Some equate the annual RSA Conference to the Lollapalooza of information security events. I don’t always agree with this premise. However, this year’s conference was exceptional. Perhaps it’s San Francisco or maybe the times we live in. This 2014 RSA Conference did not disappoint. It delivered a full week of pomp, regalia and controversy. It featured $100,000 booths, lively protests, an Edward Snowden inspired counter-conference, and even an unauthorized broadcast of Stephen Colbert’s keynote address moments after he finished speaking. (Note to self… invest in the fog.) The 2014 RSA security conference had it all.
The RSA conference has evolved from a forum for cryptographers and IT security professionals to become indubitably the largest educational event of its type. It’s what I like best about the conference. With last’s year’s Target and retail security breaches, Snowden’s exposure of the NSA’s mass surveillance practices, and the escalation of random cyber attacks, this year’s RSA Conference included an abundance of lively thought provoking discussions and interaction.
2014 RSA Avatier Gathering
I noticed that the tone for 2014 RSA appeared to have changed from more recent conferences. Conversations have elevated from learning about potential vulnerabilities to discussions on how to be secure. Apparently for corporations, security awareness is evolving into security action. Enterprises realize they must do more than prevent attacks, because they are being attacked.
Of course, this year, as in year’s past, there were parties, dinners, and networking events Avatier and our partner LANDESK hosted an exquisite gathering at the Ame Restaurant in the St. Regis Hotel. Avatier CEO, Nelson Cicchitto, and our Executive Team enjoyed a deliciously organic dining experience with representatives from Advent Software, Carroll College, Checkpoint Software, Chevron, SunNgard, and Twitter. During the evening, we shared a presentation on LANDESK® Password Central. For those of you who are new to our blog, LANDESK now offers Avatier’s self-service password reset and password management solution under their own brand as their own solution.
Throughout the evening, the question kept surfacing, “what can I do immediately to make my organization more secure?”
2014 RSA Resolutions
Traditionally, IT has followed the approach that better security requires increased funding and expensive projects. However, this is not necessarily the case. When better security results from the automation of IT operations, you most likely will also lower costs from improved operations. For this reason, the three big easy wins represent cost savings, reduced administrative overhead and security process improvements.
The three big easy wins are:
- Self-service password reset and password management
- Intelligent single sign-on (SSO) for enterprise and cloud applications
- Two Factor authentication without proprietary equipment
Three Big Easy Security Wins
Self-service password reset and password management: Allow users to securely reset their forgotten passwords, unlock their accounts, and reset a RSA SecurID PIN in a matter of seconds without making help desk password reset requests. Self-service password reset eliminates the #1 help desk request to lower costs while automating and enforcing your enterprise password policy.
Intelligent single sign-on (SSO) for enterprise and cloud applications: automatically manage software licenses and cloud subscriptions through single sign-on (SSO). Use unmanned administration to manage licenses to enterprise software and cloud services. So as people change roles or leave an organization altogether, you can apply fiscal control. Stop paying for software and subscriptions you don’t use.
Two Factor authentication without proprietary equipment: Even hardware-based security tokens have security flaws and they are a pain to deploy and manage. End users have reluctantly adopted this method of authentication and it’s time to move on. The mobile device is now the new “something you always have with you”. For this reason, you can use SMS and a user’s mobile device for two factor authentication without adding equipment and administration costs.
Enterprise password management represents a foundational part of an organization’s information security strategy. Self-service, intelligent single sign-on, and SMS two factor authentication are three ways every organization can better secure their systems without adding costs. These three RSA resolutions are completely doable in 2014. It’s time.
Learn the Top 10 Password Management Best Practices for successful implementations from industry experts. Use this guide to sidestep the challenges that typically derail enterprise password management projects.