This week it was always going to be about the RSA 2012 Conference that finishes on Friday coming. There’s a whole pile of releases, some of which we will look at this week, some next week. The most notable intervention so far has been from RSA’s Art Coviello, who says the security industry is going through hell. Meanwhile, Salesforce gets Symantec’s single sign-in, while RSA promises mobile security.
Security is 'Going Through Hell'
When one of the security industry’s top names says the Internet is in trouble, you’ve really got to sit up and pay attention. However, according to Art Coviello, Executive Vice President of EMC and Executive Chairman of RSA, it’s not just in trouble “…it’s going through hell…”
Headline-grabbing definitely, worrying definitely if you are involved in IT security, and Coviello held no punches at this year’s RSA Conference where he was delivering his keynote speech.
He observed that the security industry has been going through "hell" over the past year with the recent epidemic of attacks.
Referring to the attack on RSA in March of 2011, Coviello stated:
Never has our responsibility to you been as firmly etched in our minds. We have a sense of urgency as never before to take the lessons we learned first-hand, and the privileged insight we obtain from other attacks to use them to drive our strategy, our investments and product roadmaps. In the final analysis, we hope that the awareness from our attack will strengthen the sense of urgency and resolve of everyone."
If RSA is saying it, then lesser firms that depend on the security of their data really need to take heed too.
Coviello noted that up until recently, IT security has succeeded in making the Internet safe enough to transform the world, but times are changing, and trust in the digital world is in jeopardy. But not any more:
New breeds of cybercriminals, hacktivists, and rogue nation states have become as adept at exploiting the vulnerabilities of our digital world as our customers have become at exploiting its value…With increased speed, agility and cunning, attackers are taking advantage of gaps in security resulting from the openness of today's hyperconnected infrastructures and the industry's slow response to recognize the potency of the emerging threat landscape."
He added that the industry in general needs to move away from tracking individual events and develop the capability of shifting through massive amounts of information quickly, creating predictive counter intelligence that can spot the attacks before they come.
But hang on a minute. Isn’t that what the security industry is supposed to have been doing up until now? It seems so, but it hasn’t been able to do it quick enough. We’ll undoubtedly be hearing more about this in the near future.
Symantec Security for Salesforce
Meanwhile, Symantec announced the general availability of Symantec O3 Cloud Identity and Access Control. Symantec O3, the company's cloud information protection platform, will provide three layers of protection for the cloud: access control, information security and information management.
The newly available Symantec O3 Cloud Identity and Access Control provides companies with a single, secure access point to cloud applications and services. In addition, Symantec has formed a partnership with salesforce.com to deliver Symantec O3 for Salesforce, a single sign on, access management and strong authentication application, built on Force.com, salesforce.com’s social enterprise platform.
Symantec O3 for Salesforce will enable customers to leverage their Salesforce identity to securely and conveniently have access to all of their cloud services, enabling two-factor authentication for Salesforce and other cloud applications. The solution is expected to be generally available in mid-2012.
Generally speaking, Symantec O3 Cloud Identity and Access Control enables Single Sign On (SSO) across any web application, including those that do not support federation protocols.
It uses an enterprise’s existing identity infrastructure for authentication while enabling context-based authorization, password management and federation services.
In the next phase, Symantec plans to deliver cloud information security by leveraging Symantec's leading DLP and PGP encryption technologies to detect, block and encrypt confidential information before it’s stored or shared in the cloud.
RSA, Mobile Security
Also this week at RSA 2012, RSA has indicated that it will collaborate with several mobile and virtualization platform vendors to integrate RSA two-factor authentication and risk-detection technologies.
Working through the Secured by RSA Certified Mobile Partner program, technology partners are integrating RSA mobile authentication technologies into applications to enable a simplified, secure mobile user experience.
RSA mobile authentication technology integrates RSA SecurID technology and the RSA Adaptive Authentication solution optimized for mobile applications for leading device platforms including Apple iOS, Google Android, and RIM Blackberry devices.
RSA mobile authentication solutions are designed to provide little to no impact on the mobile user experience while still maintaining strong authentication by using risk indicators powered by the RSA Risk Engine. These indicators include factors such as device identification, geo-location, behavioral profiling, and real-time fraud data from the RSA eFraudNetwork community.
LockPath v2.2 Released
Finally, for this week, GRC provider LockPath announced the release of version 2.2 of the Keylight platform at the RSA Conference.
In addition to helping customers build a risk management program based on ISO 31000 and ISO 27005, Keylight 2.2 provides users with a more streamlined user experience through enhanced, personally configurable dashboards and improved workflow capabilities that expedite the content approval process.
The platform incorporates the Unified Compliance Framework’s (UCF) updates for Q4 2011 that includes ISO 31000 and ISO 27005 risk management documents, and the Standard Information Gathering (SIG) Version 7.0 assessment.
Other features in Keylight 2.2 include:
- Dashboard Enhancements
- Workflow Assignment FieldsPublished
- Compliance Documents View
The new version of Keylight is available now.