RSA Establishes Cloud Trust Authority To Accelerate Cloud Computing Adoption

RSA, The Security Division of EMC, recently announced the RSA Cloud Trust Authority, a set of cloud-based services designed to facilitate secure and compliant relationships among organizations and cloud service providers. 

By enabling visibility and control over identities, information and infrastructure, the RSA Cloud Trust Authority will foster the trust necessary for organizations to adopt cloud computing for mission-critical applications and sensitive information.  To further support and strengthen this requirement, EMC announced the new EMC Cloud Advisory Service with Cloud Optimizer  from EMC Consulting, which helps customers create a balanced cloud strategy extending from legacy architectures through cloud service providers at the lowest cost while achieving trust objectives.

"Surveys show that lack of trust in cloud computing is slowing broader adoption of cloud services," said Art Coviello, executive chairman of RSA, the Security Division of EMC.  "While cloud computing offers tremendous benefits in cost and agility, it breaks down some of the traditional means of ensuring visibility and control of infrastructure and information.  Forcing enterprises to develop trusted relationships individually with each cloud service provider they wish to use is cumbersome and will not scale. New thinking in security and compliance is required to provide a future in which organizations can consume services from a wide variety of cloud service providers on-demand and for all their application needs."

Organizations will be able to manage relationships with cloud service providers via the RSA Cloud Trust Authority console making it easy to configure and deploy cloud-based security services. 

The system is being architected to greatly streamline the ongoing management of trusted relationships eliminating the need for multiple point-to-point integrations involving custom code with both organizations and service providers.  The RSA Cloud Trust Authority will make it easier for organizations to adopt cloud computing and will give cloud service providers the opportunity to deliver classes of applications that previously would be off-limits due to security or compliance concerns.

"Today, enterprises wanting to leverage one or more cloud service providers have to create secure access methods, establish compliance measurement and data controls and solve a number of other security challenges," said Drew Simonis, group information security officer with Willis Group Holdings, plc. "The complexity and cost of establishing trusted relationships with each provider erodes the value of cloud computing by slowing down the ability to provision new providers as part of the total IT portfolio. The approach RSA is taking with the RSA Cloud Trust Authority holds promise for changing that by creating an intermediary for hosted security and compliance services and will move the burden of establishing trusted cloud computing from the customer to the cloud."

"The fundamental value of the RSA Cloud Trust Authority approach to services providers is that it helps eliminate a key source of friction slowing down adoption of cloud computing -- the requirement to ensure security and compliance across their enterprise IT resources and their outsourced cloud-based resource," said Ken Owens, vice president of security and cloud technology with  Savvis.   "By offering an elegant model for customers to establish trusted relationships with service providers more rapidly, RSA's approach will accelerate the adoption of our services by a wider set of customers for security-sensitive applications."

Cloud Trust Authority Initial Offerings

Identity Service:  Among the highlights of the RSA Cloud Trust Authority's inaugural set of capabilities is its Identity Service.  This service will be powered by VMware's forthcoming Project Horizon, a cloud-based management service with the mission of delivering simple, secure end-user access and provisioning to applications and data across the widest range of end-user devices.  The Identity Service will be designed to enable a customer to manage secure user access and user provisioning to multiple cloud providers via federated single sign-on and directory synchronization.   It will be engineered to enable federated identity management among an enterprise and its cloud service providers, or among multiple cloud service providers themselves with options for strong authentication using RSA SecurID technology.

Compliance Profiling Service: Leveraging the RSA Archer GRC platform, the Compliance Profiling Service will be engineered to enable customers to view the trust profiles of various cloud providers against a set of common benchmarks developed by the Cloud Security Alliance among other security frameworks.  This first-ever cloud compliance solution is a step towards more automated compliance for cloud services.  By providing centralized access to security profiles of various cloud providers against a common benchmark, RSA will make it easier for enterprises to rapidly add capabilities and on-board new cloud service providers, dramatically lowering the barriers to trusted cloud computing.

"Security remains top of mind for organizations that wish to leverage the public cloud more extensively," said Jim Reavis, executive director of the Cloud Security Alliance.  "The standards and recommendations developed by the Cloud Security Alliance are most effective when they are put into practice by the security industry.  RSA has contributed actively to the Cloud Security Alliance standards and was among the first to embrace the Cloud Security Alliance standards within its products.  With the RSA Cloud Trust Authority, RSA is taking another decisive step towards delivering comprehensive and innovative solutions for securing the cloud.  The approach of delivering cloud security services spanning identity, information, and infrastructure will address key concerns that limit the adoption of the cloud."

The RSA Cloud Trust Authority is part of a more complete portfolio of offerings being created by EMC to simplify the customer journey to cloud computing.  Announced recently, EMC's new Cloud Advisory Service with Cloud Optimizer is a strategic offering by EMC Consulting to assist customers in evaluating workloads for suitability to move to cloud models: private, public and hybrid.  The new service helps customers develop a strategy for optimizing the placement of workloads by looking at three factors -- economics, trust and functionality -- to maximize cost savings and business agility.  Working with the customer, EMC Consulting helps to create a transformational plan including people, process, and technology required for customers to successfully move to a balanced cloud model and experience up to 24 percent savings.

A beta of the RSA Cloud Trust Authority will be available in the second half of 2011, and will include both Identity and Compliance offerings. 

"The Cloud Trust Authority is a very strategic investment area for RSA, one with direct involvement of virtually every technology team across the division.  We will be actively engaging with both enterprises and cloud service providers right away in shaping the future of this solution," said Tom Corn, chief strategy officer with RSA. "Trusted relationships only work with the active engagement of all parties. We see enterprises and service providers as participants in shaping the RSA Cloud Trust Authority.  The beta program will lay the foundation for broad-based rollout of these services."

 

Featured

  • ASIS International and SIA Release “Complexities in the Global Security Market: 2024 Through 2026”

    ASIS International and the Security Industry Association (SIA) – the leading security associations for the security industry – have released ”Complexities in the Global Security Market: 2024 Through 2026”, a new research report that provides insights into the equipment, technologies, and employment of the global security industry, including regional market breakouts. SIA and ASIS partnered with global analytics and advisory firm Omdia to complete the research. Read Now

  • President Biden Issues Executive Order to Bolster U.S Port Cybersecurity

    On Wednesday, President Biden issued an Executive Order to bolster the security of the nation’s ports, alongside a series of additional actions that will strengthen maritime cybersecurity and more Read Now

  • Report: 15 Percent of All Emails Sent in 2023 Were Malicious

    VIPRE Security Group recently released its report titled “Email Security in 2024: An Expert Look at Email-Based Threats”. The 2024 predictions for email security in this report are based on an analysis of over 7 billion emails processed by VIPRE worldwide during 2023. This equates to almost one email for everyone on the planet. Of those, roughly 1 billion (or 15%) were malicious. Read Now

  • ASIS Announces ANSI-Approved Cannabis Security Standard

    ASIS International, a leading authority in security standards and guidelines, proudly announces the release of a pioneering American National Standards Institute (ANSI)-approved standard dedicated to cannabis security. This best-in-class standard, meticulously developed by industry experts, sets a new benchmark by providing comprehensive requirements and guidance for the design, implementation, monitoring, evaluation, and maintenance of a cannabis security program. Read Now

Featured Cybersecurity

Whitepapers

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3