Saturday, March 19, 2011
My take on the RSA breach...
I am catching up on the info around the breach of the RSA Token information and I think RSA has an opportunity here... The Tokens that we all at some point used over our IT careers are, well dead as we know it... Not just because their secret sauce formula fancy algorithm is now not so secret, or must assume it is not, but because technology has changed and RSA should directly compete with what Verisign, now Symantec has done with the Versign Identity Protection (VIP) device in making it an App available on most smart phones. Not to mention integration into my favorite Security DoDad the YubiKey.
It is time for RSA to dump the Token and go to the software App. Now if a breach were to occur, they would only need to update the application instead of re-issuing costly hardware tokens that we don't really want to carry around on our keychains.
But first, RSA must admit what has occured, be honest and admit the impact to their client base and then how they plan to remediate or fix the issue.
They have lost the trust of two-factor authentication users, but Sh*+ happens, it is how RSA reacts that matters now.
Time is a tickin RSA....
#InfoSec #RSA #Breach