Today RSA, The Security Division of EMC, released the latest research and insights from IDC and the Security for Business Innovation Council on the relationship – and disconnect – between security and business innovation. The IDC report centers on the fact that 80 percent of organizations worldwide confirm that security fears are indeed responsible for stifling business innovation.

IDC also found that although 80 percent of CEOs believe their security teams are being held formally accountable for their contributions to business growth and innovation, only 44 percent of security leaders believe they are being measured on their contributions to innovation. This finding points to a surprising lack of alignment between the expectations of C-level management and the priorities of security professionals...

Yet another analogy from the credit crunch shows us security folks that even if we changed jobs we probably wouldn't be able to escape our frustrations. The executive branch is currently trying to win over Congress and convince them to hand over a large sum of money, or else something really bad is going to happen. This is a situation I'm sure many security folks have found themselves in, albeit under less extreme circumstances. The people with the check books seldom know anything about what you're doing. Congress is full of politicians, not economists or experts on the banking system. They need to rely on their gut feeling to do the right thing. Same thing with your management, so it's up to you to guide them towards the right decision -- in their language...

The McCain-Palin campaign has offered a rather muted response to the Yahoo! email account breach of Gov. Palin, and so far, the grand jury has opted not to indict the hacker. Is this the end to this sordid tale? Not quite. I believe that the average citizen has been left with a myriad of questions as to the security in as basic a utility as free email.

What’s going on?

“Rubico”, as the hacker called himself, used an automated password recovery tool where he was asked fairly simple questions to identify himself as Gov. Palin [birthday, zip code, etc.]. Rubico found answers to these within 45 minutes on Google and Wikipedia! Wow! Is it really that easy to hack into email or messaging services that the common person uses globally?...

Click to Download/Listen (07:03)

Recent updates to the Fair and Accurate Credit Transactions Act (FACTA) of 2003 mandate that U.S. financial institutions and creditors must comply with the Identity Theft Red Flag provisions by November 1, 2008. Amanda Van Veen speaks with EMC's resident FACTA expert, Dennis Mayer from EMC Consulting about the upcoming deadline and what it means to those who must comply.

Last week I made a flying visit to NYC to appear on a panel at Interop with John Pironti of Getronics, Khalid Kark of Forrester, Jennifer Mack of the PCI Standards Council and Jim Routh of DTCC. The subject was "Security By Compliance - A Discussion of Information Risk Management's Greatest Challenge".

As reported in the Boston Globe on September 23rd, the Massachusetts Office of Consumer Affairs and Business Regulation issued regulations earlier this week that will place new requirements on businesses to safeguard personally-identifiable information (PII)...

The numbers behind Google's processing are staggering. Indexing over one trillion URLs, the Internet search giant reported in January that it processes 20 Petabytes of data per day.

Turns out a Petabyte is 1000 Terbytes. So Google processes over 20,000 Terabytes of data per day. Supporting all of this impossibly massive data crunching is a huge network of proprietary servers and custom made storage. It's the mythical Google grid.

Google conceals the exact nature of the grid; it's one of their trade secrets.

So, what if I told you Google is abandoning its mythical, proprietary, custom-made processing and storage grid, and is moving to an off-the-shelf third party processing platform?

Any boffin would have choked on this scoop.

OK, relax. Google isn't ditching its proprietary grid. But its eCrime equivalent is certainly doing exactly that.

Click to Download/Listen (06:29)

Paul Joyal welcomes back Linda Lynch, RSA® Conference Europe Manager, to talk about the session highlights for the upcoming conference from October 27-29. The early bird registration deadline is fast approaching on September 26. Learn more or register today: www.rsaconference.com/2008/europe.