Embracing Risk: How to Innovate with Confidence and Grow Your Business

Tuesday, April 08, 2008

RSA’s Information Risk Management strategy integrates supporting capabilities in Identity Assurance, Data Security, Information & Event Management – and significant additions to EMC’s Global Services portfolio

RSA® CONFERENCE 2008/San Francisco, CA — RSA, The Security Division of EMC (NYSE: EMC), today announced a series of initiatives and solutions designed to support its Information Risk Management strategy – and the alignment of business and IT security priorities.

The announcements include the most comprehensive re-drawing of RSA’s authentication and access management business in a decade; the launch of the RSA™ Data Security System, comprising products and services that are engineered to deliver comprehensive data loss prevention, as well as encryption and key management; and a range of new, information-centric security services.

“The information security industry’s evolving transformation is today being fueled by the need for security to be firmly aligned with business strategy, with the result that organizations are increasingly looking at security in the context of risk,” said Art Coviello, EVP at EMC Corporation and President at RSA, The Security Division of EMC. “By helping our customers to understand and address the risk that their high-value information is exposed to throughout its lifecycle, security becomes a true enabler of innovation and critical business initiatives can be undertaken with confidence.”

“Security’s natural role has always been to keep the business, its assets and its users as far removed from risk as possible, and to the majority of business leaders today risk continues to be anathema,” commented Jon Oltsik, Senior Analyst, Information Security at Enterprise Strategy Group. “However, a well-executed risk management program holds the keys to first-mover advantage and other opportunities for expansion and growth. Creating an environment in which information risk management can be safely and intelligently embraced – and where the full value of that information can be exploited – is both logical and necessary if the C-suite is to accelerate the business and accomplish its fundamental goals.”

Information Risk Management from RSA

The initiatives announced today will help enable customers to effectively recognize, assess and mitigate the risk that information will encounter at any point in its lifecycle. Information Risk Management is an information-centric strategy, allowing customers to determine what should be protected; where the risks are; and how to best prioritize security investments to drive the business forward.

Managing information risk is a four step process:

Discover and classify the information, people, and IT infrastructure that underpin key business initiatives and business processes
Define policy to describe how sensitive information should be protected
Apply appropriate technology controls to enforce policy and mitigate the most significant risks
Audit the environment to help ensure compliance with policy and regulations

In order to deliver these capabilities, a range of professional services to help with planning an information risk management effort – assessing risk, designing processes and programs – as well as helping with policy definition, implementation and product design, are essential.

RSA’s new initiatives and solutions include:

New Identity Assurance solution enables secure, easy & intelligent access to enterprise information and applications

RSA today unveiled the next phase in its solution for Identity Assurance – a key component of the company’s Information Risk Management strategy. Identity Assurance comprises the set of capabilities and methodology that minimizes the business risk associated with identity impersonation and inappropriate account use, enabling enterprises to allow trusted identities to freely and securely interact with systems and access information.

RSA’s comprehensive Identity Assurance platform includes four essential components: Credential Management, Authentication, Contextual Authorization, and Intelligence. Together, these solution areas support an information risk management process by helping define and enforce policy around users and access, and by providing the essential technology controls to mitigate risks related to unauthorized access.

RSATM Data Security System: a set of products and services to deliver a holistic approach for securing data

The new RSATM Data Security System provides a policy-based approach to securing data: enabling customers to classify their sensitive data, discover that data across the enterprise; enforce controls; and report and audit to ensure compliance with policy.

RSATM Data Loss Prevention (DLP) Suite, announced last week, is designed to enable the classification, discovery and monitoring of sensitive data, while the system’s encryption suite is engineered to allow organizations to apply the appropriate enforcement mechanisms to secure that data.

As part of this announcement today, RSA also introduced its new RSA® Key Manager for the Datacenter offering, which is designed to centralize and streamline key lifecycle management throughout the enterprise. RSA Key Manager for the Datacenter works across multiple encryption points in the enterprise, including tape, disk, virtual tape, databases, and file systems – leveraging RSA, EMC, and a partner ecosystem for fully-integrated solutions. From the outset, the offering is interoperable with – among others – EMC® PowerPath® software, EMC Connectrix® MDS and Oracle Database 11g.

EMC adds new and expanded information security services from RSA

EMC today announced five new professional services, designed to enable customers to address information-centric security both effectively and efficiently, using risk and policy as key drivers. The new services will help organizations to: review security policy; assess risk; discover and classify sensitive information; develop security programs; and assess storage security.

The EMC information security services practice helps organizations to align information risk management strategies and business objectives, to protect information assets, and to ease the burden of regulatory compliance.

More information on RSA’s announcements and related initiatives may be found online at www.rsa.com/rsaconference2008/. In addition, RSA’s information risk management solutions, services and partners will be featured in Booths #1717 and 1817 at RSA Conference 2008, April 7-11, 2008, at the Moscone Center in San Francisco.

About RSA

RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world’s leading organizations succeed by solving their most complex and sensitive security challenges. RSA’s information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle – no matter where it moves, who accesses it or how it is used.

RSA offers industry-leading solutions in identity assurance & access control, data loss prevention & encryption, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

RSA and SecurID are either registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. EMC, PowerPath and Connectrix are registered trademarks of EMC Corporation. All other products and/or services mentioned are trademarks of their respective companies. This release contains “forward-looking statements” as defined under the Federal Securities Laws. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) adverse changes in general economic or market conditions; (ii) delays or reductions in information technology spending; (iii) risks associated with acquisitions and investments, including the challenges and costs of integration, restructuring and achieving anticipated synergies; (iv) competitive factors, including but not limited to pricing pressures and new product introductions; (v) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (vi) component and product quality and availability; (vii) the transition to new products, the uncertainty of customer acceptance of new product offerings and rapid technological and market change; (viii) insufficient, excess or obsolete inventory; (ix) war or acts of terrorism; (x) the ability to attract and retain highly qualified employees; (xi) fluctuating currency exchange rates; and (xii) other one-time events and other important factors disclosed previously and from time to time in EMC’s filings with the U.S. Securities and Exchange Commission. EMC and RSA disclaim any obligation to update any such forward-looking statements after the date of this release.