Partner Action Items for CustomersBy Ericka Chickowski | Print
RSA channel partners are concerned about the lack of details from RSA following a security breach of its authentication SecurID product which is used by a range of organizations including banks and highly sensitive government entities.
It's hard to tell when RSA will offer more insight into how the product was compromised, but in the meantime, it recommended customers and partners take steps outlined in the note it posted in its SecurCare Online portal. RSA has also been proactive over the last several days to arrange conference calls for partners and customers to offer advice in mitigating steps.
"At the end of the call, RSA was very adamant that this is not something trivial but that there are no other RSA products or EMC products that have been affected by this and that RSA SecurID is still a very viable selection for strong authentication," says Philip Cox, principal consultant with SystemExperts, who has been "elbow-deep" in advising customers on the breach and participated in one of the calls. "What I think partners need to do is get educated on what the recommendations are that RSA has put out and based on their understanding of where their customers are security practices-wise, pick and pull the top 10 things that really need to be done and blast that out to their customers. I think education here is key."
Conference calls notwithstanding, some experts also believe that the channel needs to hold RSA accountable for more information in the coming weeks and months.
"At the end of the day, money is what's going to get people's attention. That's the way the world works," says Vik Phatak, CTO of security testing and analyst firm NSS Labs, who believes that partners may have more impact than individual customers.
"I mean, I think the channel partner comes back and says look, I've
got these 50 customers and I can't help them and these are the
questions they're asking. If I can't answer it I'm going to have to go
with an alternate technology."