Cloud Security Authors: Yeshim Deniz, Zakia Bouachraoui, Liz McMillan, Elizabeth White, Ravi Rajamiyer

Related Topics: @CloudExpo, Containers Expo Blog, Cloud Security

@CloudExpo: Article

EMC Extends Security for Cloud Computing

RSA Solution for Cloud Security and Compliance

VMWorld® 2010 -- EMC (NYSE: EMC) on Monday unveiled the RSA Solution for Cloud Security and Compliance for comprehensively managing security, risk and regulatory compliance of cloud infrastructures, helping increase customer confidence to virtualize business-critical applications.

"Security is a top concern organizations have about moving critical business applications to the cloud," said Jon Oltsik, Principal Analyst at the Enterprise Strategy Group.  "Even with all the benefits cloud computing provides, CIOs will continue to be wary until there is a way to manage security and compliance with the same level of assurance that is available today with physical data center environments. With today's announcement, EMC has made an important first step in addressing this fundamental concern with security in today's growing virtualized and cloud infrastructures."

Featuring an easy to use dashboard based on the RSA® ArcherTM eGRC platform, the solution is designed to give organizations a complete assessment of security and compliance posture across their VMware virtual infrastructure.

This allows customers to centrally manage security across both virtual and physical infrastructures using RSA Archer. The dashboard integrates with a library of more than 100 VMware-specific controls such as administrative authentication, that map to the most current global regulations such as PCI-DSS and HIPAA to ensure best practices for deployment. The solution also integrates with the RSA® enVision security information and event management platform to provide a more comprehensive assessment of security events from across the enterprise.

"Demonstrating compliance on virtualized platforms has been a labor-intensive and highly complex process, particularly as many of our customers require FISMA compliance," said Chris Day, Chief Security Architect, Terremark Worldwide, a leading global provider of managed IT infrastructure services. "We've given input throughout the design of the RSA solution and fully support their shared vision with partners VMware and Intel. Using the RSA Solution for Cloud Security and Compliance will enhance our ability to assess the security of the virtual infrastructure and help the customers that choose Terremark for their cloud infrastructure respond to compliance audits."

RSA Solution for Cloud Security and Compliance
The RSA Solution for Cloud Security and Compliance helps enable organizations to rationalize a multitude of compliance requirements, control frameworks, standards and best practices into a set of centralized security policies that can be applied to virtual infrastructure. Simple dashboards are designed to make it easy to visualize security and compliance posture. Through automated assessments and simple workflows, the solution helps streamline the process of managing tasks between security teams that define policies and IT operations teams responsible for implementing those policies.

Capabilities delivered as part of the RSA solution include:

  • Dashboard views based on the RSA Archer eGRC platform designed to enable fast and accurate assessment of security and compliance posture across physical and VMware virtual infrastructure.
  • Top-Down Visibility for Control and Compliance: The RSA solution includes a comprehensive, centralized library and ready reference of security controls within the RSA Archer platform. This library has been expanded to cover more than 100 VMware-specific controls that map the most current, global regulations such as PCI-DSS and HIPAA.  New software available with RSA Archer automates the measurement of several VMware configuration elements to simplify the task of measuring compliance. RSA enVision is being enhanced to add further intelligence to the RSA Archer platform by updating the compliance assessments with security-relevant events.  RSA enVision collects security events from an ecosystem of products including the RSA® Data Loss Prevention suite, VMware vShield, VMware vCloudTM Director, VMware vCenterTM Configuration Manager, EMC® Ionix®, and HyTrust® appliance to enrich the compliance reports provided by the RSA Archer platform.
  • Process Automation for Managing Remediation of Security Policies: The RSA Solution for Cloud Security and Compliance leverages automated workflow and notification processes in RSA Archer to simplify the tasks of remediating security issues.

"Our customers are excited about the opportunity to continue extending and optimizing their use of virtualization but are hesitant unless they can deliver proof of compliance against security standards such as PCI or HIPAA and VMware best practices," said Bret Hartman, Chief Technology Officer of RSA, The Security Division of EMC. "Today RSA is delivering the first step to give customers both the capability and confidence to extend their VMware deployments to handle business-critical applications while providing a simpler and easier way to help ensure compliance for cloud infrastructures."

Industry Collaboration Leading the Journey to Trusted Cloud Infrastructure
The RSA Solution for Cloud Security and Compliance is the first in a series of steps to deliver on the vision of security and compliance for cloud infrastructure which EMC outlined at RSA Conference 2010 in conjunction with key partners Intel and VMware.

At VMWorld 2010, Booth 1000, EMC will feature demonstrations of the RSA Solution for Cloud Security and Compliance and will also show a technology preview demonstration for how the solution will evolve in the future to leverage VMware vSphereTM and Intel® Trusted Execution Technology (Intel® TXT) to ensure hardware root of trust and isolation of regulated workloads.

RSA is contributing actively in the Cloud Security Alliance (CSA) Consensus Assessments Project for developing an open question-set, based on the CSA Cloud Controls Matrix, for security assessment of cloud services.  When this work is complete, the RSA solution will be enhanced to offer tenants a way to assess the security of cloud service provider environments and their internal datacenters using RSA Archer.

"Intel is working with VMware and EMC to enable a hardware-based root of trust for the cloud," said Boyd Davis, Intel Vice President & General Manager, Data Center Group Marketing, "We're excited to see RSA taking the first step in delivering products and solutions that support our shared vision."

"Our collaboration with RSA is designed to help customers deploy cloud environments that provide comprehensive security up and down the virtual stack," said Parag Patel, vice president, Global Strategic Alliances, VMware. "RSA's solution ties security controls to higher order compliance objectives, including collecting and correlating security and compliance events across the cloud infrastructure and key security services delivered through VMware's vShieldTM."

The RSA Solution for Cloud Security and Compliance and the RSA SecurBook for solution deployment best practices will be available in Q4 2010.  In addition, strategic services from the RSA Security Practice of EMC Consulting can guide customers on the approach best suited to their business and operational objectives.

More Stories By Yeshim Deniz

News Desk compiles and publishes breaking news stories, press releases and latest news articles as they happen.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

IoT & Smart Cities Stories
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...