLP RiskAdvisor for Microsoft SharePoint service, and solution architectures and documentation – provide organizations with a view of their SharePoint hierarchy, the location of sensitive data across the SharePoint environment, and users with access to these data. In addition, the solution provides comprehensive support for enacting controls to better secure data within the SharePoint environment. Also, in order to understand potential risk, organizations must know where sensitive data reside across the SharePoint environment. To support this, a new EMC Proven™ solution – EMC Security and Compliance for Microsoft Office SharePoint Server 2007 – validates the ability of RSA DLP Datacenter to deliver these benefits at enterprise-scale. Customers leveraging SharePoint expect high availability. EMC Business Continuity for Microsoft Office SharePoint Server 2007 is an EMC Proven™ solution, which provides technical validation for SharePoint customers to implement high availability by achieving fast recovery from unplanned server failures, simplified restart from server failures, consistent failover and centralized management.
- Enhancements to the RSA Data Loss Prevention (DLP) Suite, an integrated, market-leading suite of data security products that are engineered to discover, monitor and protect sensitive data from loss, leakage or misuse whether in a datacenter, on the network, or out at the endpoints. With 68 new features and enhancements in the areas of policy management and classification, remediation, database scanning, reporting, administration and integration with the RSA enVision® Platform to streamline the process of understanding security risk, the RSA DLP 7.0 Suite is designed to reduce the total cost of ownership of DLP by automating the protection of sensitive data and reporting, lower risk by protecting more sensitive data in more places, and simplify security operations.
A new release of the RSA Adaptive Authentication Platform is now available for risk-based, transparent authentication to corporate resources such as e-mail, intranets and extranets across a broad range of enterprises. Providing enterprises with more choice in authentication based on risk, cost and user convenience, RSA Adaptive Authentication is delivered through on-premise software or via software-as-a-service with a low cost of ownership and increased end user convenience through the use of a self-learning risk analysis and assessment engine using indicators such as device identification, user behavior profiling and the RSA eFraudNetworkSM community.
The new release is designed for large, distributed enterprise environments, including RSA customers AMD, Geisinger Health System and Rapattoni Corporation, to help to positively identify users using self-learning risk indicators before accessing corporate resources. The new release of RSA Adaptive Authentication platform is integrated with leading SSL VPN solutions, RSA Access Manager and RSA Identity Verification. The RSA Adaptive Authentication platform is a proven solution with more than 8,000 customers, currently protecting over 225 million online identities.