Today's rapidly-changing world demands proactive security
In IT, more than almost any other field, an ounce of prevention is worth a pound of cure.
Proactive design can help ensure services create new business value—not new security breaches. And as organizations increasingly shift to next-generation architectures such as cloud computing, and extend core services beyond company walls, it's critical that security be integrated from the start—not added as an afterthought.
For security professionals, the annual RSA Conference (link resides outside of ibm.com) at the Moscone Center in San Francisco offers an incredible opportunity to learn how best to accomplish that goal. RSA 2011, to be held from February 14-18, will be a premier security conference by almost any definition.
The expected 17,000 attendees will get a chance to interact with peers and security gurus, learn about new solutions and best practices, experience technology demos, and even connect with industry leaders in one-on-one sessions.
Experience IBM Security leadership at RSA 2011
“Effective, proactive security has far more than just purely technological implementations—it's also a cornerstone of good business in other respects, such as customer relations, publicity, market share, and ultimately, the business bottom line.”
Naturally, as a leader in IT security, IBM will play a substantial role at the event—and the event will also serve to demonstrate IBM's leadership.
For instance, SC Magazine’s prestigious annual Awards will be announced at RSA 2011 on February 15, and IBM is a finalist in three different categories:
All three of these offerings reflect IBM's ongoing theme of securing a smarter planet via technology that's secure by design. When security is baked into IT from the start, the result is far more than just superior protection against threats—it's a better result for everyone in the complete business ecosystem, from end users to business leaders and governments and, conceivably, entire nations.
Does that sound like an exaggeration? It's not. In a world where even entire power grids are joining the IP infrastructure, security is no place for compromise. Organizations today therefore require the very best, most up-to-date solutions and thought leadership available.
Fortunately, IBM will be offering both at RSA 2011. In addition to exploring its best-in-class security portfolio, IBM will also be making announcements of compelling new solutions—all of which help organizations grow and innovate securely, staying ahead of threats while meeting higher service expectations on a rapidly-changing and increasingly interconnected planet.
A wide variety of compelling security sessions
And in the category of thought leadership, IBM will also be leading or participating in security sessions at RSA. These will hit topics directly relevant to organizations of all sizes and in all industries.
Web application security
An excellent example: "The Correlated Event," presented by Ryan Berg, Senior Architect for IBM Security Research. Web applications have acquired increasing momentum as a powerful, flexible way to render services to external clients and customers, but they also introduce new security complexities.
If you create a new door to the world, how do you control who goes through it—and what they do, if they manage to make it past initial safeguards and into your IT infrastructure?
Berg will discuss how Web application complexities have developed and changed over time, to the point where, today, they represent arguably the leading security threat. He'll also make suggestions concerning techniques, driven by both static and dynamic analysis, that can be applied to mitigate their security risks—even proactive techniques designed to address future Web application attack vectors not yet discovered or exploited.
Collaboration and security
Similar complexities will come into play in "Mission Security and Privacy: Striking the Balance to Enable Collaboration." In today's increasingly interconnected world, new collaboration possibilities emerge from the fact that information can be shared more easily, more quickly, and across more domains.
Healthcare providers, for instance, can transmit records securely from location to location and across organizations, and thus facilitate better patient care.
That said, questions remain. What kind of information can and should be shared in order to drive collaboration without threatening individual privacy, organizational or industry-level competition, or national security? Decisions in these areas require careful attention to detail.
Amrit Williams, Chief Technology Officer of BigFix (recently acquired by IBM), will be one of several speakers to help RSA attendees gain a better understanding.
If data is the lifeblood of the organization, how can it best be protected? One strategy lies in protecting databases—the primary repositories of data, and the primary source of breached data in 2009 according to studies.
A panel of database experts will be on hand to discuss database complexities ranging from real-time monitoring to attack analysis to regulation compliance to the creation and refinement of a specific database security strategy.
Also discussed: variations in security implementation across leading database vendors, and how those variations should be addressed by client organizations—as backed by real-world case studies.
Representing IBM will be Al Cooley, Director at InfoSphere Guardium, IBM, as well as Ron Ben Natan, Distinguished Engineer, Chief Technology Officer for Integrated Data Management at IBM.
User privacy, compliance, and security
Effective, proactive security has far more than just purely technological implementations—it's also a cornerstone of good business in other respects, such as customer relations, publicity, market share, and ultimately, the business bottom line.
If you're a social networking site, for instance, will you get a better outcome from implementing security as an afterthought, based on customer complaints—as some sites have done—or from seriously integrating it into your design and services from the earliest possible point? Harriet Pearson—Vice President, Security Counsel and Chief Privacy Officer for IBM, will be one of a panel discussing these and other issues.
This panel—"Privacy and Security: It's Good Business"—will turn a spotlight on the many ways organizations can and should address user security, privacy, data sensitivity, and other related topics in order to minimize the possibility of a breach...not to mention the expensive lawsuits and failure to comply with government regulations that could easily follow.
We are all citizens—and all of us are affected by government policy on the subject of security and privacy as a result.
In the case of Americans, for instance, the Obama administration has moved to increase operational transparency, and thus make citizens more informed and aware on the subject of how the government fulfills any given task. Yet as transparency is pursued, the importance of security becomes multiplied.
Ideally, transparency initiatives should support the goal of empowering citizen oversight, yet also avoid as much as possible unwanted and unforeseen complexities that could ultimately lead to a breach of data or even threaten national security. This is a difficult balance to achieve.
Three panelists, one of whom will be Daniel Chenok, Vice President at IBM, will be discussing this particularly timely topic in the panel titled "Security and Privacy for Open Government—Friends or Foes?"
User authentication and data privacy
Today, more and more, we fulfill everyday tasks online—communicating with family members and friends, exchanging business e-mail with co-workers and business partners, conducting online banking, and many others. And going forward, this trend is only likely to increase.
How, in such a scenario, can we better understand how our data is stored and processed, minimize the risks that it will be accessed by the wrong people or in the wrong ways, and thus ensure that we get the outcome we intended? Andreas Wespi, Security Manager for IBM, will discuss this subject of near-universal concern in "Privacy Protecting Authentication with Identity Mixer."
Specifically explored will be secure anonymous authentication and its implementation in private credential systems; advanced techniques to give users more power in demonstrating their ownership over accounts or data, should that become necessary; and the ways that attribute-based controls can play a key role.
Follow IBM's presence at RSA over the Web
For those interested in tracking IBM's ongoing participation at RSA 2011 online—including new solution announcements—IBM will be leveraging the full power of the Web for your convenience. Consider: