Quantcast

RSA Unveils New Packages to Help Mid-Sized Organizations Protect Personally Identifiable Information (PII)

May 21, 2009

Cost-Effective Combination of DLP, SIEM and Strong Authentication Maximize Operational Efficiencies while Helping to Address Key U.S. Data Breach Notification Law Requirements

BEDFORD, Mass., May 21 /PRNewswire/ — RSA, The Security Division of EMC (NYSE: EMC), today announced a comprehensive set of solutions to help organizations address the most challenging aspects of complying with the U.S. Data Breach Notification Laws for protecting personally identifiable information (PII) and mitigating the risk of security breaches. Specifically, RSA is announcing three distinct packages of information security products — including two-factor authentication, security information and event management (SIEM) and data loss prevention (DLP) — designed to meet the needs of mid-sized companies.

Organizations entrusted with PII from customers and employees are required to take appropriate actions to secure and protect this information. In addition, laws across the United States levy varying penalties — including public notification requirements — for organizations suffering a PII compromise. RSA’s PII package is engineered to deliver technologies that support these efforts by enabling customers to:

  • Identify PII across their environment, and understand where and how this data is being accessed and stored, and how and by whom it is being used
  • Implement appropriate security controls based on policy and risk
  • Monitor the environment and proactively identify potential security events in real-time

“Clearly, data breaches carry heavy costs for organizations, not to mention public embarrassment and lost goodwill,” said Jon Oltsik, Principle Analyst of Enterprise Strategy Group. “By implementing a set of repeatable, scalable controls organizations can help reduce that risk.”

RSA’s Packaged Solutions for Securing PII

RSA developed three packages that offer cost-effective, actionable, enterprise-level solutions to mid-sized organizations concerned with preventing PII data breaches, and avoiding the costs associated with breach notifications. These packages were developed to meet different customers’ specific needs, depending upon where they are in the process of protecting PII as required by various data breach notification laws across the U.S.

A core requirement for preventing a data breach is ensuring only authorized individuals may access systems containing PII. To this end, all three RSA packages include strong two-factor authentication with RSA SecurID(R) one-time password solutions. With RSA SecurID authentication, organizations can thereby help ensure that both proprietary business data, as well as private customer data, are only available to authorized users.

In addition, businesses striving to protect PII and meet notification requirements must be able to quickly identify a potential breach, and maintain logs that will help to evaluate how an incident may have occurred. To support these requirements, the three packages also include the RSA enVision(R) platform that offers collection, alerting and analysis of log data in the context of threats, vulnerabilities, IT assets, and other data to enable organizations to quickly respond to high-risk security incidents and compliance issues.

Finally, in order to effectively protect PII and attempt to comply with state-level breach notification laws, organizations must understand where sensitive data resides, and how data moves across the environment. In an effort to achieve this, RSA offers the RSA(R) Data Loss Prevention solution in three distinct modules. The RSA DLP Suite offers a vast set of pre-defined policies according to certain U.S. Data Breach Notification Laws as well as other regulations (e.g. PCI DSS, HIPPA, NERC, and CPNI).

  • For organizations seeking to initially understand how PII may be compromised when transmitted across their network boundaries, one package offers RSA Data Loss Prevention Network. This package is ideal for businesses that have yet to fully understand the movement of PII in their environments.
  • For organizations lacking a clear view of where sensitive data resides, the second package offers RSA DLP Datacenter & Endpoint Discovery. With these technologies, businesses get visibility into where PII resides, helping them to evaluate whether appropriate controls are in place to prevent a breach.
  • For organizations striving to address both the discovery of PII and an understanding of how such data move across the network, the third package offers RSA Data Loss Prevention Network and RSA Data Loss Prevention Endpoint & Datacenter Discovery.

RSA PII Services

The RSA DLP RiskAdvisor service may be the first step for organizations to address the U.S. Data Breach Notification challenges. RSA DLP RiskAdvisor is designed to discover PII and provide a high-level mapping of business functions to sensitive information, helping organizations to understand where PII exists across the enterprise so that it can be consistently managed and protected across the information lifecycle. RSA Professional Services leverages the RSA Data Loss Prevention Suite for discovery of PII and provides a view into potential exposure.

Beyond the RSA Packages for Protecting PII

In addition to technologies found within the new packages — two-factor authentication, security information and event management and data loss prevention — RSA’s technology solutions for helping to secure PII include adaptive authentication, web access management, encryption and encryption key management. These technologies provide key controls necessary to secure PII — at rest, in motion and in use, thereby mitigating the risk of data breaches, and helping to enable organizations to meet U.S. Data Breach Notification Laws and other regulation requirements in the most consistent, scalable manner possible. Moreover, EMC’s Physical Security Solutions are engineered to enable organizations to manage, archive, protect, authenticate, and scale security systems and video surveillance information in order to control the physical access to records and to storage areas of records containing PII.

About RSA

RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world’s leading organizations succeed by solving their most complex and sensitive security challenges. RSA’s information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle — no matter where it moves, who accesses it or how it is used.

RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

RSA, SecurID and enVision are either registered trademarks and/or trademarks of RSA Security Inc. in the U.S. and/or other countries. EMC is a registered trademark of EMC Corporation. All other products and/or services mentioned are trademarks of their respective companies.

This release contains “forward-looking statements” as defined under the Federal Securities Laws. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) adverse changes in general economic or market conditions; (ii) delays or reductions in information technology spending; (iii) our ability to protect our proprietary technology; (iv) risks associated with managing the growth of our business, including risks associated with acquisitions and investments and the challenges and costs of integration, restructuring and achieving anticipated synergies; (v) competitive factors, including but not limited to pricing pressures and new product introductions; (vi) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (viii) component and product quality and availability; (viii) the transition to new products, the uncertainty of customer acceptance of new product offerings and rapid technological and market change; (ix) insufficient, excess or obsolete inventory; (x) war or acts of terrorism; (xi) the ability to attract and retain highly qualified employees; (xii) fluctuating currency exchange rates; (xiv) litigation that we may be involved in; and (xiii) other one-time events and other important factors disclosed previously and from time to time in the filings of EMC Corporation, the parent company of RSA, with the U.S. Securities and Exchange Commission. EMC and RSA disclaim any obligation to update any such forward-looking statements after the date of this release.

SOURCE EMC Corporation


Source: newswire



comments powered by Disqus