Complex Security, Risk and Compliance Challenges Require 'Air Traffic Control' for the Information Infrastructure

LONDON, Oct. 12 /PRNewswire/ -- RSA® Conference Europe 2010 -- Building a systematic strategy to help organizations efficiently and reliably manage security across physical, virtual and cloud infrastructures was the theme of the opening keynote at RSA® Conference Europe 2010 delivered by top executives from RSA, The Security Division of EMC (NYSE: EMC).

In a joint keynote address, RSA President Art Coviello and RSA Chief Operating Officer Tom Heiser outlined a compelling vision and real world strategy demonstrating how security organizations can take advantage of the opportunities enabled by virtualization and cloud computing to build "air traffic control systems for information security" to achieve more secure, compliant and manageable information infrastructures.

"The security industry does not have a system that integrates people, process and individual security controls that can be managed with the same kind of correlated, contextual and comprehensive view used by the aviation industry to guarantee the safety of our airways," said Art Coviello, President, RSA, The Security Division of EMC. "Information security management needs to function as a system capable of effectively and efficiently managing our information infrastructures providing visibility, manageability and control across all three domains -- physical, virtual and cloud.  We need a system that enables us to close the gaps of protection and apply controls in a more holistic, systemic manner, centralizing management not just for some vendor controls, but for all."  

In the joint keynote address, both EMC executives addressed the challenges IT teams face as a result of siloed, inefficient and ineffective point tool approaches to administering and enforcing security policy across hybrid IT infrastructures.  Coviello and Heiser also detailed three layers, working in concert required to achieve the vision of a successful 'air traffic control system' for information security:

1. A Controls Enforcement Layer which is the point of security detection enforcement across the infrastructure.  In an ideal environment, many controls are embedded directly into IT infrastructure such as operating systems and networks, providing ubiquitous coverage without deploying and managing hundreds of point tools. 
2. A Controls Management Layer where organizations can provision and monitor security controls.  Establishing this layer offers the opportunity to consolidate numerous security consoles.  
3. A Security Management Layer where policies are defined that govern the organization and information infrastructure based on compliance requirements, best practices and the nature of risk.  This is also the layer where events and alerts from controls across the infrastructure come together and are correlated to assess compliance and remediate as necessary.  This visibility layer is about bringing together what were once isolated technologies, inputs and feeds, into a single platform or framework, the same as an air traffic control system.

"In the end the goal is to simplify management and enhance alignment between the security team responsible for defining security policy and the operations team charged with implementing that policy," said Tom Heiser, Chief Operations Officer for RSA, The Security Division of EMC. "By integrating these technologies, systems and feeds we enable a holistic approach to risk management and compliance; a single view to the most important security and compliance elements across the entire IT environment.  In effect, we've built our version of air traffic control for the traditional information infrastructure."  

The executives then detailed how this same approach could be used as organizations journey to the cloud, leveraging virtualization to deliver better security by providing a single point of visibility and coordination for physical, virtual and cloud assets.  They provided two examples of air control capabilities in cloud environments. The first referenced a RSA, VMWare and Intel technology demonstration that leverages Intel's Trusted Execution Technology and the RSA Archer® Enterprise Governance, Risk and Compliance platform designed to create a chain of trust from the processor through the hypervisor and to the operating system.  This capability is engineered to make it possible to actually verify that virtual applications are running on infrastructure that has not been compromised by malware.  The second example described a new technology demonstration that now leverages Intel's TXT processor, VMWare vCenter and the RSA Archer eGRC platform designed to control and manage geographic location of VMs.  This technology is engineered to enable policy based restrictions preventing sensitive data and processes in the cloud from travelling to unauthorized locations.  

Information regarding additional RSA announcements can be found at RSA.com.

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

RSA. Archer and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries.  All other products and/or services referenced are trademarks of their respective companies.

This release contains "forward-looking statements" as defined under the Federal Securities Laws.  Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) adverse changes in general economic or market conditions; (ii) delays or reductions in information technology spending; (iii) our ability to protect our proprietary technology; (iv) risks associated with managing the growth of our business, including risks associated with acquisitions and investments and the challenges and costs of integration, restructuring and achieving anticipated synergies; (v)  competitive factors, including but not limited to pricing pressures and new product introductions; (vi) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (viii) component and product quality and availability; (viii) the transition to new products, the uncertainty of customer acceptance of new product offerings and rapid technological and market change; (ix) insufficient, excess or obsolete inventory; (x) war or acts of terrorism; (xi) the ability to attract and retain highly qualified employees; (xii) fluctuating currency exchange rates; (xiv) litigation that we may be involved in; and (xiii) other one-time events and other important factors disclosed previously and from time to time in the filings of EMC Corporation, the parent company of RSA, with the U.S. Securities and Exchange Commission.  EMC and RSA disclaim any obligation to update any such forward-looking statements after the date of this release.

SOURCE EMC Corporation