This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Questions asked on the cost implications of RSA replacing SecurID

Share this article:

The replacement of 40 million RSA SecurID tokens will create huge cost issues for the vendor.

Andrew Kemshall, co-founder at SecurEnvoy, claimed that deployment costs for RSA's clients will cost around £4 billion, whilst the environmental cost will work at around 4.3 million tonnes of Co2.

He said: “Our observations suggest that the on-costs of deploying a single SecurID token is around £100 per token, this includes the direct and indirect costs for the organisation concerned.

“If it is necessary, then we recommend that businesses should start seriously thinking about switching to a tokenless authentication system, especially given the rising number of corporate hacks in recent months, which indicates that enhanced security should now be a watch word.”

Yesterday, RSA executive chairman Art Coviello said that it was offering to replace SecurID tokens for customers ‘with concentrated user bases typically focused on protecting intellectual property and corporate networks'. He also confirmed that RSA will offer to implement risk-based authentication strategies for consumer-focused customers with a large, dispersed user base, that are typically focused on protecting web-based financial transactions.

Philip Lieberman, president and CEO of Lieberman Software, said that the cost is not just bad news for RSA, but it paints the rest of the IT security industry in a bad light.

He said: “I put the fault squarely on the senior management of EMC for treating the SecurID division as a cash cow that received little to no investment after RSA was acquired by EMC. A quick review of the SecurID products show that the SecurID product line has languished in innovation and development investment since the takeover.”

However Jon Geater, director of technical strategy at Thales e-Security, said that replacing the tokens seemed 'like the right thing in my book', as it represented good PR and a responsible attitude to its customers.

He said: “It is undoubtedly an expensive move which leaves some questions open: do RSA know that all the tokens were breached, or are their systems simply unable to tell them which tokens were compromised? Will they change the seed model in future?

“What assurances can they now offer customers that the system is safe?  In the cloud age, where transparency and third-party trust are becoming understood currency, can they keep their security procedures and seed model obscured any longer?

“Why did it take so long to find out?  Or for them to admit it?  It would be nice to be generous and assume they were simply ramping up production to cope with demand, but people will now surely be suspicious that the Lockheed breach is the real catalyst.

“Whatever the truth of the SecurID breach, the message is clear: the growth of concerted attacks on valuable IP, including Lockheed Martin and Sony, proves the need for defence in-depth and protection of data assets even inside the enterprise.  The walls have come crumbling down.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Apple criticised despite fixing iOS 7 and OS X flaws

Apple criticised despite fixing iOS 7 and OS ...

Apple has been criticised despite correcting various security flaws on iOS 7 and OS X Lion and Mountain, with one such bug allowing hackers to intercept data via an SSL ...

Dual-pronged social media attack vector discovered

Dual-pronged social media attack vector discovered

Symantec researchers have spotted a dual-pronged social media engineering attack.

Major Twitter spam attack 'traced' to fellow social media site

Major Twitter spam attack 'traced' to fellow social ...

Photo-sharing website We Heart may have been hit by a stream hack, after it was cited as the source for thousands of spam messages being sent out on Twitter.