RSA Chief Art Coviello Calls for Proof, Not Promises to Assure Trust in the Cloud


Industry Must Close "Trust Void" by Giving Control and Visibility of Identities, Information and Infrastructure in the Cloud

SAN FRANCISCO, Feb. 15, 2011 - RSA® CONFERENCE 2011 - In his opening keynote at RSA Conference 2011, Art Coviello, Executive Vice President of EMC and Executive Chairman of RSA, The Security Division of EMC (NYSE: EMC), outlined a strategy to close the trust void that holds many organizations back from deploying mission-critical applications in cloud environments.

In both the opening keynote address at RSA Conference and in a new EMC Vision Paper released today, "Proof Not Promises: Creating the Trusted Cloud," EMC challenges conventional thinking by affirming that the cloud can meet the security, compliance and performance conditions of any business process, even those with the strictest regulatory requirements such as PCI. However, actually trusting mission-critical business to the cloud requires the ability to inspect and monitor actual cloud conditions first-hand, not just rely on outside attestations. This can be achieved by rethinking long-standing security beliefs and using existing technologies in creative new ways.

"Establishing control and visibility over clouds is the dominant security challenge preventing organizations from fully leveraging cloud environments today, and it's a fundamental problem that EMC is committed to solving," Coviello said. "The promise is that you CAN achieve safety in the cloud. The promise is that we CAN fundamentally do security differently than we've ever done before. The proof comes when leveraging virtualization technology we can demonstrate control and visibility, the key elements of trust, in cloud environments.

"As with other IT transformations over the decades from mainframes, to client server, to the web, Coviello pointed out that virtualization and cloud computing share the same underlying information security goal of getting the right information to the right people over a trusted infrastructure in a system that can be governed and managed. But in contrast to previous IT shifts, Coviello asserted that, unless properly addressed, the enormous amount of change across the core security dimensions of information, identities and infrastructure can create immense control and visibility challenges.

"Virtualization is the cloud's silver lining because virtualization fuels the cloud's ability to surpass the level of control and visibility that physical IT delivers," Coviello continued. "By consolidating multiple systems on a single platform, organizations gain a centralized control point for managing and monitoring every virtual infrastructure component."

To gain this unparalleled visibility and consolidated control, security in virtual and cloud infrastructure must align to three fundamental attributes:

o Security becomes logical and information-centric, defending logical
rather than physical boundaries and focusing on the protection of
sensitive information and transactions rather than infrastructure.

o Security becomes built into infrastructure and applications with security
management controls becoming far more automated, essential to enabling
security and compliance to work at the speed and scale of the cloud.
Achieving this means building security into virtualized components and,
by extension, distributing security throughout the cloud.

o Security becomes risk-based and adaptive, in which organizations reduce
their reliance on static rules and signatures and instead employ
real-time analytics to predict threats and proactively adjust to them.

Coviello added, "These three principles can lead us to a heightened level of control and visibility that will create the critical evidence, the proof if you will, that leads to trust. The ability for organizations to inspect and verify conditions first-hand is the highest standard for trust in the cloud. It's a standard based on proof, not promises."

Richard McAniff, VMware Chief Development Officer and Co-President, Products joined Coviello onstage to illustrate several core concepts of a secure, trusted cloud by embedding security controls into the VMware virtual infrastructure. For example, McAniff demonstrated how a combined VMware vShield(TM) technology and RSA® Data Loss Prevention (DLP) solution can automatically enable information classification, discovery and security policy enforcement at the virtual infrastructure layer.

"What this will let organizations do is take an information-centric approach to creating security zones within their infrastructure," McAniff said. "Imagine your infrastructure telling you, 'Here's a suggested zone for PCI, or PII or PHI.' That truly is an intelligent infrastructure. This example reflects a key element of our collaboration with RSA to embed security controls into the virtual infrastructure and automate management to help organizations simplify the setup and operation of secure, trusted clouds."

Additional news from RSA:

o RSA Establishes RSA(TM) Cloud Trust Authority to Accelerate Cloud
Adoption: RSA announced the RSA Cloud Trust Authority, a set of
cloud-based services designed to facilitate secure and compliant
relationships among organizations and multiple cloud service providers.
By enabling visibility and control over identities, information and
infrastructure, the RSA Cloud Trust Authority will foster the trust and
confidence necessary for organizations to more fully adopt cloud
computing for business-critical applications and sensitive information.

o RSA Launches Industry's First End-to-End Incident Management Solution:
RSA today announced the RSA(TM) Solution for Security Incident
Management, the industry's first automated solution that helps CISOs
visualize and prioritize the growing number of security threats while
minimizing the time-consuming manual investigation processes. The new
solution is designed to enable security analysts to focus on the
security risks most likely to impact business objectives with more
complete information to manage the resolution of those incidents.

EMC's vision paper, "Proof not Promises: Creating the Trusted Cloud," is co-authored by Pat Gelsinger, President and Chief Operating Officer, EMC Information Infrastructure Products; Howard D. Elias, President and Chief Operating Officer, EMC Information Infrastructure and Cloud Services; Arthur W. Coviello, Jr., Executive Vice President, EMC Corporation and Executive Chairman, RSA, The Security Division of EMC; and Richard McAniff, Chief Development Officer and Co-President, Products, VMware.

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

SOURCE EMC Corporation

CONTACT:

Kevin Kempskie of RSA,

The Security Division of EMC,

+1-617-413-4333,

kevin.kempskie@rsa.com

Web Site: www.emc.com

All Topics