Organizations entrusted with PII from customers and employees are required to take appropriate actions to secure and protect this information. In addition, laws across the United States levy varying penalties " including public notification requirements " for organizations suffering a PII compromise. RSA's PII package is engineered to deliver technologies that support these efforts by enabling customers to:
"Clearly, data breaches carry heavy costs for organizations, not to mention public embarrassment and lost goodwill," said Jon Oltsik, Principle Analyst of Enterprise Strategy Group. "By implementing a set of repeatable, scalable controls organizations can help reduce that risk."
RSA's Packaged Solutions for Securing PII
RSA developed three packages that offer cost-effective, actionable, enterprise-level solutions to mid-sized organizations concerned with preventing PII data breaches, and avoiding the costs associated with breach notifications. These packages were developed to meet different customers' specific needs, depending upon where they are in the process of protecting PII as required by various data breach notification laws across the U.S. A core requirement for preventing a data breach is ensuring only authorized individuals may access systems containing PII. To this end, all three RSA packages include strong two-factor authentication with RSA SecurID' one- time password solutions. With RSA SecurID authentication, organizations can thereby help ensure that both proprietary business data, as well as private customer data, are only available to authorized users.
In addition, businesses striving to protect PII and meet notification requirements must be able to quickly identify a potential breach, and maintain logs that will help to evaluate how an incident may have occurred. To support these requirements, the three packages also include the RSA enVision' platform that offers collection, alerting and analysis of log data in the context of threats, vulnerabilities, IT assets, and other data to enable organizations to quickly respond to high-risk security incidents and compliance issues.
Finally, in order to effectively protect PII and attempt to comply with state-level breach notification laws, organizations must understand where sensitive data resides, and how data moves across the environment. In an effort to achieve this, RSA offers the RSA' Data Loss Prevention solution in three distinct modules. The RSA DLP Suite offers a vast set of pre-defined policies according to certain U.S. Data Breach Notification Laws as well as other regulations (e.g. PCI DSS, HIPPA, NERC, and CPNI).
RSA PII Services
The RSA DLP RiskAdvisor service may be the first step for organizations to address the U.S. Data Breach Notification challenges. RSA DLP RiskAdvisor is designed to discover PII and provide a high-level mapping of business functions to sensitive information, helping organizations to understand where PII exists across the enterprise so that it can be consistently managed and protected across the information lifecycle. RSA Professional Services leverages the RSA Data Loss Prevention Suite for discovery of PII and provides a view into potential exposure.
Beyond the RSA Packages for Protecting PII
In addition to technologies found within the new packages " two-factor authentication, security information and event management and data loss prevention -- RSA's technology solutions for helping to secure PII include adaptive authentication, web access management, encryption and encryption key management. These technologies provide key controls necessary to secure PII - at rest, in motion and in use, thereby mitigating the risk of data breaches, and helping to enable organizations to meet U.S. Data Breach Notification Laws and other regulation requirements in the most consistent, scalable manner possible. Moreover, EMC's Physical Security Solutions are engineered to enable organizations to manage, archive, protect, authenticate, and scale security systems and video surveillance information in order to control the physical access to records and to storage areas of records containing PII.
RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle " no matter where it moves, who accesses it or how it is used.
RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.