RSA Unveils Protect Personally Identifiable Information (PII) to Help Mid-Sized Organizations
RSA, The Security Division of EMC, announced a comprehensive set of solutions to help organizations address the most challenging aspects of complying with the U.S. Data Breach Notification Laws for protecting personally identifiable information (PII) and mitigating the risk of security breaches. Specifically, RSA is announcing three distinct packages of information security products – including two-factor authentication, security information and event management (SIEM) and data loss prevention (DLP) – designed to meet the needs of mid-sized companies.
Organizations entrusted with PII from customers and employees are required to take appropriate actions to secure and protect this information. In addition, laws across the United States levy varying penalties – including public notification requirements – for organizations suffering a PII compromise. RSA’s PII package is engineered to deliver technologies that support these efforts by enabling customers to:
- Identify PII across their environment, and understand where and how this data is being accessed and stored, and how and by whom it is being used
- Implement appropriate security controls based on policy and risk
- Monitor the environment and proactively identify potential security events in real-time
“Clearly, data breaches carry heavy costs for organizations, not to mention public embarrassment and lost goodwill, said, Jon Oltsik, Principle Analyst of Enterprise Strategy Group, “By implementing a set of repeatable, scalable controls organizations can help reduce that risk.”
RSA’s Packaged Solutions for Securing PII
RSA developed three packages that offer cost-effective, actionable, enterprise-level solutions to mid-sized organizations concerned with preventing PII data breaches, and avoiding the costs associated with breach notifications. These packages were developed to meet different customers’ specific needs, depending upon where they are in the process of protecting PII as required by various data breach notification laws across the U.S.
A core requirement for preventing a data breach is ensuring only authorized individuals may access systems containing PII. To this end, all three RSA packages include strong two-factor authentication with RSA SecurID one- time password solutions. With RSA SecurID authentication, organizations can thereby help ensure that both proprietary business data, as well as private customer data, are only available to authorized users.
In addition, businesses striving to protect PII and meet notification requirements must be able to quickly identify a potential breach, and maintain logs that will help to evaluate how an incident may have occurred. To support these requirements, the three packages also include the RSA enVision platform that offers collection, alerting and analysis of log data in the context of threats, vulnerabilities, IT assets, and other data to enable organizations to quickly respond to high-risk security incidents and compliance issues.
Finally, in order to effectively protect PII and attempt to comply with state-level breach notification laws, organizations must understand where sensitive data resides, and how data moves across the environment. In an effort to achieve this RSA offers the RSA Data Loss Prevention solution in three distinct modules. The RSA DLP Suite offers a vast set of pre-defined policies according to certain U.S. Data Breach Notification Laws as well as other regulations (e.g. PCI DSS, HIPPA, NERC, and CPNI).
- For organizations seeking to initially understand how PII may be compromised when transmitted across their network boundaries, one package offers RSA Data Loss Prevention Network. This package is ideal for businesses that have yet to fully understand the movement of PII in their environments.
- For organizations lacking a clear view of where sensitive data resides, the second package offers RSA DLP Datacenter & Endpoint Discovery. With these technologies, businesses get visibility into where PII resides, helping them to evaluate whether appropriate controls are in place to prevent a breach.
- For organizations striving to address both the discovery of PII and an understanding of how such data move across the network, the third package offers RSA Data Loss Prevention Network and RSA Data Loss Prevention Endpoint & Datacenter Discovery.
RSA PII Services
The RSA DLP RiskAdvisor service may be the first step for organizations to address the US Data Breach Notification challenges. RSA DLP RiskAdvisor is designed to discover PII and provide a high-level mapping of business functions to sensitive information, helping organizations to understand where PII exists across the enterprise so that it can be consistently managed and protected across the information lifecycle. RSA Professional Services leverages the RSA Data Loss Prevention Suite for discovery of PII and provides a view into potential exposure.
Beyond the RSA Packages for Protecting PII
In addition to technologies found within the new packages – two-factor authentication, security information and event management and data loss prevention -- RSA’s technology solutions for helping to secure PII include adaptive authentication, web access management, encryption and encryption key management. These technologies provide key controls necessary to secure PII - at rest, in motion and in use, thereby mitigating the risk of data breaches, and helping to enable organizations to meet U.S. Data Breach Notification Laws and other regulation requirements in the most consistent, scalable manner possible. Moreover, EMC's Physical Security Solutions are engineered to enable organizations to manage, archive, protect, authenticate, and scale security systems and video surveillance information in order to control the physical access to records and to storage areas of records containing PII.