Real-time compliance, social networking and the cloud highlight RSA

Real-time compliance, social networking security, evolving cybersecurity threats and cloud computing compliance were among the top themes at RSA Conference 2010.

This Content Component encountered an error

SAN FRANCISCO -- Four themes -- real-time compliance, social networking, cybersecurity and cloud computing -- emerged as important factors of enterprise IT at the recent RSA Conference 2010.

More on information security
RSA Conference 2010: news, interviews and updates

Cloud Security Alliance releases top security threats
On the one hand, "real-time compliance," enabled though governance, risk and compliance dashboards, could easily be consigned to marketing hype. On the other hand, vendors at RSA pitched improved regulatory compliance management through log management tools, as well as security, information and event management systems.

"Some of the move to real-time compliance is motivated by perceived changes in threat landscape," said Scott Crawford, research director at Enterprise Management Associates Inc., at the conference. "Dealing with threats has become a lot more of a challenge. There's concern about advanced persistent threats, though not quite in the sense of the Air Force's [situational awareness] reference.

"Compliance officers are really wondering what to do," he said. "This issue, however, is that they often aren't taking advantage of what could be done right now, including change management and log management, and then acting on that information."

Cloud computing may be becoming an overused buzzword, but the conference had its head in the cloud. The Cloud Security Alliance released its top security threats and research on cloud security.

Buzzword or not, understanding cloud compliance will be an important area for CISOs and CIOs in the year ahead. Scott Charney, corporate vice president of trustworthy computing at Microsoft, observed in his keynote that the requirements for identity management are amplified by cloud computing.

According to Charney, enterprises will need identity management that includes privacy, minimal disclosure and in-person proofing. Microsoft announced that it released its U-Prove algorithms for identity management under an open specification promise, including two reference toolkits under an open source license.

RSA Security Inc., along with Intel Corp. and VMware Inc., unveiled its own proof of concept for creating secure and compliant cloud services.

Social networking security

The explosion of social media in and outside of enterprise environments has presented new security and compliance challenges for enterprise IT professionals. Malcolm Harkins, Intel's CISO, received the Executive Security Action Forum award for "excellence in the field of security practices" for integrating social media securely at his enterprise.

The official adoption of a policy for the secure use of social media at the Department of Defense sheds light on the question many security officers are asking: How do you move from risk avoidance to risk management?

As SearchSecurity.com senior site editor Eric Parizo wrote, social networking threats are putting new pressure on health care CSOs. Allowing access to social networking and Web 2.0 technologies has created new concerns about keeping IT environments secure.

Evolving cybersecurity threats

Rob Westervelt published an article at SearchSecurity.com on security themes to watch at the RSA Conference, focusing on evolving Google attacks, private and public cloud models and critical infrastructure protection. That first topic is central to many conversations, given the wake-up call that the Google Aurora cyberattacks delivered to enterprise security.

Compliance officers
are really wondering
what to do.
This issue, however, is
that they often aren't taking advantage of what could be done right now.

Scott Crawford
research directorEnterprise Management Associates Inc.
Growing cybersecurity threats to critical infrastructure and the electric grid have put a new focus on North American Electric Reliability Corporation regulations -- and on real security, as opposed to "checkbox compliance." The challenge, according to former government officials and experts at RSA, is that privacy protection is essential in the fight against cybercriminals.

Officials from the federal government focused on the need for better private-public partnerships. The FBI is seeking more help from the private sector when it comes to reporting cybercrime. The White House declassified a Comprehensive National Cybersecurity Initiative summary, revealing more information about its cybersecurity initiatives. The Department of Justice urged companies to share data breach information.

Homeland Security Secretary Janet Napolitano challenged the audience to raise awareness, announcing a National Cybersecurity Challenge. "A secure cyberenvironment is as much about people and habits and culture as it is about machines," she said. In the Quadrennial Homeland Security Review, Napolitano said that for the first time, a major mission area will focus on cyberspace. She asked the private sector with help in three areas of IT: automation, interoperability and privacy-enhancing authentication.

Napolitano also said that the DHS is moving to the third phase of "Einstein," a federal intrusion prevention system that will "detect malicious activity and disable it before it does harm."

Let us know what you think about the story; email Alexander B. Howard, Associate Site Editor or @reply to @digiphile on Twitter. Follow @ITCompliance for compliance news throughout the week.

Dig deeper on Managing governance and compliance

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchHealthIT

SearchCloudComputing

SearchDataCenter

SearchDataManagement

SearchSecurity

Close