Trust is earned every day and in information security, losing your customers trust is easy to do and hard to earn back. RSA had a breach with unknown ramifications. RSA Chairman Art Coviello’s cryptic notice and RSA’s relative silence since then, is not helping customers feel confident in SecureID as a product or RSA as a company. Just look at what’s happening on Twitter for gems like this “Dear #RSA, open your pants and show us the problem, or we will never trust you again.” I don’t think any reasonable information security or IT professional would expect any vendor to be 100 percent secure and RSA is no exception. When a problem or breach occurs however, you retain your customers trust by being forthright about the problem and stating what you are doing about it. That is what Microsoft and VeriSign did when VeriSign erroneously issued two code signing certificates in 2001. The two companies owned up, came clean, and moved on. Fact is, RSA has to come clean publicly about what was taken, when it was taken, and a forthright assessment of the damage to customer or you risk losing their trust.
Network Computing