Global Security Chiefs Advocate for Accelerated Investment in Transformative Technologies

BEDFORD, Mass., May 12, 2014 /PRNewswire/ --

News Summary:

• RSA released a new Security for Business Innovation Council (SBIC) report that recommends accelerated investment in technologies designed for building better anticipatory defenses and improving business productivity.
• The Council identifies three strategic areas for technology investment to dramatically strengthen security capabilities as cyber threat resiliency, end-user experience optimization and cloud security.
• The Council also provides recommendations to successfully navigate new technology deployments and maximize security investments.

Full Story:

A new report released today by RSA, The Security Division of EMC (NYSE:EMC), from the Security for Business Innovation Council advocates three key areas for technology investment and recommendations for specific security technologies to better build anticipatory defenses while also improving business productivity.  The report, Transforming Information Security: Focusing on Strategic Technologies identifies three key areas for technology investment as cyber threat resiliency, end-user experience and cloud security.  This latest report offers organizations insight from top security leaders to dramatically strengthen security capabilities and maximize technology investments when considering complex deployments.

In their roles, Council members collectively observe the major innovations underway in security technology and contend that these technologies are not being developed or implemented quickly enough.  Organizations now acknowledge the inevitability of breaches, and have turned attention to minimizing their impact.  As such, security leaders are focusing on strategies and technologies that help provide threat resilience versus prevention and prioritizing investments in solutions that provide better detection and response capabilities.  Against this backdrop, the report affirms that Big Data analytics is a foundational technology needed to help achieve a stronger cyber defense.  Next-generation anti-malware technology is also identified as a key area where organizations should add new techniques to baseline capabilities.  Council members highlight the importance of improving end-user experience for business productivity gains and suggest investments in more flexible methods for authentication and Identity and Access Management that help reduce risk.  Furthermore, the report evaluates the latest claims about cloud security services designed to help enterprises with visibility and control.

The Council details three recommendations that provide prescriptive guidance to successfully navigate new technology deployments and maximize security investments:

1.      Look at Least Three Years Ahead

By using SWOT analysis, aligning with IT and the business, creating an enterprise-wide Big Data strategy, and engaging with auditors, organizations can formulate plans to determine what security capabilities will be needed to protect against a dynamic threat landscape.

2.      Achieve a Bigger Picture Through Integration

When investing in security technologies today, the greatest payoffs often come from connecting and consolidating information from multiple applications. Technologies are now available that make it easier to integrate systems such as data analytics, security intelligence, and GRC platforms.

3.      Maximize Value Through Formalized Technology Developments 

Leading security teams familiar with the pitfalls of technological change, budgetary shortcomings, and the failure of new product expectations advise having formal approaches to deployment in order to proactively manage the risks.

Executive Quotes:

Amit Yoran, Senior Vice President, RSA, The Security Division of EMC

"Increasing resilience is core to any organizations' cyber defense strategy.  Employing the right technologies that provide better visibility and analysis to actually anticipate attacks can and should reduce risk to the business.  This report provides the necessary guidance to help security teams determine how to make the right technology investments."

Simon Strickland, Global Head of Security, AstraZeneca

"The speed of change is quicker than it's ever been. You've got to inject flexibility and innovation into your strategy. Because 18 or even 12 months down the line, technology will have moved, your adversaries will have moved on, and you can pretty much guarantee there will be questions about why you're not keeping up with developments."

About the Security for Business Innovation Council

The Security for Business Innovation Council is a group of top security leaders from Global 1000 enterprises committed to advancing information security worldwide by sharing their diverse professional experiences and insights. The Council produces periodic reports exploring information security's central role in enabling business innovation.  This report is the third in a three-part series on building a next-generation information security program. The first report was titled Transforming Information Security: How to Build a State-of-the Art Extended Team and the second report was titled Transforming Information Security: Future-Proofing Processes.

Contributors to this report include 18 security leaders from some of the largest global enterprises:

ABN Amro
ADP, Inc.
AstraZeneca
Coca-Cola
eBay
EMC Corp.
FedEx Corp.
Fidelity Investments
HDFC Bank Ltd.
HSBC Holdings plc.
Intel
Johnson & Johnson
JPMorgan Chase
Nokia
SAP AG
TELUS
T-Mobile USA
Walmart

Additional Resources

• Download the latest Security for Business Innovation Report
• Download infographic that highlights the Council's three recommendations
• Watch SBIC video summarizing highlights of the report
• Read RSA Blog: Strategic Technologies to Help Transform Information Security
• Download the first report of the series Transforming Information Security: Designing a State-of-the Art Extended Team
• Download the second report of the series Transforming Information Security: Future-Proofing Processes
• Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and the RSA Speaking of Security Blog and Podcast

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk, and compliance- management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention, and Fraud Protection with industry-leading GRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.EMC.com/RSA.

RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other company and product names may be trademarks of their respective owners.

SOURCE EMC Corporation; RSA