With data breaches and security incidents making headlines regularly, the RSA Conference is vitally interesting to IT managers trying to ensure their organization isn’t the next one to fall prey to an attack.
Promising the latest data protection solutions, RSA is happening this week at the Moscone Center in San Francisco. This post will provide a quick overview of some of the solutions and trends that industry professionals are talking about at RSA.
Security and encryption is top-of-mind for organizations
A new report from business consultancy Visiongain said the cyber security market will reach $81.4 billion this year.
The use of encryption continues to grow in response to cyber-attacks, privacy compliance regulations and consumer concerns according to the 2016 Global Encryption Trends Study from the Ponemon Institute (sponsored by security providers Thales and Vormetric).
The same report also found that the majority of organizations plan to transfer sensitive data to the cloud within the next two years. However, despite this rapid move of sensitive and confidential data being transferred to the cloud, only a third of respondents had an overall, consistently applied encryption strategy.
On the mobile front, HPE research unveiled the results of a scan spanning 36,000 iOS and Android mobile apps. It revealed that more than half of mobile applications are collecting alarming quantities of data from users, but not all taking the necessary steps to protect this sensitive information.
CSA assembles Global Advisory Board
The Cloud Security Alliance announced the formation of the CSA Global Advisory Board, a 10-member body including some of the most recognized experts within IT, information security, risk management and cloud computing. On Monday, the board produced its first annual State of Cloud Security report, which provides a view of the cloud computing industry through the lens of information security. The report aims to grow awareness of the gaps and solutions that practitioners must advocate for, and help cloud providers better understand the needs of their customers.
CSA CEO Jim Reavis has noted that the security of the cloud is vitally important as more organizations adopt it, and that the “CSA’s standards and recommendations” must be “at the forefront within this ecosystem.”
Adding meta data into the mix
Gigamon, a company specializing in traffic visibility solutions, has added a metadata engine to its GigaSECURE Security Delivery Platform to add contextual security analytics to its packet-based security.
With the huge rise in the volume and speed of data, the traditional scanning of network packets and logs is becoming too computationally demanding and expensive. Meanwhile, big data analysis can be applied to the whole network to more effectively approximate the location of possible network compromise.
Gigamon’s metadata engine centrally generates and aggregates contextual information about network traffic and simultaneously sends it to security analytics software that interpret this information to improve the speed of detection and quickly respond to breaches.
The Metadata Engine will be generally available this month to all GigaSECURE software subscribers.
The Global Advisory Board has been established to support CSA in further anticipating emerging trends, and as a result, increase the influence enterprises have over the future of the cloud industry’s ability to address dynamic and optimal cloud security requirements.
Security through biometrics
At RSA, BluStor announced it will begin shipping its CyberGate cybersecurity platform in March which includes the CyberGate Secure Mobile Briefcase (SMB), a credit-card-sized ID card containing personal biometric information.
Two-factor authentication (2FA) solutions typically rely on usernames and passwords (“what you know”), and a physical security device (“’what you have”), creating a security hole given there’s no guarantee a device is secure.
The CyberGate platform adds three or more factors of authentication that helps ensure individuals are who they say they are through the use of multi-factor biometrics including face, voice, iris and even multiple fingers.
Attacks you can see: Skybox Security gives CISOs Attack Surface Visualization
At RSA, security analytics provider Skybox Security is providing the first preview of Skybox Horizon, a new security management tool that lets CISOs visualize their enterprise attack surface. It visually maps exploitable attack vectors, vulnerability hot spots, network security misconfigurations and risky firewall access rules.
Horizon is integrated with the Skybox® Security Suite and uses the contextual intelligence gained from consolidating and analyzing data from various sources to create a visual, interactive model that links network topology, network connections, business units and organizational hierarchy.
The hope is that visibility can enable an organization to create a comprehensive security management program that helps shrink the attack surface.
Security by Design: HPE introduces new end-to-end security reference architecture
At RSA, Hewlett Packard Enterprise introduced the HPE Cyber Reference Architecture (CRA), a comprehensive framework designed to help build resiliency into organizations to help stop complex security threats. It includes 350 distinct security architecture blueprints and is designed to address challenges such as cloud, mobility, Machine-to-Machine, and Internet-of-Things.
Secure mobile apps with releases from providers like HPE and Nubo Software
Hewlett Packard Enterprise announced HPE SecureData Mobile, an expansion to the HPE SecureData product portfolio that adds end-to-end mobile data encryption to protect sensitive information.
Business-class app provider Nubo Software has expanded its security features for its remote enterprise workspace solution Virtual Mobile Infrastructure, and unveiled its new secured Messenger and administrative Control Panel app.
The latest security update has added a layer of authentication that verifies the end user’s certificate in order to access enterprise web applications. This includes Single Sign-On (SSO) security protocols but it also enables users to sign in to apps just once after initial approval.
Nubo’s app suite includes email, calendar, contacts, file and folders, OfficeSuite tools (word processor, spreadsheet and presentation apps), a web browser, and camera.
The two new business-class apps added this week are a real-time Messenger app and a robust Control Panel for administrators. Messenger lets employees instant message and collaborate with each other without storing any data on devices. The Control Panel app lets administrators monitor usage and user activity logs, connect and disconnect devices from access from the remote network, drag and drop any app to the remote environment, and deploy mobile apps to custom-defined users and groups.
This certainly promises to keep data safer in a world where when devices can roam anywhere.