In security, ‘unity’ has multiple meanings
This year’s RSA Conference theme is the Power of OpportUNITY, but some opportunities to unify and integrate security are easier than others
When I first saw the theme for this year’s RSA Conference, I thought, “Yeah, that’s it. Unity is the secret sauce to making our companies and our nation more secure.” But some areas where there is opportunity to unify, collaborate and integrate, may be harder than others.
“Unity” can be associated with at least two things when you think about security:
First, it indicates a unified, collaborative front in the battle against bad actors. A great example of this would be the DHS Automated Indicator Sharing Program (AIS) which “enables the exchange of cyber threat indicators between the Federal Government and the private sector at machine speed.” The idea here is to share information in real time when attacks are realized, alerting others so that they can take defense against a particular threat.
In theory, this is a great idea, but it’s been met with concerns from industry which Mordecai (Mo) Rosen outlined in his blog after testifying in front of Congress about the Cybersecurity Act of 2015. He suggested industry needs trust, clarity on liability and an understanding around privacy and personally identifiable information in order to fully embrace information sharing the way the program outlines.
The takeaway: The opportunity for a unified and collaborative security front is achievable, but it will take adjustments to get there.
Second, unity can imply the integration of security solutions for a unified, holistic approach to security. When integration, analytics and automation are part of a security system, great things happen. The value of these large investments is amplified to provide a more streamlined and comprehensive security posture for the organization.
For example, when governance is implemented with privileged access and identity management, it helps address not only security, but also compliance needs across all user access – privileged or not. In addition, when analytics and automation are combined and anomalies and threats are detected, a system can trigger company-defined controls to mitigate risks, such as starting session recording, alerting the security incident and event management system and security operations center, generating an incident report or simply ending the session.
When it comes to the “power of opportUNITY” in security, the prospects are vast and I’m sure extend well-beyond the two addressed here. Let’s not let opportunities pass us by. Let’s refute the quotes by Ann Landers and Albert Einstein that say opportunities are missed because they require hard work. The stakes are too high; we need to work hard and seize every security opportunity.
If you’re heading to the RSA Conference next week, stop in the CA Technologies booth #3409 in the North Hall to see CA’s integrated and interactive identity and access management solutions, including: CA Identity Service, CA Advanced Authentication, CA Single Sign-On, CA Privileged Access Manager and CA Identity Suite.
In addition, mark your calendar and get ready to vote: Analytics or Bacon: Which would you choose? CA’s Mark McGovern will pose this question and draw some parallels between two hot topics within their respective industries – analytics and bacon. And while some may view analytics as “delicious” and the thing that everyone has on their plates, Mark will highlight practical thinking for deploying them.