RSA Research Readies Global Enterprises for New Era of Compliance
By Emc Corporation, PRNESunday, October 10, 2010
Sweeping Changes in Compliance Landscape Mark End of Business as Usual; Top Security Officers Share Strategies for an Age of Escalating Scrutiny
BEDFORD, Massachusetts, October 11, 2010 - Today, RSA, the Security Division of EMC (NYSE: EMC) released the latest
research report from the Security for Business Innovation Council, a premier
source of industry insight and advice from the world's top security officers.
The research takes an in-depth look at the complex web of new information
protection regulations, reporting requirements, and third-party
responsibilities that are dramatically raising the stakes for organizations
around the globe. Arming leaders to act on these shifts, the council outlines
strategies for helping to align compliance programs to this new era.
To view the multimedia version of this release, visit:
www.rsa.com/go/press/RSATheSecurityDivisionofEMCNewsRelease_101110.html
The report, "A New Era of Compliance: Raising the Bar for Organizations
Worldwide (www.rsa.com/innovation/docs/CISO_RPT_1010.pdf)," describes
the huge impact this new wave of legislation and legal obligations is having
on business, sparking renewed board-level attention and forcing up-leveled
strategies. Council members spotlight the convergence of four significant new
trends that are driving organizations to get much more serious about
compliance: 1) Strengthened enforcement, 2) Global spread of data breach
notification laws, 3) Increasingly prescriptive regulations, and 4) Growing
business partner requirements.
"Regulators are moving away from light-touch to more interventionist
regulation," said Stewart Room, Partner, Privacy and Information Law Group,
Field Fisher Waterhouse LLP, a data protection expert and guest contributor
to the report. "That's clear in all senses of society and economy, so it's
not surprising regulation is tightening up in the data protection field. As I
see it, the trajectory of the law here is one way only, which is towards more
frequent regulatory intervention, more disputes, more arguments, and more
litigation."
Changing Landscape Forces Compliance Programs to Next Level
"A New Era of Compliance: Raising the Bar for Organizations Worldwide"
outlines a landscape in which highly-motivated legislators are escalating
information protection mandates due to a steady stream of massive data
breaches and the resulting public outrage. Enforcement of existing
regulations is being tightened through expanded powers, higher penalties and
harsh enforcement actions. Organizations operating in Europe are facing the
upcoming overhaul to the EU Data Protection Directive, which is expected to
include not only increased enforcement but also breach notification.
"As more regulations are introduced, the rules are becoming increasingly
prescriptive," said Art Coviello, executive vice president, EMC Corporation
and president, RSA, The Security Division of EMC. "Regulators are making it
clear that you're on the hook for ensuring the protection of your data at all
times, even when it's being processed by a service provider. Going forward,
it will be impossible to hide information security failings as legislators
force transparency and data breach disclosure becomes a global principle."
This new era of compliance ratchets up the challenges facing information
security teams. The council report offers recommendations to help
organizations align their programs to the heightened demands of the new
compliance landscape. Specific guidance and "how to" strategies include:
1.) Embrace Risk-Based Compliance: Build an effective enterprise program
that provides everyone in the chain - from individual business process owners
to the board of directors - with all of the multi-faceted information needed
to make risk decisions.
2.) Establish an Enterprise Controls Framework: Create a consistent set
of controls across your enterprise that is mapped to regulatory requirements
and business needs.
3.) Set/Adjust Your Threshold for Controls: Determine the "right" level
of security controls and gauge the prevailing industry standard to meet the
legal requirement for "reasonable and appropriate" security measures.
4.) Streamline and Automate Compliance Processes: Establish an Enterprise
Governance, Risk and Compliance (eGRC) strategy that consolidates all of the
information necessary from across the organization to manage risk and
compliance and provide visibility into controls.
5.) Fortify Third-Party Risk Management: Move away from "boilerplate"
security agreements and toward comprehensive third-party strategies that
focus on: diversification, due diligence, rigorous contractual requirements,
consequence management and governance.
6.) Unify the Compliance and Business Agendas: "Operationalize"
compliance and develop the organizational structure required to fully embed
compliance into the business and align it with the organization's
highest-priority goals.
7.) Educate and Influence Regulators and Standards Bodies: Educate
legislators and constructively affect regulation to avoid overly prescriptive
rules that will cripple business.
About the Security for Business Innovation Council
The Security for Business Innovation Council is a group of
highly-successful Global 1000 security executives who are committed to
sharing their own insights and experiences to help move information security
forward at organizations worldwide.
Council members include: Anish Bhimani, Chief Information Risk Officer,
JP Morgan Chase; Bill Boni, Corporate Information Security Officer, Vice
President Enterprise Information Security, T-Mobile USA; Roland Cloutier,
Vice President, Chief Security Officer, Automatic Data Processing, Inc.; Dave
Cullinane, Chief Information Security Officer and Vice President, eBay; Dr.
Martijn Dekker, Senior Vice President, Chief Information Security Officer,
ABN Amro; Professor Paul Dorey, Founder and Director, CSO Confidential and
Former Chief Information Security Officer, BP; Renee Guttmann, Vice
President, Information Security & Privacy Officer, Time Warner Inc.; David
Kent, Vice President, Global Risk and Business Resources, Genzyme; Petri
Kuivala, Chief Information Security Officer, Nokia; Dave Martin, Chief
Security Officer, EMC Corporation; Felix Mohan, Senior Vice President, CISO &
Chief Architect, Bharti Airtel Ltd; Dr. Claudia Natanson, Chief Information
Security Officer, Diageo; Vishal Salvi, Chief Information Security Officer
and Senior Vice President, HDFC Bank Limited; Craig Shumard, Chief
Information Security Officer, Cigna Corporation; and Denise Wood, Chief
Information Security Officer and Corporate Vice President, FedEx Corporation.
This Council report also includes contributions from Stewart Room, Partner,
Privacy and Information Law Group, Field Fisher Waterhouse LLP.
The report released today is the seventh in the series, and RSA expects
to publish more original Council reports over the coming months. Those
interested in learning more about the Security for Business Innovation
Council reports can visit the RSA Thought Leadership website at
www.RSA.com/securityforinnovation/ to view and download all of the
studies.
About RSA
RSA, The Security Division of EMC, is the premier provider of security,
risk and compliance management solutions for business acceleration. RSA helps
the world's leading organizations succeed by solving their most complex and
sensitive security challenges. These challenges include managing
organizational risk, safeguarding mobile access and collaboration, proving
compliance, and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption &
key management, SIEM, Data Loss Prevention and Fraud Protection with industry
leading eGRC capabilities and robust consulting services, RSA brings
visibility and trust to millions of user identities, the transactions that
they perform and the data that is generated. For more information, please
visit www.RSA.com and www.EMC.com.
About EMC
EMC Corporation (NYSE: EMC) is the world's leading developer and provider
of information infrastructure technology and solutions that enable
organizations of all sizes to transform the way they compete and create value
from their information. Information about EMC's products and services can be
found at www.EMC.com.
RSA and EMC are either registered trademarks or trademarks of EMC
Corporation in the United States and/or other countries. All other company
and product names may be trademarks of their respective owners.
Alison Parker, Outcast Communications, +1-212-905-6048, alison at outcastpr.com, or Lona Therrien, RSA, The Security Division of EMC, +1-781-515-5449, lona.therrien at rsa.com
Tags: Bedford, Emc Corporation, Massachusetts, October 11, Western Europe