Philip Lieberman, CEO and president of Lieberman Software, has put the boot into RSA over what he calls lack of investment in its R&D that could have prevented the breach of its defences in March this year. Since then RSA, the security division of EMC, has acknowledged that information stolen from its network was used to carry out a cyber attack against Lockheed Martin, which means it needs to replace all of the 40 million SecurID hardware tokens in existence.
Lieberman said: "This incident shows that there is a very strong business case for sustained and planned investment in security. By my estimates this breach is going to cost RSA a minimum of $400m to replace 40 million tokens. This is not just bad news for RSA Security - it paints the rest of the IT security industry in a bad light."
"I put the fault squarely on the senior management of EMC for treating the SecurID division as a cash cow that received little to no investment after RSA was acquired by EMC. A quick review of the SecurID products show that the SecurID product line has languished in innovation and development investment since the takeover," he added.
Lieberman said: "EMC is guilty of milking the RSA cow dry, neglecting it, getting it sick, and then selling the tainted beef. The tragedy is that had they provided just a little bit of food and care to the cow, they could still be receiving milk and have a healthy cow today."
Lieberman continued: "The RSA SecurID scenario is a testament to the consequences of greed and outsourcing exhibited by EMC senior management, who, in their single minded wish to maximize profitability, neglected to provide sufficient resources and domestic talent to keep their company healthy and competitive. The management of RSA and EMC did exactly what they were incentivized for: maximize shareholder equity with minimal concerns for the wellbeing of their customers, partners or society at large."
"I have a hint for Art Coviello," he continued. "Maybe he should now consider spending some money on Research & Development (R&D) and product management in Bedford, MA instead of moving everything off-shore and outsourcing the rest. RSA actually has some amazing talent in the Boston area, they just don't work cheaply and now we can see what "cheap" has produced. Some of us have been arguing against this short-term approach and for investment in both R&D and people and against management fads like outsourcing for its own sake for years. I take no pleasure in these disasters but we can prevent them with care and foresight."
Absolute® Software specialises in technology and services for the management and security of mobile computers and smartphones.
The Neverfail Group is dedicated to creating a world where business applications are continuously available. High Availability, Disaster Recovery...
Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...
Teneo is an infrastructure optimization company, providing solutions that help customers with the management, performance and virtualization of...