One of the things that distinguishes security from other IT disciplines is its massive scope. In simple terms, if you own the corporate network, you care about switches, routers, and traffic going from Point A to Point B. If you own security, you have to look up and down the old "technology stack" while keeping an eye of physical security and cross-company business processes. Little wonder why so many companies experience so many data breaches. For years, the security industry seemed to disregard the broad scope of problems faced by enterprise organizations. Instead, even the biggest security firms like Check Point and McAfee simply offered the threat management widget du jour. This is like your local This is like your local tire store saying that it is in the business of selling automobiles. Something had to give which is why big enterprise-savvy companies like EMC, Hewlett-Packard, and IBM entered the market. During a RSA Conference in San Francisco, Rather than talk abo...

EMC's Interpretation - “At most companies today, security projects are being driven by compliance and audit, so what a surprise that they don’t have alignment with the business! Security practitioners are not working on business problems; they are working on regulatory issues.”Now I’m not going to suggest that all regulation is unjustified and that businesses can’t profit from the level playing field that regulation can create. While effective attacks against 1024-bit RSA keys appear unlikely to emerge in the near term, the community has for some years suggested the prudence of a movement away from 1024-bit key lengths by the end of 2010. The U.S. National Institute of Standards (NIST) recommends in its special publication 800-57, "Recommendation for Key Management--Part I: General http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf " (p. 66), that 1024-bit RSA be used to confer data protection only through 2010. Similarly, in May 2003, RSA Labs publishe...