The Great Cipher Mightier Than The Sword

The world's top information security professionals and business leaders gathered at the annual RSA Conference held at San Francisco's Moscone Center. With the theme “The great cipher is mightier than the sword”, RSA Conference 2012 brought together the information security industry to discuss pressing security trends and learn the essential strategies for addressing current and future threats. Through interactions with peers, industry luminaries and emerging and established companies, RSA Conference proved to be a platform for security experts to collaborate and drive innovation.

Cloud-based security solution in the offing

RSA and Zscaler also announced that they are jointly developing a cloud-based solution to assert continuous trust in identities accessing any web application or cloud service. The solution is designed to enable organizations to apply policy and control to identities even outside corporate networks, and simplify the challenge of managing user credentials associated with multiple cloud applications and web services. The integration of risk-based authentication and identity federation from RSA's Cloud Trust Authority and RSA Adaptive Authentication solutions along with the inline web security capabilities of Zscaler's Cloud Security service would enable a ubiquitous service for continuous, risk-aware identification of users accessing the Internet.The solution will include strong user authentication, identity federation, and dynamic risk assessment based on device identification, user behavioral profiling, and vulnerability detection. The combined service being developed will be engineered to help organizations mitigate the risks of data theft, service abuse, and other threats that stem from insufficient authentication, stolen credentials or compromised user devices and accounts.

Criteria outlined by RSA to deliver security for cloud

Authentication must move to the cloud: To address increased mobility of end users, authentication itself must be delivered from the cloud regardless of user locatio

Enterprise identity management must extend to the cloud: Identity information confined within the enterprise must extend to the cloud rather than create multiple independent silos of identities.

Trust must be constantly verified: Trust is the key component throughout the user session and must go beyond authentication at login to more confidently detect and prevent session compromise.

Security must be risk-based: Risk-based controls and analytics need to adapt to the risk levels that exist as users travel to remote locations, utilize remote networks and access a broader variety of cloud and web-based apps.

Leverage an ecosystem: Providing trust, visibility and control will require an ecosystem versus any single vendor solution. Security must be built into the Internet directly across all devices and access methods.

Survey findings

RSA also released a survey result, conducted by Carnegie Mellon CyLab. The survey was aimed at the governance of the privacy and the security of the organizations by boards and senior executives and Forbes 2000 listed companies are a part of this survey. To much surprise, board and seniors are not governing the privacy policy appropriately. The survey indicates a serious lack of attention at the top. Almost half of the respondents indicated that their organization do not have personnel in key privacy amd security roles, and 58% said that their boards are not reviewing their companies insurance coverage for cyber-related risks. We also got the chance to interact with Uri Rivner, Head of New Technologies, Consumer Identity Protection, RSA, The Security Division of EMC. When asked about the security of the banks, considering the recent attacks on large enterprises, Uri said that today banks are much more secure than any other organization. One of the reasons is their fight against cybercrime for 5-6 years and another, which is most important, is the collaboration between them to fight against new attacks.

The author was hosted in San Francisco by RSA