|
 Securing the organization at every technological level—spanning data, user identities, applications, and network operations—is a core goal for enterprise-class IT. Meeting that goal requires more than last-millennium point solutions; to achieve real-time insight into the holistic state of IT security defenses, IT will require smart, integrated adaptive solutions to ensure that data, applications, and the overall IT infrastructure are used by the right people, at the right time, in the right way.
Many new threats, however, combine to make such holistic security harder to achieve than ever before. In the pursuit of an overall security strategy designed to facilitate business initiatives while simultaneously mitigating business risks, IT must proactively acknowledge and address such threats.
Increasingly, for instance, hacker activity can be characterized as malicious rather than curious. While yesterday's hacker may only have been interested in obtaining unauthorized access as a proof of concept, today's hacker may be part of a criminal organization motivated by personal profit. Similarly, malware such as viruses have achieved new sophistication, in some cases modifying themselves to evade detection and eradication. Nor do threats originate only outside the organization; some studies suggest that the majority of security threats, in fact, stem from internal abuse by trusted employees with extra access privileges.
Security complexities also arise as natural consequences of new business initiatives. Consider a case in which an organization wishes to extend key IT services outside company walls to business partners or clients by way of the public Internet. Such a strategy can introduce new complications for IT security as well, as pools of user identities must be managed and integrated without creating new attack vectors.
IBM Will Play a Major Role at RSA 2008
Security professionals interested in bringing themselves up to speed on the latest developments in these and many other related areas will find the annual RSA Conference a key opportunity to learn. At the Moscone Center in San Francisco from April 7-11 of this year, attendees can expect to hear from industry leaders in the security field, interact with peers and technology gurus, and engage with specialists who can help them arrive at a comprehensive understanding of both the business and the technological perspectives involved in achieving end-to-end, holistic information security.
As a diamond sponsor of the event, IBM will be playing a key role in the conference. One of the keynotes, for instance, is to be delivered at Keynote Hall on April 9 at 4:15 pm by Val Rahmani, General Manager of IBM Internet Security Systems, on Protecting the Infinite Perimeter. This talk will focus on fundamental changes required from enterprise IT as it moves to address business risks more comprehensively than ever, reducing and (if possible) eliminating the many threats that will inevitably manifest as organizations increase their security perimeter by extending business services to the outside world.
Demonstrations of different IBM solutions and strategies will be available at booth #1125. Here, attendees can expect to hear from IBM security experts on topics such as drive-level encryption; key management across the full lifecycle of organizational data; compliance initiatives; and security in different contexts such as the mainframe, service oriented architecture (SOA), and overall IT infrastructure. IBM will additionally be hosting an Ask the Experts Q&A session in which security gurus, including the IBM Internet Security Systems X-Force, will tackle suggested topics of the audience’s interest.
Furthermore, nine different track sessions will address how IBM can help organizations design and implement holistic security strategies even in the face of new challenges.
Many Different Tracks to Address Today's Security Complexities
One excellent example of modern security complexities, for instance, concerns the question of segregated vs. federated identity management. Best business results will generally come from an integrated, holistic approach through which user identities are federated across domains. Ray Neucom of IBM Tivoli Security and Sridhar Muppidi, IBM Sr. Security Architect, will discuss the many benefits of a federated identity architecture and the IBM solutions most pertinent to achieving it.
Of course, in the pursuit of holistic security, technological solutions must be paired with big-picture business goals, strategies, and processes to achieve optimal business results. Exploring this topic in the specific case of federated identity solutions will be Ron Williams, Product Architect of Access and Federated Identity Management at IBM, who will tackle how commercial and user-centric spheres must both be taken into account in order to achieve a successful deployment.
Security as a Service comprises a third IBM track session. Here, Bob Kalka of Global Security Enablement Manager, Tivoli Software, will explore IBM's value proposition as a single-source security provider for organizations interested in developing an identity-aware enterprise service bus (ESB), in order to link service domains via a unified bus while also providing integrated identity management and authorization to every linked service. Mr. Kalka's presentation will be supplemented with information drawn from a case study, KeyBank, and remarks from KeyBank’s VP of Web Security Infrastructure, Christopher Robinson, to demonstrate how IBM solutions and services combined to deliver just such an end-to-end solution.
Of course, security solutions are only as effective as their deployment and utilization. While cryptographic standards and technologies are more sophisticated than ever, comprehensive protection against attacks has yet to be realized, and part of this situation stems from usability shortcomings. In this panel, Mary Ellen Zurko of IBM Lotus Security Strategy will discuss how the end-user failure to understand and take advantage of security technologies can lead to substantial negative consequences for organizations today.
In the process of securing core business data, a critical role is played by cryptographic keys. Yet disparate key management strategies across disparate storage domains sometimes result in inconsistent, even inadequate data security. Exploring how key management is now being implemented in a centralized, secure manner for many different forms of storage will be Gordon Arnold, Senior Technical Staff Member at IBM.
Joshua Corman, Principal Security Strategist of IBM Internet Security Systems, will tackle the security complexities implicit in the use of virtualization as a key business and IT enabler. Through virtualizing servers, organizations can reduce IT costs—obtaining more business value than ever from deployed hardware—while also facilitating energy management initiatives. At the same time, though, because multiple virtual servers are hosted on one computer, virtualization can introduce new attack vectors—and with them, significant business risks. Mr. Corman will lead a peer-to-peer discussion of the best practices, implementation designs, and configuration strategies by which these risks can be minimized.
IBM will also be participating in a track session titled Evolving Strategies for Enterprise Data Protection, a multi-vendor panel led by Doug Dineley of InfoWorld. In this panel, the optimized combination of different data-security solutions will be discussed; Gerrit Nel, Data Security Solutions Manager, will be representing IBM's contribution to the overall story. Additional panel sessions will include CTO Panel: Beyond Tomorrow, in which a group of Chief Technical Officers will discuss security challenges for the enterprise both now and in the future, and The Future of SIEM, to be moderated by IBM Director of Global Service Provider Solutions Scott Sobers, on security incident and event management and its possible future intersection with network management.
Get Up Close and Personal with IBM
Finally, for those attendees interested in a more personal exploration of how IBM can help to drive business value in IT through securing data end to end, one opportunity sure to be of interest will be the IBM Client Day Executive Forum and Dinner Reception.
This event within the larger event, taking place on April 9, will give attendees a chance to talk directly with IBM executives, including Kristin Lovejoy, Director of IBM Corporate Security Strategy, about how IBM can help organizations today secure their data, mitigate business risks, and facilitate key business initiatives—even in a time of effectively infinite security perimeters. Information on real-world cases in which IBM has done exactly that will be available to attendees via a panel discussion involving IBM business partners and clients such as KeyBank, FAAP, Ottawa Hospital, and Time Warner Cable. A special dinner reception at local restaurant First Crush will follow.
|
