Recently there has been a series of news items as enterprises announce they have been breached and their sensitive customer and financial records compromised. According to Verizon 2011 Breach report 92% of the attacks were external and 76% of all data breached came from servers. The PCI Security Standards Council is an open global forum formed in 2006 that is responsible for the PCI Data Security Standard (PCI DSS), a standard that is designed to protect cardholder data.
I sat down with Lindsay Parker, Cisco global retail industry director about Cisco’s current investments and efforts to help retailers and merchants secure customer credit card data and maintain compliance with PCI DSS.
Yes, the question is “Are you really secure?” Now that I’ve asked a loaded question, let me get to the point.
The term “secure” sure has a lot of different meanings depending on the context in which it is used. If we take it from a corporate security perspective, your options are somewhat limited to physical security, as in video surveillance or physical access, or logical security, as in your laptop or data access. But, when you ask a security professional if they are secure, they will most certainly take that in the context of what they can control, and will most likely answer “yes”.
Well, what about the things you cannot control? You can control which products you buy to provide security, you control how they are installed and configured, and you control the processes and procedures that identify how they are managed and updated. But, can you control how they are manufactured?
Annalisa Giardina of the Cisco Marketing Team working the booth at RSA 2011
RSA 2011 was a big show for Cisco. We had a 30x30 booth with an in-booth theater, eight demo pods, speakers on several panels, and a keynote. Including speakers, the install and dismantle crew, and all of the booth staffers, we had a crew of around 100 people at the show. Demos included firewalls, virtualization, mobility, web, and security services. With the passing of Cisco Security Monitoring, Analysis, and Response System (MARS), a partner’s SIEM ecosystem display was of note, as were demonstrations of Cisco TrustSec, intrusion prevention, and Cisco Virtualization Experience Infrastructure (VXI). We also demonstrated Cisco AnyConnect running on an iPad, illustrating how Cisco can meet the needs of organizations grappling with the demands of the consumerization of IT and the security concerns that employee liable devices bring.
The past year has been an interesting one in IT in general, and security in particular. We have seen the continued growth of Internet traffic, the ongoing rise of the could, the consumerization of IT and the growth of social networks, all making the challenge of delivering secure, reliable, seamless connectivity to increasingly distributed users on a proliferating forest of increasingly diverse devices. With new challenges like government-backed cyberwar efforts such as Stuxnet, hacktivism and not so anonymous DDoS attacks, a big mobility push and an emphasis on telework, IT and security groups have their hands full.
Come join us at RSA 2011 in Moscone Center in San Francisco. The show is running February 14-18 and we are excited to be showing some of our latest and greatest security solutions and technologies at Booth 1717.
One of the reasons I like the security industry is that it’s always changing—and right now, it’s changing faster than ever. The next five years are going to be a period of significant change, driven by three major trends: the consumerization of the end point, the adoption of cloud computing, and the increasing use of high-definition video conferencing systems like Cisco TelePresence.