ALSO INSIDE: TOKENIZATION INSIG - First Data Identity Verification know¢â‚¬â€œ ledge-based authentication

  • View

  • Download

Embed Size (px)

Text of ALSO INSIDE: TOKENIZATION INSIG - First Data Identity Verification...







    VOLUME 6 | NUMBER 2 | 2009

    IN S

    IG H

    T S

    O N

    T H

    E B

    U S

    IN E

    S S

    O F

    S E

    C U

    R IT


    Eyes on glass

    EMC’s Critical Incident

    Response Center

    VantageFall 09_01_current_r1.indd 1 10/7/09 12:47 PM

  • 2 Vol. 6, No. 2, 2009 RSA, The Security Division of EMC Vantage Magazine

    an array of compliance and auditing requirements.

    Tokenization is an emerging tech- nology that replaces sensitive data, such as Social Security and credit card numbers, with a token value that acts as a “safe proxy” for the sensitive in- formation. The safe proxy cannot be linked back to the original data but otherwise behaves like the number it replaces.

    Tokenization is becoming a popular alternative to encryption for protecting certain types of data while minimizing the cost of compliance. On Page 20 we explore this emerging technology and learn how some companies are using it today. We also discuss an exciting new alliance between RSA and First Data, a global leader in payment processing services. Through this partnership, First Data is offering merchants a new service to protect payment card data, which is built on the RSA SafeProxy™ architecture, a unique combination of tokenization, encryption, and key man- agement.

    By now, we all know that Social Se- curity numbers are no longer a secure means of assuring an individual’s iden- tity. To prove just how insecure SSNs are, researchers at Carnegie Mellon University conducted a study to deter- mine how easy it would be to guess an individual’s nine-digit SSN. They con- cluded that simply knowing an indi- vidual’s date and state of birth provides sufficient information to guess their Social Security number with accuracy.

    Starting on Page 8, Vantage talks with officials from the Federal Trade Commission and the Federal Deposit Insurance Corporation on how organi- zations must begin – or continue – to use other means of identifying and

    authenticating consumers, customers, and patients.

    In addition to these stories, other highlights in this issue include:

    • An in-depth look at EMC’s Criti- cal Incident Response Center, which utilizes EMC and RSA technologies to monitor and protect the company’s worldwide IT infrastructure

    • A profile of how HDFC Bank, one of India’s premier financial institutions, is protecting its operations and custom- ers from the latest online threats

    I would also like to extend a special “thank you” to Vantage readers as we mark six years of providing news and commentary on issues and trends in the IT security industry. In recognition of this success, Vantage was recently honored with an APEX 2009 Award, earning an Award of Excellence in the Custom Published Magazines and Journals categories. And speaking of awards, I want to congratulate our own Mischel Kwon, who received the Ex- ecutive Women’s Forum 2009 Public Sector “Woman of Influence” Award in September. Mischel joined RSA’s Worldwide Professional Services unit as vice president of Public Sector Se- curity Solutions earlier this year, after serving as director of the U.S. Com- puter Emergency Readiness Team (US- CERT) at the Department of Homeland Security. We are glad to have her on board.

    Enjoy this issue of the award-win- ning Vantage magazine.


    Arthur W. Coviello Jr. President—RSA, The Security Division of EMC

    program team


    Contributing Editors GAIL FREEMAN


    editorial team


    Design Director RONN CAMPISI

    Contributing Writers ALISON J. CASE SARAH JENSEN



    Copy Editor SARAH JENSEN

    Editorial content for Vantage is developed and managed by Libretto, 560 Harrison Avenue, Suite 501, Boston, MA 02118 617.451.5113

    ©2009 RSA Security Inc. All Rights Reserved

    All RSA product names are either registered trademarks or trademarks of RSA Security, Inc. in the United States and/or other countries. EMC is a registered trademark of EMC Corpora- tion. All other products or services mentioned are trademarks of their respective companies.

    For a FREE subscription to Vantage magazine, please go to

    Postmaster: If undeliverable, notify RSA Marketing, 174 Middlesex Turnpike,

    Mail Stop 32A080, Bedford, MA 01730

    Winner of the APEX 2009 Award of Excellence

    On the cover

    Using real-time network aware- ness software, an analyst at EMC’s Critical Incident Response Center zooms in on a segment of EMC’s

    WAN infrastructure.

    Let’s talk tokenization

    opening notes

    Cover photograph by Kathleen Dooher

    Organizations have struggled for years with how to best protect Personally Identifiable Information (PII), such as credit card numbers, in order to prevent data breaches and address


    VantageFall 09_01_current_r1.indd 2 10/7/09 12:47 PM

  • RSA, The Security Division of EMC Vantage Magazine Vol. 6, No. 2, 2009 3

    in this issue F E A T U R E S

    4 Celebrating 25 years of RSA authentication Authentication technology is everywhere, embedded in the devices, processes, and services that we use throughout an ordinary day.

    7 Protecting the hyper-extended enterprise Here’s a round-up of RSA-sponsored research and recommendations on how to safeguard today’s hyper-connected organizations.

    8 Social Insecurity Misuse and overuse of Social Security numbers has made them a favorite target of identity thieves. Protection strategies are a work in progress.

    12 Eyes on glass EMC’s state-of-the-art Critical Incident Response Center (CIRC) provides busi- ness operations protection for what CSO Roland Cloutier calls “a $15 billion rev- enue machine.”

    16 The fraud stops here After deploying RSA® Adaptive Authentication, India’s HDFC Bank saw successful fraud attempts against its cus- tomers drop to almost zero.

    20 Tokenization: Beating the high-risk numbers game Leveraging emerging tokenization technology and a new partnership with electronic commerce leader First Data Corporation, RSA solves some of the toughest challenges of protecting sensi- tive data.

    D E P A R T M E N T S

    2 Opening Notes By Art Coviello Jr.

    18 Partner Profile Verizon Business teams up with RSA

    22 Inside RSA Labs What color is your PIN?

    4 8 16


    18 22

    VantageFall 09_01_current.indd 3 10/7/09 6:19 PM

  • by heidi bleau

    Authentication has come a long way in 25 years. It is everywhere we turn and has become a part of our everyday lives. Today, RSA technology is used by more than 30,000 organizations to secure access to their networks, protect business- sensitive information, and safeguard the identities of more than 250 million online users and the activities they perform.

    4 Vol. 6, No. 2, 2009

    m ile

    st on

    es We’ve come a long way, baby

    John is working from a home office. He uses an RSA SecurID® two-factor authentication token to log in to the corporate network through a VPN to check his e-mail.

    Joan is signing into her online bank account to pay bills. Her bank uses RSA’s site-to-user authentication technology to assure Joan that she is on the legitimate website of her bank and not a phishing website.

    Rick calls an electricity provider to request service in his new house. The provider uses RSA® Identity Verification know– ledge-based authentication to confirm the identity of new customers requesting service.

    Ken works for a govern- ment agency that uses RSA® Digital Certificate Solutions to assure his identity when he logs in to the agency network.

    Marking 25 years of RSA authentication technology

    At work and at play, at home and on the road, RSA authentication technology

    VantageFall 09_01_current_r1.indd 4 10/7/09 12:48 PM

  • RSA, The Security Division of EMC Vantage Magazine Vol. 6, No. 2, 2009 5Illustration by John S. Dykes

    Julia is logging in to a healthcare portal that uses RSA® Adaptive Au- thentication risk-based authentica- tion technology to secure access to a patient’s medical and personal information.

    Ted is making a transfer for a large sum from his online brokerage account to another financial account. The broker- age firm uses the RSA® Adaptive Authentication Out-of-band Phone module for high-risk transactions to prevent unau- thorized money transfers.

    is part of daily life

    Sarah uses a credit card to pur- chase a gift for her husband on- line. Her credit card issuer uses RSA® Adaptive Authentication for eCommerce to assure the online purchase is not fraudulent.

    VantageFall 09_01_current_r1.indd 5 10/7/09 12:48 PM

  • 6 Vol. 6, No. 2, 2009 RSA, The Security Division of EMC Vantage Magazine


    Some leap before they look A 2009 IDG Research Services survey of 100 top security executives reveals that some companies are so enthusiastic about next-gen