RSA Adopts Holistic IT Security As Threats Grow More Sophisticated

The threats organizations face -- including information -- stealing botnets, keystroke loggers and complex underground cyber crime networks -- are real and growing more sophisticated every day.

Combine these existing threats with mounting compliance regulations such as PCI and federal privacy and disclosure laws such as HIPAA and Sarbanes Oxley, and businesses are facing a unique and daunting security climate unlike anything they've experienced before.

And make no mistake, it's only going to get worse, says Art Coviello, president of RSA Security Inc., Bedford, Mass., security division of EMC, because many companies are ill-equipped to deal with the challenges this new security environment will bring.

"The perimeter defense doesn't work anymore," said Coviello in an interview with CRN. "We've created degrees of openness with Web applications and wireless. We're trying to protect this information in a day of information overload."

As security both evolves and matures, vendors and VARs will need to change with it—parting ways with traditional point product and narrowly focused solutions and orienting toward a more holistic approach, said Coviello. He said that these days, issues won't be resolved with just a series of isolated products, but with deliberate strategies that comprehensively assess companywide security environments and implement solutions to achieve required objectives.

And, Coviello said, RSA is prepared to help pioneer that paradigm shift with its beefed-up assurance solution, Authentication Manager 7.1, which it launched at the 2008 RSA Conference in San Francisco earlier this month. "We have to be as organized and purposeful about security as [the criminals] are—understanding what your risks are and doing everything possible to mitigate them," Coviello said. "This is not fear-mongering. There's not a day that goes by that you don't see someone get attacked," he added.

But preparing for a security overhaul on the vendor side is arguably only half the battle. VARs now face the monumental task of convincing clients to rethink their own security philosophy and adopt new and comprehensive strategies to combat growing threats.

Persuading customers to rethink their security philosophy is one of their most significant challenges, partners say.

Preston Hogue, CSO of RSA partner Network Computing Architects Inc., Bellevue, Wash., added that he routinely deals with customers that conduct risk analysis once a year before they're audited and come up with solutions that are tantamount to a bunch of controls. "We ask them, 'How do you leverage those controls to mitigate risk to critical assets?' The majority of them say, 'We don't.'"

Next: New Enhancements