Subscribe
Blog / Podcast Readers
NEWSGATOR YAHOO
BLOGLINES ITUNES
DEL.ICIO.US DIRECT RSS

RSA and VeriSign: forward together into the Cloud

by Sam Curry on 11/6/2009
Topics: Authentication | Cloud Security | Identity Management | Identity Protection

RSA and VeriSign have come a long way over the last 15 years.  From a close origin to distant extremes, we are now going into a mature relationship with one another.  I can’t speak to everything that has gone before, but the two companies have evolved very differently while interacting positively and negatively over the years.  We signaled a new relationship, following many heart-to-heart sessions, in October with the announcement that VIP and SecurID would work together and interoperate, but this is much more than a simple partnership.

Double Critical Mass
The world needs simplicity and ubiquity to be championed.  In looking at our GoID service and at VeriSign’s VIP service, we were both faced with what I call the “two critical mass” problems.  Financial institutions, retailers, vendors and the like won’t adopt something until there is a critical mass of consumers holding tokens; and consumers won’t buy tokens until there is a critical mass of places they can use them.  If VIP or GoID could overnight get either 100s of companies to accept tokens or tens of millions of users to hold tokens, the problem would still only be half solved.  This is really where RSA and VeriSign in partnership, deliver higher value than either company could on its own.

Aside from RSA’s obvious strength in token-less authentication with RSA Adaptive Authentication, RSA’s SecurID is the most time-tested, proven, quality token in the world – I can debate the relative merits of OATH or some of my competitors (all of whom are excellent companies), but this is one that we have down pat.  Our tokens are durable, reliable, time-tested and something that we know how to do really well.  There’s a reason we offer such generous warranties on our tokens: our defect rates on SecurID tokens exceed any quality rates I’ve seen anywhere else, period.

VeriSign really understands intuitively the consumer space and has built services around SSL and DNS that are second to none.

Doesn’t it make sense that the two should come together in partnership?  There are many reasons why we haven’t to date, but both companies fundamentally believe that services approaches and cloud-based approaches make sense and enable the Internet to move ahead.  We also know that we shouldn’t both pursue the “double critical mass” problem at the same time – instead, we can focus our efforts in partnership and creating the world’s truly universal, convenient token-based strong authentication service.  In fact, if it can’t be done by us together, it arguably can’t be done at all.

Into the Cloud
I was asked at the recent RSA Conference Europe 2009 how Cloud was different from past initiatives.  My answer is that it has the potential to be different from SOA, On Demand, CORBA and any number of other cloud-like initiatives if we rise to the challenge; and that will make it disruptive to how we think of IT and the Internet.  However, it also has the potential to be yet another buzz word if we fail to rise to the challenge.

So what is the challenge?  The challenge, simply put, is to make the Cloud not just valuable and efficient and cheaper but rather to solve problems that we put off in the traditional IT world for the sake of rapid growth and expediency.  The Cloud must be better at basic blocking and tackling and at being a transparent, reliable tool than traditional IT has been.  In a nutshell, that’s it.  Now, what that means is that it has to be transparent, has to be able to accept policies, has to work predictably, has to be “monitor-able”, has to be “govern-able” and has to be more secure out of the gate than what has come before.  Have a look at my blog on the Evolution of Authentication for some insight into what I mean here

I tongue-in-cheek said that the Cloud could as easily be called the Swamp, but no one wants to move to the Swamp. 

Net-net
At the end of the day, RSA and VeriSign are coming together to create a “best of both” scenario and to tackle the need for a ubiquitous strong authentication service together.  There are other challenges that have to be sorted through too, but we’re doing our part by breaking down barriers.  Now, we need to move on and look at the bigger set of Cloud issues all together.

Comments

No comments for this blog entry

Post A Comment

Your Name
Your Email Publish email?: Yes No
Your Blog
Subject
Comment
Verification Word
© 2010 RSA Security. All rights reserved | Privacy | Legal | Site Map

RSA, The Security Division of EMC, provides Secure Data, Compliance, SIM, SEM, SIEM, PCI, Consumer Identity, Two-Factor Authentication, Custom Applications, Consulting, Assessment, and other security solutions and services to over 90% of the Fortune 500.
 
Access Control |  Authentication and Identity Assurance |  Credential Management |  Data Loss Prevention |  Data Encryption and Key Management |  Fraud Prevention |  Security Information and Event Management |  Log Management |  IT Compliance |  ISO 27002 Compliance |  Information Risk Management for Financial Services |  Payment Card Industry Data Security Standard | 
 
RSA Access Manager
RSA BSAFE
RSA eFraudNetwork
 RSA Data Loss Prevention
RSA Consumer Solutions
RSA FraudAction
 RSA Digital Certificate Solutions
RSA Encryption/Key Management
RSA Enterprise Data Security
 RSA enVision
RSA SecurID
RSA Smart Cards

 RSA Federated Identity Manager
RSA Adaptive Authentication