The older I get, the more I seem to turn into my father. Kids have it easy these days: teenagers and kids alike all have cell phones and text messaging. So when there’s a party, they just send a mass text (or better yet, a post on their Facebook wall) and a good time is had by all.
In my day, you had to be in the right place at the right time. We would ride our bikes around the neighborhood to see what everyone was up to. If we were lucky we would happen upon an impromptu party (or start one). My kids are tired of the tales I tell of how I had to walk to school uphill in the snow carrying my books and baritone saxophone. I’ve found that I have similar stories where it concerns information security and technology.
RSA’s unified eGRC strategy is one of those instances where I think back to when I developed my first information security program. I conducted interviews with business leaders and kept notes on an actual notepad. Some of those notes would make it to an excel spreadsheet and would then lead to the development of policies and procedures created in word documents. These documents would get approved and updated by other people in the organization in one shape or form.
As these documents changed, I tried to keep them in a central location where anyone could find them, but this didn’t always happen. I managed the documents for my group, but other groups such as Human Resources, Finance, etc. had policy and procedure documents that needed to be tracked and updated as well. These documents got scattered throughout the file system along with numerous revisions and made it nearly impossible to discern which files and information was current.
Last year RSA purchased Archer with it’s main purpose to bring order to this process, making it truly centralized and easily manageable for an entire organization. Archer eliminates the need to email a copy of a procedure document to multiple people and get multiple versions back to be reconciled. Archer provides the ability to manage vendor contacts, incidents, and business continuity, all from a single interface.
During the 2011 RSA Conference, many strategic partnerships were announced to strengthen this eGRC platform. (http://www.rsa.com/press_release.aspx?id=11324)
- RSA enVision: organizations can centrally collect, correlate and maintain log records in real time from every system that generates logs. This helps to “automate the identification, prioritization and resolution of enterprise security incidents”.
- RSA DLP: organizations can identify and classify their sensitive information and ensure that it doesn’t get into the wrong hands.
- McAfee: organizations can proactively identify, track and mitigate critical infrastructure vulnerabilities and security events.
Things just aren’t the same as they used to be. As times go on, security and IT management gets harder. Fortunately, tools are changing with the times to make the work we have to do easier and much more manageable.
Photo Credit: frumbert