RSA CEO Challenges Private Sector Cybersecurity to Step Up at RSAC Public Sector Day 2024
May 06 2024 - 11:05AM
Business Wire
RSA CEO Rohit Ghai will detail the new capabilities, policies,
and principles that public and private sector organizations must
develop to adapt to new-world cybersecurity challenges during the
opening keynote of the RSA Conference Public Sector Day.
During his remarks, Rohit will explain how new government
policies create a higher cybersecurity standard for both the public
and private sectors, discuss the emerging risks and successful
cyberattacks that have compelled the creation of those new
standards, and detail the capabilities that the private sector must
prioritize to address emerging threats.
“When it comes to protecting critical infrastructure,
cybersecurity can’t be a privilege reserved for the few, but an
inalienable right shared by everyone,” said RSA CEO Rohit Ghai. “To
stay ahead of adversaries, secure the integrity of our elections,
and build a safer world, our industry must work in close
partnership with the public sector, prioritize security, embrace
open standards, and reflect on why so many purported cybersecurity
vendors are being breached by threat actors.”
“With CISA’s Zero Trust Maturity Model v2.0, the presidential
mandate, and the NIST Cybersecurity Framework 2.0 (CSF 2.0), which
represents the new gold standard in cybersecurity architecture, the
U.S. government is teaching organizations how to enhance their
security,” said RSA Federal President Kevin Orr, who will host the
Public Sector Day event. “What’s clear across every mandate and
framework is that organizations must prioritize the security-first
identity solutions that will shield them from today’s attacks and
prepare them for tomorrow’s threats.”
“NIST CSF 2.0 was created because the U.S. government recognizes
that organizations’ defenses aren’t keeping pace with threats,”
said RSA Chief Product and Technology Officer Jim Taylor. “NIST
doesn’t make recommendations lightly, and right now they’re
recommending that all organizations prioritize deeper security and
broader capabilities to defend against phishing, ransomware, cloud
account take-over, and other attacks. Just as importantly, CSF 2.0
shows them how to implement those regulations and make NIST’s
framework a practical reality.”
RSA recently released new implementation guidance for NIST CSF
2.0. RSA solutions provide a security-first unified identity
platform that secures the full identity lifecycle and helps
organizations align with NIST CSF 2.0, meet the presidential
mandate, and comply with new CISA requirements:
- Secure passwordless authentication: Following on the
deployment of significant passwordless authentication
enhancements—including QR code-based authentication, an expanded
access policy for RSA® ID Plus that provides greater support for
passwordless across the platform, and the DS100, the only
dual-protocol authenticator solution combining both FIDO2 software
and OTP hardware authentication in one device—RSA will support
device-bound FIDO passkeys that meet FIPS certification on the RSA
Authenticator App later this year.
- Identity Governance and Administration (IGA) to enforce
least privilege: CSF 2.0 recommends “Access permissions,
entitlements, and authorizations are defined in a policy, managed,
enforced, and reviewed, and incorporate the principles of least
privilege and separation of duties.” The guidance on IGA makes both
identity and governance important business and risk issues. With
RSA® Governance & Lifecycle, government agencies don’t need to
manage increasingly complex access policies via spreadsheet any
longer: the solution automates joiner-mover-leaver workflows,
including birthright- and role-based entitlements to ensure that
least privilege is maintained throughout the user lifecycle.
- Best-of-breed security and open standards deliver more than
the sum of their parts: RSA supports third-party
authenticators, including FIDO2, FIDO U2F, and OATH H-OTP for use
with ID Plus. RSA’s proprietary hardware authenticator, the DS100,
combines both OTP and FIDO2 protocols on one device. The DS101 will
also combine those protocols on one FIPS 140-3 certified device
that will be available this year. RSA will leverage decades of
security-first pedigree and innovative solutions to fortify
customers’ use of open standards with infrastructure that provides
out-of-the-box, end-to-end security solutions.
- Securing the Cloud: CISA’s Zero Trust Maturity Model 2.0
notes that the modernization of government cybersecurity represents
a challenge in adopting zero trust and recommends that agencies
should review the CISA/Federal Risk and Authorization Management
Program (FedRAMP) Cloud Security Technical Reference Architecture
for securing cloud migration and data. In 2022, RSA received
FedRAMP JAB authorization for RSA® ID Plus for Government, which
can help government agencies operate securely across cloud and
on-premises environments. The RSA authorization conforms with the
latest revision to the FedRAMP program, meeting the new standards
for more rigorous security controls.
Resources
NIST CSF 2.0 Implementation Guidance
RSA Public Sector page
About RSA
The AI-powered RSA Unified Identity Platform protects the
world’s most secure organizations from today’s and tomorrow’s
highest-risk cyberattacks. RSA provides the identity intelligence,
authentication, access, governance, and lifecycle capabilities
needed to prevent threats, secure access, and enable compliance.
More than 9,000 security-first organizations trust RSA to manage
more than 60 million identities across on-premises, hybrid, and
multi-cloud environments. For more information, go to RSA.com.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240506570541/en/
TeamRSA@axicom.com