Our People: Mark's Blog

OK, so many folks have been asking me about our security strategy. I have discussed RSA in detail but some folks are still puzzled with the Network Intelligence acquisition. There are lots of good reasons but let me explain my rationale of why I consider this very strategic for EMC.

Network Intelligence for us is about 2 words: Metadata, and Compliance.

We all are familiar with data right? It’s that stuff in the file or the database – the stuff we actually use. Metadata is everything else. It is all of the data that is captured in logs and around files to help us manage, and protect the data itself. We use Metadata in Content Management to help provide services like versioning, workflow, and indexing. We use it to protect and secure data. Metadata is everywhere. In fact, I believe that there will ultimately be more Metadata then data itself!

Network Intelligence is the leader in its ability to capture log metadata in a coherent way so that we can do some really cool things. As you would expect, computers, systems, and applications log lots of things. Problem is that these logs are everywhere and there is simply no way to leverage this data (into information) uless you capture it into a repository.

The most important use case is Compliance. By capturing the metadata in an effective way we can actually go back and look at events that occurred in a system or application to understand if there are/were any problems. Data is not like money. When someone steals from a bank, it is usually easy to tell – the money is gone – duh. Data is different, what you need to be able to do here is to track the actions (especially of privileged logs) to insure that nothing is amiss.

Since this data is gathered and “organized” it can be used not only for Compliance (prove that nothing bad happened) but also for Forensics (something did happen – let’s look and see “how”). In general – this is the SIM market, and it ties directly in with both our information management and security strategies.

With all of this data coming in, there is an additional customer benefit we can provide; that is “Security Event Management” or SEM. Once a customer finds an issue, they can easily build a policy to check for the “event” and trigger a notification or other action.

Together this is now called the SEIM market. It is a key goal for EMC to help our customers manage their Metadata as well as their data and we believe that this is the best technology in the market to do just that.

If you want to read more – here is a link http://www.network-intelligence.com/solutions/loginaccess/whitepapers.asp

Mark…..

“Hi my name is Mark and I am from EMC. I am here to help protect you from HP?” – Sounds kind of strange doesn’t it? While I am not trying to pick on HP (I really mean that), the recent series of events clearly highlights the ability of individuals to secure confidential information in ways we might not have thought possible.

While everyone is steeped in the boardroom drama – there is a great technology question just not being asked – “Why don’t companies put the right technology in place so this doesn’t happen in the first place?”

For IT to thrive and its general commercial use to continue to grow it is critical that we address the need for security regarding our information. Most information of value to us and our business is private, not public. While there is great value in having access to information, there are also risks. The ultimate success of the Web relies on moving from simply a tool for access to public information to a tool that can also be used for ALL information.

Simply put, we need to build systems that can effectively protect private data while also making appropriate access as painless as possible. To date, I believe we have many technologies that will ultimately not withstand the test. Having a company ask my mother’s maiden name or my birthday does not give me that warm and fuzzy feeling that my data (or my money) is protected since this information itself is just not private.

We are experimenting with things like biometrics but these are also problematic for many applications. I just can’t imagine a retina scanner on my Blackberry. Personally, I believe that 2 factor authentication will play a key role in bridging the gap. The simplicity of two factor authentication is that it incorporates a simple electronic key that cannot be duplicated. It relies on the combination of something you know (a password) with something you have (a key fob) and can be used across almost any medium. Since they “key” is constantly changing, it also cannot be copied or written down. Any key number can only be used once so no key logger can be effective. If you loose the “key,” it can simply be deactivated and is useless.

I expect that recent events, while unfortunate, will provide the impetus for change that will ultimately help us provide greater access to information while, at the same time, putting in place the needed levels of information security.

And, if there were any doubts as to why we acquired RSA, this helped to show us all why Identity and Access Management (IAM) is going to be a critical technology for any company’s information management and protection strategy.

As for pretexting, I even find even the word itself interesting. I said I was going to talk about the technology side and I am clearly no lawyer but - in terms of right or wrong – I am going to say wrong. Pretexting. It sounds so innocuous; we need to call it what it is – identity fraud.  If my kids “pretext” me they get punished just the same as they would for lying.

Mark…