• Press Release

    October 11, 2010

    RSA Research Readies Global Enterprises for New Era of Compliance

    Sweeping Changes in Compliance Landscape Mark End of Business as Usual; Top Security Officers Share Strategies for an Age of Escalating Scrutiny

    BEDFORD, MA. - October 11, 2010 -

    Today, RSA, the Security Division of EMC (NYSE:EMC) released the latest research report from the Security for Business Innovation Council, a premier source of industry insight and advice from the world's top security officers. The research takes an in-depth look at the complex web of new information protection regulations, reporting requirements, and third-party responsibilities that are dramatically raising the stakes for organizations around the globe. Arming leaders to act on these shifts, the council outlines strategies for helping to align compliance programs to this new era.

    To view the multimedia version of this release, visit: http://www.rsa.com/go/press/RSATheSecurityDivisionofEMCNewsRelease_101110.html

    The report, "A New Era of Compliance: Raising the Bar for Organizations Worldwide," describes the huge impact this new wave of legislation and legal obligations is having on business, sparking renewed board-level attention and forcing up-leveled strategies. Council members spotlight the convergence of four significant new trends that are driving organizations to get much more serious about compliance: 1) Strengthened enforcement, 2) Global spread of data breach notification laws, 3) Increasingly prescriptive regulations, and 4) Growing business partner requirements.

    "Regulators are moving away from light-touch to more interventionist regulation," said Stewart Room, Partner, Privacy and Information Law Group, Field Fisher Waterhouse LLP, a data protection expert and guest contributor to the report. "That's clear in all senses of society and economy, so it’s not surprising regulation is tightening up in the data protection field. As I see it, the trajectory of the law here is one way only, which is towards more frequent regulatory intervention, more disputes, more arguments, and more litigation."

    Changing Landscape Forces Compliance Programs to Next Level

    "A New Era of Compliance: Raising the Bar for Organizations Worldwide" outlines a landscape in which highly-motivated legislators are escalating information protection mandates due to a steady stream of massive data breaches and the resulting public outrage. Enforcement of existing regulations is being tightened through expanded powers, higher penalties and harsh enforcement actions. Organizations operating in Europe are facing the upcoming overhaul to the EU Data Protection Directive, which is expected to include not only increased enforcement but also breach notification.

    "As more regulations are introduced, the rules are becoming increasingly prescriptive," said Art Coviello, executive vice president, EMC Corporation and president, RSA, The Security Division of EMC. "Regulators are making it clear that you're on the hook for ensuring the protection of your data at all times, even when it's being processed by a service provider. Going forward, it will be impossible to hide information security failings as legislators force transparency and data breach disclosure becomes a global principle."

    This new era of compliance ratchets up the challenges facing information security teams. The council report offers recommendations to help organizations align their programs to the heightened demands of the new compliance landscape. Specific guidance and "how to" strategies include:

    1.) Embrace Risk-Based Compliance: Build an effective enterprise program that provides everyone in the chain – from individual business process owners to the board of directors – with all of the multi-faceted information needed to make risk decisions.

    2.) Establish an Enterprise Controls Framework: Create a consistent set of controls across your enterprise that is mapped to regulatory requirements and business needs.

    3.) Set/Adjust Your Threshold for Controls: Determine the "right" level of security controls and gauge the prevailing industry standard to meet the legal requirement for "reasonable and appropriate" security measures.

    4.) Streamline and Automate Compliance Processes: Establish an Enterprise Governance, Risk and Compliance (eGRC) strategy that consolidates all of the information necessary from across the organization to manage risk and compliance and provide visibility into controls.

    5.) Fortify Third-Party Risk Management: Move away from "boilerplate" security agreements and toward comprehensive third-party strategies that focus on: diversification, due diligence, rigorous contractual requirements, consequence management and governance.

    6.) Unify the Compliance and Business Agendas: "Operationalize" compliance and develop the organizational structure required to fully embed compliance into the business and align it with the organization's highest-priority goals.

    7.) Educate and Influence Regulators and Standards Bodies: Educate legislators and constructively affect regulation to avoid overly prescriptive rules that will cripple business.

    About the Security for Business Innovation Council

    The Security for Business Innovation Council is a group of highly-successful Global 1000 security executives who are committed to sharing their own insights and experiences to help move information security forward at organizations worldwide.

    Council members include: Anish Bhimani, Chief Information Risk Officer, JP Morgan Chase; Bill Boni, Corporate Information Security Officer, Vice President Enterprise Information Security, T-Mobile USA; Roland Cloutier, Vice President, Chief Security Officer, Automatic Data Processing, Inc.; Dave Cullinane, Chief Information Security Officer and Vice President, eBay; Dr. Martijn Dekker, Senior Vice President, Chief Information Security Officer, ABN Amro; Professor Paul Dorey, Founder and Director, CSO Confidential and Former Chief Information Security Officer, BP; Renee Guttmann, Vice President, Information Security & Privacy Officer, Time Warner Inc.; David Kent, Vice President, Global Risk and Business Resources, Genzyme; Petri Kuivala, Chief Information Security Officer, Nokia; Dave Martin, Chief Security Officer, EMC Corporation; Felix Mohan, Senior Vice President, CISO & Chief Architect, Bharti Airtel Ltd; Dr. Claudia Natanson, Chief Information Security Officer, Diageo; Vishal Salvi, Chief Information Security Officer and Senior Vice President, HDFC Bank Limited; Craig Shumard, Chief Information Security Officer, Cigna Corporation; and Denise Wood, Chief Information Security Officer and Corporate Vice President, FedEx Corporation. This Council report also includes contributions from Stewart Room, Partner, Privacy and Information Law Group, Field Fisher Waterhouse LLP.

    The report released today is the seventh in the series, and RSA expects to publish more original Council reports over the coming months. Those interested in learning more about the Security for Business Innovation Council reports can visit the RSA Thought Leadership website at http://www.RSA.com/securityforinnovation/ to view and download all of the studies.

    About Dell

    Dell EMC, a part of Dell Technologies, enables organizations to modernize, automate and transform their data center using industry-leading converged infrastructure, servers, storage and data protection technologies. This provides a trusted foundation for businesses to transform IT, through the creation of a hybrid cloud, and transform their business through the creation of cloud-native applications and big data solutions. Dell EMC services customers across 180 countries – including 98 percent of the Fortune 500 – with the industry’s most comprehensive and innovative portfolio from edge to core to cloud.

    Copyright © 2017 Dell Inc. or its subsidiaries. All Rights Reserved. Dell, EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.

  • Press Release

    October 13, 2010

    RSA Research readies Global Enterprises for New Era of Compliance

    RSA, the security division of EMC, has released the latest research report from the Security for Business Innovation Council, a premier source of industry insight and advice from the world’s top security officers.

    Johannesburg - October 13, 2010 -

    RSA, the security division of EMC, has released the latest research report from the Security for Business Innovation Council, a premier source of industry insight and advice from the world’s top security officers. The research takes an in-depth look at the complex web of new information protection regulations, reporting requirements, and third-party responsibilities that are dramatically raising the stakes for organisations around the globe. Arming leaders to act on these shifts, the council outlines strategies for helping to align compliance programs to this new era.

    The report, ‘A New Era of Compliance: Raising the Bar for Organizations Worldwide’, describes the huge impact this new wave of legislation and legal obligations is having on business, sparking renewed board-level attention and forcing up-leveled strategies. Council members spotlight the convergence of four significant new trends that are driving organisations to get much more serious about compliance, including strengthened enforcement, the global spread of data breach notification laws, increasingly prescriptive regulations, and growing business partner requirements.

    “Regulators are moving away from light-touch to more interventionist regulation,” said Stewart Room, Partner, Privacy and Information Law Group, Field Fisher Waterhouse LLP, a data protection expert and guest contributor to the report. “That’s clear in all senses of society and economy, so it’s not surprising regulation is tightening up in the data protection field. As I see it, the trajectory of the law here is one way only, which is towards more frequent regulatory intervention, more disputes, more arguments, and more litigation.”

    ‘A New Era of Compliance: Raising the Bar for Organisations Worldwide’ outlines a landscape in which highly-motivated legislators are escalating information protection mandates due to a steady stream of massive data breaches and the resulting public outrage. Enforcement of existing regulations is being tightened through expanded powers, higher penalties and harsh enforcement actions. Organisations operating in Europe are facing the upcoming overhaul to the EU Data Protection Directive, which is expected to include not only increased enforcement but also breach notification.

    “As more regulations are introduced, the rules are becoming increasingly prescriptive,” said David Funnel, sales manager at RSA in South Africa. “Regulators are making it clear that you’re on the hook for ensuring the protection of your data at all times, even when it’s being processed by a service provider. Going forward, it will be impossible to hide information security failings as legislators force transparency and data breach disclosure becomes a global principle.”

    This new era of compliance ratchets up the challenges facing information security teams. The council report offers recommendations to help organisations align their programs to the heightened demands of the new compliance landscape. Specific guidance and “how to” strategies include:

    1.) Embrace Risk-Based Compliance: Build an effective enterprise program that provides everyone in the chain – from individual business process owners to the board of directors – with all of the multi-faceted information needed to make risk decisions.

    2.) Establish an Enterprise Controls Framework: Create a consistent set of controls across your enterprise that is mapped to regulatory requirements and business needs.

    3.) Set/Adjust Your Threshold for Controls: Determine the “right” level of security controls and gauge the prevailing industry standard to meet the legal requirement for “reasonable and appropriate” security measures.

    4.) Streamline and Automate Compliance Processes: Establish an Enterprise Governance, Risk and Compliance (eGRC) strategy that consolidates all of the information necessary from across the organisation to manage risk and compliance and provide visibility into controls.

    5.) Fortify Third-Party Risk Management: Move away from “boilerplate” security agreements and toward comprehensive third-party strategies that focus on: diversification, due diligence, rigorous contractual requirements, consequence management and governance.

    6.) Unify the Compliance and Business Agendas: Operationalise compliance and develop the organisational structure required to fully embed compliance into the business and align it with the organisation’s highest-priority goals.

    7.) Educate and Influence Regulators and Standards Bodies: Educate legislators and constructively affect regulation to avoid overly prescriptive rules that will cripple business.

    The Security for Business Innovation Council is a group of highly-successful Global 1000 security executives who are committed to sharing their own insights and experiences to help move information security forward at organisations worldwide.

    Council members include: Anish Bhimani, Chief Information Risk Officer, JP Morgan Chase; Bill Boni, Corporate Information Security Officer, Vice President Enterprise Information Security, T-Mobile USA; Roland Cloutier, Vice President, Chief Security Officer, Automatic Data Processing, Inc.; Dave Cullinane, Chief Information Security Officer and Vice President, eBay; Dr. Martijn Dekker, Senior Vice President, Chief Information Security Officer, ABN Amro; Professor Paul Dorey, Founder and Director, CSO Confidential and Former Chief Information Security Officer, BP; Renee Guttmann, Vice President, Information Security & Privacy Officer, Time Warner Inc.; David Kent, Vice President, Global Risk and Business Resources, Genzyme; Petri Kuivala, Chief Information Security Officer, Nokia; Dave Martin, Chief Security Officer, EMC Corporation; Felix Mohan, Senior Vice President, CISO & Chief Architect, Bharti Airtel Ltd; Dr. Claudia Natanson, Chief Information Security Officer, Diageo; Vishal Salvi, Chief Information Security Officer and Senior Vice President, HDFC Bank Limited; Craig Shumard, Chief Information Security Officer, Cigna Corporation; and Denise Wood, Chief Information Security Officer and Corporate Vice President, FedEx Corporation. This Council report also includes contributions from Stewart Room, Partner, Privacy and Information Law Group, Field Fisher Waterhouse LLP.

    The report released today is the seventh in the series, and RSA expects to publish more original Council reports over the coming months.

    About Dell

    Dell EMC, a part of Dell Technologies, enables organizations to modernize, automate and transform their data center using industry-leading converged infrastructure, servers, storage and data protection technologies. This provides a trusted foundation for businesses to transform IT, through the creation of a hybrid cloud, and transform their business through the creation of cloud-native applications and big data solutions. Dell EMC services customers across 180 countries – including 98 percent of the Fortune 500 – with the industry’s most comprehensive and innovative portfolio from edge to core to cloud.

    Copyright © 2017 Dell Inc. or its subsidiaries. All Rights Reserved. Dell, EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.