Posts Tagged RSA
A recently announced recall of RSA’s SecurID product is causing waves across the industry. Navigating these events and considering the implications, we review some of the aspects and analyze where the industry stands in relation to these conditions.
The details on the various federal contractor breaches have continued to emerge in recent news. Anofficial recent announcement from RSA acknowledged the previously rumored link between the initial RSA incident to the Lockheed Martin intrusion. L-3 and Northrop Grumman are likely to have been attacked through the same vector. This alarming series of breaches has caught the attention of media and customers alike. Among other sources, China has been mentioned as a possible source for these attacks. Meanwhile, reports of major defense contractors replacing RSA SecurID tokens with other token technology have been seen.
The recent eruption of reporting on federal contractor organizations and recent compromises has certainly been alarming. As a result of this there have been a number of theories and conspiracies coming forward. At the root of these theories is a commonality derived from the RSA compromise where it is believed that the cryptographic keys for SecurID may have been taken. What these events mean to the enterprise however remains to be seen. With absolute certainty, federal institutions and their affiliates will be on watch for continued attacks, and if indeed RSA related, we can be sure that they are addressing deficiencies by all technological means possible.
Every time I talk to Art Coviello, President of RSA, I get depressed, scared and hopeful. I received a memo today from RSA which was Art’s yearend review and 2010 look ahead. Here are some excerpts.
From the Desk of Art Coviello
Subject: Security in 2009 and a look ahead
Emulex’s strategic direction is to help IT shops provide additional data protection and privacy by encrypting data at the source – in the host server. There has been plenty of news about data breaches and literally millions of data records at risk, and some of the laws requiring public disclosure of data breaches. More recently, some states within the USA have passed laws requiring encryption for transmission or storage of personally identifiable information outside of a secure system. CIOs can no longer debate about whether to encrypt. Encryption is no longer an option, but a requirement.