Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português
  • Home
  • Resources
  • Blog
  • Welcome to RSA 2012 - and the world of 2012 cybersecurity defences current page
Link copied

Welcome to RSA 2012 - and the world of 2012 cybersecurity defences

Oct 20, 2017
Author:
Paul Kenyon
Blog banner default
Welcome to RSA 2012 - and the world of 2012 cybersecurity defences
Paul Kenyon

With the RSA Security Conference now upon us in the US – and with a welter of really interesting announcements coming out of the San Francisco event – I was intrigued to read a guest column from Art Coviello, the executive vice president of EMC, the parent company to RSA Security, on Forbes.

Coviello’s comments - citing the Bob Dylan track, `the times, they are a changin' - are bang on the money, especially when he recommends that IT security now needs to be a board level discussion.

This coincides with our thoughts here at Avecto, as the involvement of a board level discussion on security will help IT security managers to determine the `sweet spot' where the organization has invested in sufficient security to say it has carried out what any reasonable company would do to defend its digital assets.

And in today's security governance-rich environment, the expensive cost of reaching that sweet spot can be lowered by adopting a multi-layered approach to IT security and so help to ensure that the advantages of one type of security can offset the disadvantage - namely the weak spots - of another system.

At the risk of sounding like an accountant, this all comes down to the risk/reward balancing game which Coviello hints at in his column, but with the additional factor of cost entering the equation.

The EMC/RSA chief is, of course, quite correct in his assertion that the security world is changing, but our belief is that it’s not just about balancing risk with security, it's also about balancing the cost of the security against the reward in terms of the level of security assurance that the expenditure will generate for a typical company.

And whilst there is no such thing as absolute IT security in today's multi-vectored threat landscape, it is clear that multiple layers of defense can often produce a better overall return on investment curve than if just one or two layers of security are involved.

Our experience suggests that treating the governance levels of, for example, the PCI Security Standards Council as a starting point in security terms and working upwards - depending on the risk/cost/reward stance your organization is prepared to invest in - is the best way forward.

And when you factor in Coviello's sound advice that you need to continue to evolve your organization's thinking about security - working on the premise that shared knowledge is a powerful advantage - you realize that adding extra layers of defenses - such as a Windows privileged account management system that lowers your security risk profile - can help tremendously in the risk/cost/reward stakes.

The ideal solution is to apply least privilege principles to as many users as possible, with specific members of staff having limited access to admin facilities and, even then, only on the specific applications they need access to on a regular basis.

Our approach with Windows privilege management is to give users only the access and privileges they need to complete the task at hand. In most cases this will be for specific applications, tasks or scripts, and by assigning specific rights to those applications, you no longer need to give them to users. As Windows security expert Russell Smith, explains in his book ‘Least Privilege Security for Windows7, Vista and XP’, taking away user privileges can be similar to taking a toy away from a small child. Bottom line is that user expectations have a real impact on the security of any organization, so empowering them to perform their role without compromising the integrity or security of their systems makes good financial sense.

As Coviello says in his column, as cyber threats escalate, we must invest in building a cybersecurity workforce with the requisite skills to defend enterprises, governments, and critical infrastructures.

And whilst – again as the EMC/RSA chief against observes - these individuals need a 360-degree view of security that combines computer science, risk assessment, analytics, digital forensics, and human behavior – it should also be clear that the addition of multiple layers of security can only enhance the risk/cost/reward ratios.

Even if you’re not a board level professional, that should still make you smile.

For more on Art Coviello's words of wisdom: http://onforb.es/yk5f32

Latest Posts
  • Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Jun 8, 2026 Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Blog
    5m
  • The Most Common & Most Dangerous Types of Shadow IT
    Jun 5, 2026 The Most Common & Most Dangerous Types of Shadow IT
    Blog
    19m
  • 14 Password Management Best Practices
    May 28, 2026 14 Password Management Best Practices
    Blog
    12m
  • A Security Researcher’s Guide to Understanding Copilot Studio AI Agents
    May 26, 2026 A Security Researcher’s Guide to Understanding Copilot Studio AI Agents
    Blog
    3m
  • How to Secure Cloud-Native Infrastructure at Scale and Speed: A Conversation with Madhu Adireddi
    May 21, 2026 How to Secure Cloud-Native Infrastructure at Scale and Speed: A Conversation with Madhu Adireddi
    Blog
    5m
Related
  • Secure Remote Access by Vendors – It’s a Team Sport
    Jun 14, 2016 Secure Remote Access by Vendors – It’s a Team Sport
    Blog
    1m
  • Mandiant APT1 report, some unanswered questions.
    Feb 21, 2013 Mandiant APT1 report, some unanswered questions.
    Blog
    1m
Share this Article
  • Link
Stay up to Date
Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.