Category Archives: Security

2013 RSA Conference Shows Risk Management A Growing Priority

Posted on by
Reply

By Doug Graham, Senior Director, Global Security Office – Risk Management

The 2013 RSA Conference provides a terrific venue for industry leaders to share and communicate, but one topic, I couldn’t help but notice a dramatic rise in interest: Risk Management. Over the past three RSA Conferences, I have seen our Risk Management seminar increase from a peer-to-peer session of 25 people two years ago to more than 800 people at this year’s session — and with good reason.

The idea of risk management resonates deeply within the industry, including the need and practice of risk management and the desire to bond security, data analytics and the business. A well-rounded discussion was generated from the audience that focused on a number of pivotal ideas of risk management: What does risk management mean to an organization? How does an organization measure success? How can an organization work more collaboratively to push back against threats?

Risk Management and the Business

As we in security continue to study and execute the science behind risk management, we understand more and more that it cannot be managed in a bubble. Risk management, to be truly effective, must move into the business. Ultimately, the security organization cannot accept the notion of an impenetrable or perfect system as a matter of doing business. By evangelizing risk management into the business, we create a new sense or priorities and responsibilities in which non-security and non-IT business users assume risk management as their own.

When this occurs, perspective is gained on how other units respond to risk, even down to financial management and financial risk. In that regard, risk management no longer lives in a vacuum and advocates begin to pop up throughout the organization. These advocates will expand the network of risk management and operate in a way that bolsters an organization’s security posture. That was an important message from this year’s RSA Conference.

Continue reading

Communicating Risk Management in the Face of Constant Threats

Posted on by
Reply

By Doug Graham, Senior Director, Global Security Office – Risk Management

In the face of an ever-changing security landscape that presents constantly unique threats, an enterprise’s defense must be robust and complete with multiple layers of prevention and defense strategies.

While enterprises may arm themselves with the most technical controls possible, a critical element to a proactive defense is communication. When we speak about communication, we refer to a strategy that goes far beyond messages to your employees about the latest security guidelines being handed down. The key to communication is removing the perception that the security organization is an obstacle to doing business.

At EMC, we have moved to empower people by breaking down barriers of communication between IT and the business. Through this approach, we have found success broadening the responsibility of risk management and changing the core behaviors of individuals that results in a stronger security posture and overall defense.

Continue reading

EMC Security Chief Highlights New Strategies to Meet Big Impact IT Trends for 2013

Posted on by
Reply

New, advanced technologies continue to provide a faster, more agile environment. But those technologies – cloud computing, mobile platforms, Big Data and social media – can widen the exposure companies face to potential security threats.

To help companies remain proactive in their security measures, the latest Security for Business Innovation Council (SBIC) report titled, “Information Security Shake-Up: Disruptive Innovations to Test Security’s Mettle in 2013,” offers a forward-looking analysis of the new enterprise threats in 2013, and recommendations for how security teams can limit risk.

The report also examines four strategic steps enterprises can leverage to strengthen their security programs, including: How to boost risk and business skills, court middle management, tackle IT supply chain issues and build tech-savvy action plans.

You can learn more about the SBIC Trends Report 2013 by viewing the following video featuring EMC Vice President and Chief Security Officer Dave Martin. We have also discussed related topics in previous blogs on this site, which combined with Dave’s video and the new report, will offer a full picture of security innovations we’ve explored at EMC.  

Keeping the Bad Guys on the Run: Working Together to Neutralize Cyber Threats

Posted on by
Reply

By James Lugabihl, Senior Manager, EMC Critical Incident Response Center, EMC IT

Threat intelligence is king. The more you have, the better positioned you are to protect your organization from cyber attacks.

But staying on top of threat intelligence to fight these sophisticated attackers requires a new, collaborative approach to security—one that most companies and organizations haven’t embraced as yet. We need to be able to continuously share information on the latest cyber attack techniques on malware and email campaigns beyond our own networks in order to defend against an onslaught of external and internal threats. We need to “talk” to each other to warn against the latest tactics.

Getting beyond “defend” mode

Most companies are still in “defend” mode, using the traditional firewalls and other perimeter-based tools to guard their networks and data. While you don’t want to get rid of those old war horses, your company does need to expand its capabilities to defend against and respond to the more sophisticated threats. By tapping into what other organizations are seeing in terms of attack techniques, tactics and procedures (TTPs), you can detect such threats much earlier and minimize damage.

I manage the Critical Incident Response Center (CIRC) at EMC, tasked with defending the company’s revenue stream and future market value from cyber threats. At EMC, we believe we have been able to achieve a uniquely high level of incident response capability using much of our own cutting-edge information security technology.

Continue reading

Changing Our Information Security Culture: EMC’s New Collaborative Approach to Reducing Risk

Posted on by
Reply

By Doug Graham, Senior Director, Global Security Office – Risk Management

What do corporate IT security and healthcare have in common these days? Both are undergoing a cultural shift in which customers are being asked to take responsibility for their own well-being.

Just like getting individuals to focus on proper diet, exercise and screening efforts can help prevent health problems and keep everyone’s medical costs down, so can getting IT users to embrace proper security practices help prevent costly security complications for employees and the company they work for.

At EMC, this realization is driving a major transition in our approach to security. We are evolving from a centralized global security team that dictates regulations to the business units that consume IT without their input – to a dispersed security force that works with the business to understand their needs and create policies and standards that the business can live with.

Last year, our Global Security Office (GSO) began a multi-year effort to transform its security approach.
Continue reading

Big Data Takes On Security

Posted on by
Reply

When it comes to IT security, we are at an opportunistic intersection.  Each and every day, we hear more and more about how the increasingly complex and aggressive threat landscape is impacting the security of companies around the globe.  However, Big Data strategies and technologies are rapidly approaching the intersection and arming us with the analytics we need to more proactively assess risk and identify threats.

As a leading global technology company, EMC has wholeheartedly embraced Big Data to get ahead of this.  If you’re interested in learning more, EMC is also hosting a webinar on “Using Greenplum to Deliver Big Data Analytics” on Tuesday, Sept. 18th @ 11am PT.  Sign up here:  http://bit.ly/SyLwWV

It’s A Different IT Security World

Posted on by
Reply

TO CATCH A CYBER THIEF: FIGHTING SECURITY THREATS IN REAL TIME

By Ramesh Razdan, Senior Director of EnterpriseServices and EMC Distinguished Engineer, and Steen Christensen, Director, Information Security

Like just about everything else in today’s socially networked universe, enterprise IT security has evolved dramatically in recent years.  Security teams are charged with safeguarding vital information in a world connected by a continuous and rapid exchange of an ever-expanding deluge of information. And among those logging on are a growing number of cyber criminals launching continuous and sophisticated threats to organizations worldwide. Investigations have become extremely complex with the need to be able to analyze data with context and speed.

No longer can organizations rely on traditional perimeter security and firewalls to protect their vital information assets. Nor can they effectively combat today’s sophisticated cyber criminals by analyzing threats after the fact. In fact, those that think they can in today’s complex cyber world are just sticking their heads in the sand.

Thankfully, Big Data tools and platforms have evolved to meet these new threats head on, armed with real-time data gathering and high speed security analytics.
Continue reading

How Will CIO’s Meet Growing Security Threats

Posted on by
Reply

BUILDING TRUST WHITE PAPER EXCERPT

When it comes to protecting enterprise data, CIOs and CSOs are at a crossroads. The complexity and prevalence of security threats continue to grow, bolstered by consumer IT and mobility. The open nature of IT has paved the way for far more sophisticated attacks – beyond conventional credit card data theft to multilevel attacks. Information security executives face perhaps the toughest challenge of their careers.

The business requires and expects total freedom and choice in technology, yet risks come from any number of places: users at their desks, users working from many different mobile devices and unsecured networks, and users downloading applications at will from the Web. Corporate integration with social media sites provides a new path for malware to the network – not to mention privacy risks and even identity theft. Hackers still have many more opportunities to grab enterprise data and are getting smarter by the day. Given the pace of change in our Web-based mobile world, who knows what next month will bring?

In this interactive white paper from CIO Magazine and EMC, learn how tightening the relationship between CIOs and CSOs will help create trust, the foundation of business relationships today. Embedded videos feature Art Coviello (RSA Executive Chairman), Sanjay Mirchandani (EMC CIO), and Dave Martin (EMC CSO), and a quick survey provides benchmarking between CIO peers.
Read the White Paper

Trust, But Verify

Posted on by
1

Lately I’ve been in an increasing number of conversations about “multi-tenancy,” and its viability/fitness for use in business IT. Most start out framed as technology discussions. One recent exchange reminded me of a blog post and comment thread back in January on “secure multi-tenancy.” The comments, predictably, devolved into heated debate over who claimed which technologies could do what, who disputed whose claims, and so on.

For my own part, I don’t see technology alone as adequate. What intrigues me, though, is how many IT people that believe technology can—indeed, must—somehow address all this. Continue reading

Why EMC IT Is Going “All In” On Private Clouds – Part 5

Posted on by
2

This is the final part of a series of posts outlining how our IT organization started its aggressive journey to private clouds. Previously, I described IT’s strategy shift, the trigger for its urgency, navigating through “cloud fog,” and the unusual path IT decided upon.

In this post, we’ll take a look at EMC IT’s overall strategy for actually making this journey. Continue reading