Information-centric solution designed to empower financial services institutions to mitigate information risk arising from critical business initiatives
RSA, The Security Division of EMC (NYSE: EMC), today unveiled its solution for Information Risk Management for financial services organizations worldwide.
Information Risk Management is defined as a strong process that follows the information within a financial institution — revealing where the risks lie to present a holistic view of risk related to information across the enterprise. By implementing an Information Risk Management solution using RSA and EMC technologies, new services, best practices and strategic partner ecosystem, financial institutions can more aggressively address business challenges and explore new markets, partnerships, business models and innovations with greater confidence.
Information Risk Management
Information carries both value and risk, and can be exposed to threats throughout its lifecycle. Information Risk Management is engineered to provide effective means of recognizing, assessing and mitigating the risks that information is exposed to throughout its lifecycle - no matter where it moves, who accesses it or how it is used.
"Taking an integrated approach to information risk management for the enterprise means moving beyond the inconsistent and reactive manner in which many financial institutions address risk," said Rod Nelsestuen, senior analyst, Financial Strategies and IT Investments, TowerGroup. "Reputation and brand image are put at risk when security fails and information is lost, stolen, or misused. Practicing a holistic approach to security and information risk assures that business information contributes to achieving marketplace and business goals, maintaining a customer and business focus, and building market confidence. In short, information security policy, practices, and technologies that provide a defense for information also can support the business's offensive strategy."
Traditional approaches - which focus on network and perimeter security to reduce risk to critical business information - can open the door to other forms of information risk that have the potential to undermine key business initiatives. Information Risk Management offers a comprehensive and business-aligned approach that is designed to enable financial services organizations to place controls where they are needed across the entire information lifecycle, helping to ensure that information is always an asset and never a liability.
The RSA Solution
As part of EMC, RSA recognizes that IT security is an information management issue. RSA recommends that financial institutions implement a holistic solution that allows companies to look at all the risk associated with information, at every point in its lifecycle. This solution comprises market-leading security technologies, new services and an ecosystem of strategic partners.
"As today's world - and the business potential it offers - becomes more digital and sophisticated, so do the risks involved, especially when it comes to the financial sector. These institutions are realizing that, in order to truly survive and flourish, they must stop looking at risk in a vacuum and start treating it in a consolidated and holistic manner across the organization and the customer base," said Art Coviello, Executive Vice President, EMC Corporation and President, RSA. "This is exactly where our expertise and solutions can help. As the chosen security partner of almost 9,000 financial institution customers, RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges."
Market-leading Security Technologies
As a trusted advisor, RSA offers proven products designed to allow financial services firms to implement a solutions-based approach to Information Risk Management. Alongside EMC's best-in-class solutions for storing information more intelligently, RSA helps organizations to manage compliance and security information, and to secure remote access, web application access, enterprise access and customer access to account information. An Information Risk Management strategy that leverages RSA and EMC solutions helps financial institutions to address the following key initiatives more effectively:
- Secure business continuity
- Help meet regulatory and governance challenges
- Expand into new markets
- Improve customer confidence
- Reduce costs of doing business
New Services
The company's Professional Services Organization plays a key role in RSA solutions, helping financial institutions to fully realize the benefits of an information risk management approach with two newly-expanded services.
- The Information Security Program Development service helps enterprises organize their multiple security risk remediation initiatives into a project-level roadmap that helps meet requirements for regulatory compliance. This service is designed for mid-to-large customers who may already have an understanding of their security gaps and risks —an integral component is the completion of an information security gap assessment or a review and consolidation of the results of prior assessments to assist in developing an 18-24 month security risk remediation roadmap to help address regulatory compliance or other business requirements. This service prioritizes gap remediation activities, maps these activities to specific project-level security control initiatives, and packages this into a security program that combines industry standards and RSA's own best practices framework for security program development.
- The Information Risk Assessment Service is a broad-based security posture assessment for information security that is designed to provide a systematic overview of an organization's information security capabilities and a roadmap for risk remediation. This service is based on a proven best practices methodology that encompasses assessment of governance, policy, data protection, authentication, access, and other business and technical infrastructure security controls.
Strategic Partner Ecosystem
To promote customers getting the most value from their information infrastructure, EMC and RSA have created one of the industry's strongest groups of business partners. This ecosystem of relationships with global technology leaders, innovators, systems integrators and service providers help ensure customers that RSA solutions will interoperate in their environments.
"By leveraging RSA's proven methodology, experience in the financial industry, and ecosystem of market-leading partners, financial institutions can help ensure that their information risks are properly identified and classified, their policies and procedures are adequate to support their business objectives, their strategies are aligned with industry best practices, and their technology choices and implementations are effective to protect critical business information," added Jim Melvin, vice president, Marketing & Security Solutions at RSA.