Gov. Palin, Yahoo! Email and Security—A Call To Action?

I am happy to report that I was recruited into writing a new blog on our RSA website-- some of the subject matters that I get excited about are more synergistic with the content here. I trust this will be a good introduction for you to all my august colleagues, and that you shall gain from the wealth of diverse security viewpoints as well.

One such topic that has been brewing for some time is that of identity fraud. This type rears its ugly head in all sorts of ways, and sometimes as it did here, does so in big, mean ways. As I read of the Gov. Palin email debacle, several thoughts occurred to me on the hows and whys, and if it wasn't time for us all to move the security benchmark to a higher standard.

Enjoy the blog on Gov. Palin, Yahoo! Email and Security—A Call To Action? . And do write in with your thoughts, comments.

Or, read on here...

Big Bank Does Well Financially—Really!

What a refreshing conversation it was—a senior Global 100 bank’s IT executive was gushing on how he was in the money. No, really! And even better, amidst today’s financial fiascos, he had selected to tell me about how he was financially ahead by deploying some state-of-art security solutions.

Unheard of, you might say. But could it be that we are looking at the early reports on the benefits of Security done right?

Towards A Secure Information Infrastructure

The IT industry needs a consistent framework to move towards Sustainable Security— one that we can build, deploy and support throughout the lifecycle of the infrastructure, and indeed, the information itself.

At EMC and RSA, the framework we use for a secure information infrastructure is built on three tiers—secure products, security products and secure processes. The concept is to design as complete a security profile in our products as possible, and to manage this level of security throughout the product’s entire build, deploy, support lifecycle.

There are two drivers for this commitment at EMC: we will and we can! First, our customers demand it, so we will. Second, with our leading RSA security technologies, we can, and can do so really well.

A New Vision For IT Security

It’s always easy when you build something starting from a clean slate. The challenge is in getting control of the present complexities, and to institute systematic changes to achieve the desired final state.

In the IT world, nothing could be farther from the truth— organizations operate in a mish-mash of legacy systems, glued-together applications and tenuously operating infrastructures. Little wonder that IT security is such a hard proposition to deliver on.

But there is hope, and a basic framework for a secure information infrastructure is emerging…..

Chrome, Security & The Google DNA

As Google beta releases its new web browser, Chrome, a lot is being said about its security lapses that are quickly coming to light. I don’t believe it really matters if the lapses are big or small, correctable or not, or just marketing faux pas versus mere engineering slips. I am more concerned with the genesis of Google’s security challenges, and if these traits can be inherently set right in short order.

I can’t say I can gauge the maturity of Google’s security programs. But I suspect that such elements of its program as security policy, deep training, consistent process and security technology already exist and can and will be raised to the necessary and highest levels.

Yet, I think there is something more… Could it be that Chrome’s security lapses might well be ingrained in Google’s DNA itself?

Why Yet Another Blog On Security?

Because I am big on information security, particularly security that is done right—Security that addresses information risk as directly as possible. Security that enables business and consumers to conduct their affairs without the fear of grave business impacts.

I seek Security that is Sustainable—Security that is designed not in one point in time, but with the potential to be dynamic and that grows to address newer threats. Security that covers the comprehensive data or product lifecycles— from creation through expiration.

This blog is one that mostly underscores Security done right— in industry, with organizations, through strategies and with creative solutions.

Sustainable Security is about doing Security right.