RSA rolls out 900 virtual desktops to Australia

 

Re-architects in-house security.

RSA has begun a virtual desktop rollout in its Australian offices in a bid to secure internal systems following a major compromise of its SecurID two-factor authentication tokens in March.

The company hoped to revise its internal security architecture and adopt an "assume you are breached" mentality among employees.

It was partway through the rollout, using vitualisation software from parent company EMC, to more than 900 Australian staff for use on desktops and personal devices.

The virtualisation deployment was expected for completion by January 2013.

The company also hoped to implement "sophisticated analytics and forensics" technology which would continually monitor potentially advanced persistent threats like those blamed for the March compromise.

Security information would be fed back to the company's Boston-based Critical Incident Response Centre.

The EMC subsidiary had continued to deal with the fallout after its SecurID token system, popular among large enterprises, was breached in March. The tokens had been used later in an attack on defence contractor Lockheed Martin

Since the breach, 10 percent of the company's global customer base had replaced its SecurID tokens.

RSA Australia director Andy Solterbeck confirmed that Australia had suffered higher customer churn since March but would not reveal exact figures.

Major organisations including ANZ, Westpac and the Australian Taxation Office were among those announcing replacement of the tokens following the breach, although they remained customers of RSA.

The other two major banks, NAB and Commonwealth Bank had yet to replace the tokens.

Customer churn and panic was tied to media speculation and lack of direct information from the company, an issue Solterbeck said had tied RSA's hands, as it was simultaneously under investigation by the federal US Government.

RSA has since attempted to convince customers that SecurID should be implemented as part of a multi-layered defence and not be thought of as a security silver bullet in itself.

"We did as good a job as we could," Solterbeck said. "They [customers] were satisfied."

The former Telstra security boss pointed to a recent record quarter for SecurID as a measure of continuing trust in the brand.

Additional reporting by James Hutchinson.

Copyright © SC Magazine, Australia


RSA rolls out 900 virtual desktops to Australia
 
 
 
Top Stories
Toll Group to go Google
Poaches Woolworths project manager.
 
How News Corp's CIO tackled skills in his race to the cloud
What to do when your team’s talents are no longer needed.
 
Photos: How Thodey transformed Telstra
From turbulent Trujillo to Australia's leading telco.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  35%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 3922

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 1331

Vote