RSA Executives Offer Seven Guiding Principles In Security

Execs highlight need for organizations to develop a systemic security strategy

October 20, 2009

6 Min Read


LONDON, Oct. 20 /PRNewswire/ -- RSA½ CONFERENCE EUROPE 2009 -- Building a systemic security strategy to help organizations better face challenges and exploit opportunities spurred by next generation technology trends was the theme of the opening keynote at the 2009 RSA Conference Europe. In a joint keynote address, Art Coviello and Christopher Young, President and Senior Vice President, respectively, with RSA, The Security Division of EMC (NYSE: EMC), highlighted the need for organizations to develop a systemic security strategy that treats escalating technology trends not as a burden to be lifted, but as an unprecedented opportunity to improve security and build a more secure information infrastructure.

"While technology and information have evolved and grown dramatically over the past 100 years, people's behaviors to cope with this growth have evolved at a much slower pace and our ability to keep up with the complexity foisted upon us is limited," said Art Coviello. "So today, high value is found in taming the complexityso that humans can take full advantage of these dramatic developments and advancements in technology. This is the challenge facing IT organizations around the world."

In the joint keynote address, both EMC executives addressed oncoming trends -- data center virtualization, cloud computing, the growth of mobile applications and social computing, for example -- that are redefining the way information security is applied. Rather than bucking these trends and ignoring the risks they pose, Coviello and Young encouraged organizations to embrace them and seize the opportunity to build better security into the information infrastructure. To accelerate this shift, they equipped the audience with Seven Guiding Principles encompassing the critical elements required to build an effective information security strategy within today's evolving security landscape.

"Those who choose to embrace the trends will be best positioned to ride the wave of innovation reaping the associated rewards of increased revenues, reduced costs and faster, more flexible infrastructures," said Young. "To do so, we need to rise as an industry to meet next generation trends with a next generation information security strategy."

RSA's Seven Guiding Principles: Building a Systemic Security Strategy

RSA, The Security Division of EMC, asserts that the time is now for enterprise security leaders to define systemic strategies that will not only enable their organizations to effectively secure today's rapidly changing environment, but will also position them to deliver a more secure information infrastructure tomorrow. This system acknowledges independent products, but urges security practitioners to focus on how those products can work together to solve common problems and open up new opportunities.

The following are concrete examples from RSA's own business that exemplify how the Seven Guiding Principles can be implemented:

1. Security must be embedded into the IT Infrastructure -- The first principle acknowledges that security should not just be integrated within the infrastructure, it should be embedded within it. This belief is driving major RSA initiatives, including its work together with Cisco. Teams from RSA and Cisco have joined forces to embed data loss prevention into devices such as the Cisco IronPort½ email security gateway. RSA and VMware have also engaged in a technology partnership to embed core security controls into the virtual infrastructure to help organizations reduce risk and increase their overall security posture. 2. Develop ecosystems of solutions --Ecosystems must be formed to enable products and services from multiple organizations to work together to solve common security problems. RSA has invested in the RSA eFraudNetwork(TM) community, an ecosystem created in collaboration with thousands of financial institutions across the globe to spot fraud as it migrates between and among financial institutions on a worldwide scale. 3. Create seamless, transparent security --Making security largely transparent to users and systems that it is designed to protect is critical to bridging the gap between the rate of technological advancement and the ability people have to keep up with it. The goal to create seamless and transparent security was the motivation behind RSA's technology partnership with First Data Corporation, the largest payment processing company in the world. RSA and First Data recently announced a service designed to secure payment card data from merchants by eliminating the need for merchants to store credit card data within IT systems. This service is being built into First Data's payment possessing system, making it seamless and transparent to merchants and their customers. 4. Ensure security controls are correlated and content aware -- The average user's access to information is growing exponentially alongside the number of regulations and requirements that govern the protection of that information. In the EMC Critical Incident Response Center (CIRC), security information management is centralized so it can correlate data from information controls such as data loss prevention, identity controls like risk-based authentication, and infrastructure controls such as patch, configuration and vulnerability management systems. This advanced approach to security operations is designed to accelerate how quickly security analysts can get the intelligence required to distinguish a benign security event from something more threatening to the business. 5. Security must be both outside-in and inside-out focused --RSA argues security must include a two-pronged approach that protects both the perimeter (the outside-in) and the information itself (inside-out). Since users are accessing information from a variety of devices inside and outside the network as well as in the cloud, security policy and controls must adhere to information as it moves throughout the information infrastructure. 6. Security has to be dynamic and risk-based --Since they are not bound by rules and regulations, criminals and fraudsters are free to deploy increasingly creative attacks. To battle this reality, organizations need to be positioned to dynamically correlate information from a number of sources and respond to real-time risks related to both infrastructure and information. RSA will announce this week that it is offering new consultative and advisory services to help enterprises implement or improve their security operations function to more effectively manage both risk and IT compliance programs. 7. Effective security needs to be self-learning --The dynamic nature of IT infrastructures and the malicious attacks launched against them is outpacing the ability of human beings to keep up with their speed and complexity. For this reason, information security strategy must be dynamic and behavior-based. To help support this goal,RSA today also announced it is teaming up with Trend Micro to leverage real-time intelligence of spyware, viruses, spam and other data generated by their Trend Micro's Threat Resource centers. To increase endpoint protection for RSA½ FraudAction(sm) Anti-Trojan Service customers, this vital information is now being ported directly to the RSA½ Anti-Fraud Command Center.

About RSA

RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle -- no matter where it moves, who accesses it or how it is used.

RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit and

RSA, eFraud Network and FraudAction are registered trademarks, trademarks or service marks of RSA Security Inc. in the United States and/or other countries EMC is a registered trademark of EMC Corporation. IronPort is a registered trademark or trademark of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. All other products and/or services are trademarks of their respective owners.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights