New RSA® Via Solution Innovations Strengthen Identity Assurance and Governance


  • Automatically aligns authentication choices to the risk level of what the user is trying to access
  • New flexible authentication options and policies better optimize the balance between security and user convenience
  • Integration with privileged access management technologies provide increased visibility of who has access to privileged systems 


RSA, The Security Division of EMC (NYSE:EMC), today announced new innovative identity assurance and identity governance capabilities in RSA® Via. These new capabilities are designed to help organizations effectively balance security and user convenience as they assure identities and better govern and manage privileged access. New authentication choices in RSA Via Access are built to match the right levels of assurance to what a user is accessing. New RSA Via Lifecycle and Governance capabilities are engineered to provide greater visibility into access of privileged systems to help defend against targeted attacks.  This powerful combination offers customers more effective choices for identity assurance and the ability to more effectively manage risk.

Balancing Security and Convenience

To guard against advanced threats, organizations need to better align system access risk and appropriate levels of identity assurance. RSA Via Access is engineered to now automatically align authentication methods to an access request’s risk level by allowing administrators to prescribe identity assurance requirements and flexible step-up authentication policies based on security requirements. For example, access to an organization’s most important assets might require RSA SecurID® authenticators or biometric authentication methods, while less critical assets require a less strong level of assurance. RSA Via Access is engineered to allow security admins to choose which assurance level is needed for various access scenarios based on contextual attributes like location and device used, to help ensure security is not compromised.

Organizations also need to balance the needs of security with user convenience. RSA Via Access takes choice to the next level, as organizations can now offer an even greater variety of authentication methods commensurate to the sensitivity of the application. By offering a variety of authentication mechanisms, users are able to prove their identity in ways that are most convenient to them as opposed to a “one size fits all” approach.

In addition to TouchID fingerprint verification and tap or shake authentication, RSA Via Access is designed to now include additional biometric capabilities through the integration of Eyeprint IDTM, a biometrics technology powered by EyeVerify.  This new technology is engineered to use the unique pattern of eye veins and other micro features to authenticate a user by confirming a known biometric print with a trusted device.  The RSA Via Access server is also now FIDO® Certified, and can support devices that leverage the FIDO U2F standard, offering organizations and users additional authentication methods and convenience.

Governing & Administering Risk of Privileged Access

Administrators with privileged access own the keys to an organization’s most sensitive information assets and critical systems. RSA Via Lifecycle and Governance’s powerful attestation capabilities and other features help organizations systematically govern and manage the access of these privileged users across the identity lifecycle. RSA Via Lifecycle and Governance is now designed to be interoperable with the CyberArk Privileged Account Security Solution, providing necessary visibility into and governance over privileged access. Additionally, RSA Via Lifecycle and Governance is engineered to support provisioning to privileged accounts managing the lifecycle of a user's privileges as an employee joins, leaves, or changes roles within an organization.

For more information, please visit RSA Via.

Executive Quote:

Jim Ducharme, Vice President of Engineering and Product Management, RSA 

“Not all access needs the same level of assurance. Organizations need to focus on balancing the need to assure identity, while not sacrificing user convenience by taking a ‘one size fits all’ approach to authentication. RSA Via technology’s new capabilities align the various levels of risk associated with what a user is trying to access with the appropriate levels of assurance. This allows organizations to offer more innovative authentication options and help ensure there isn’t a tradeoff between security and user convenience.”

Industry Support Quote:

Brett McDowell, Executive Director of the FIDO Alliance

“I commend FIDO Alliance board member RSA for its investment in the development of FIDO standards, and this certified implementation of FIDO authentication for RSA Via Access. This adoption of FIDO by the widely recognized market leader in enterprise identity and authentication is a validation that FIDO is emerging as the preferred technology for strong authentication. RSA Via technology is added to a rapidly growing list of FIDO deployments from Google, Dropbox, Bank of America, PayPal, and other leading service providers, illustrating that FIDO has quickly become the new standard for enabling online authentication.”

Technology Partner Quote:

Adam Bosnian, executive vice president, global business development, CyberArk

“Organizations typically have three-to-four times more privileged accounts than employees, increasing the attack surface for hijacked credentials that can put the cyber-criminal in control.  The interoperability of the CyberArk Privileged Account Security Solution’s proactive protection and detection capabilities with RSA Via Lifecycle and Governance helps reduce the attack surface by managing privileged user provisioning, entitlements and access certification in a centralized, holistic approach.”


The next version of RSA Via Access and RSA Via Lifecycle and Governance that includes these features will be available in Q1 2016.




RSA provides more than 30,000 customers around the world with the essential security capabilities to protect their most valuable assets from cyber threats. With RSA’s award-winning products, organizations effectively detect, investigate, and respond to advanced attacks; confirm and manage identities; and ultimately, reduce IP theft, fraud, and cybercrime. For more information, go to

RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other company and product names may be trademarks of their respective owners.

This release contains “forward-looking statements” as defined under the Federal Securities Laws. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) risks associated with the proposed acquisition of EMC by Denali Holdings, Inc., the parent company of Dell, Inc., including, among others, assumptions related to the ability to close the acquisition, the expected closing date and its anticipated costs and benefits; (ii) adverse changes in general economic or market conditions; (iii) delays or reductions in information technology spending; (iv) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (v) competitive factors, including but not limited to pricing pressures and new product introductions; (vi) component and product quality and availability; (vii) fluctuations in VMware, Inc.’s operating results and risks associated with trading of VMware stock; (viii) the transition to new products, the uncertainty of customer acceptance of new product offerings and rapid technological and market change; (ix) risks associated with managing the growth of our business, including risks associated with acquisitions and investments and the challenges and costs of integration, restructuring and achieving anticipated synergies; (x) the ability to attract and retain highly qualified employees; (xi) insufficient, excess or obsolete inventory; (xii) fluctuating currency exchange rates; (xiii) threats and other disruptions to our secure data centers or networks; (xiv) our ability to protect our proprietary technology; (xv) war or acts of terrorism; and (xvi) other one-time events and other important factors disclosed previously and from time to time in the filings of EMC, the parent company of RSA, with the U.S. Securities and Exchange Commission. EMC and RSA disclaim any obligation to update any such forward-looking statements after the date of this release.