RSA Chief Calls For Proof, Not Promises To Assure Trust In Cloud Computing

In his opening keynote at RSA Conference 2011, Art Coviello, executive vice president of EMC and executive chairman of RSA, The Security Division of EMC, outlined a strategy to close the trust void that holds many organizations back from deploying mission-critical applications in cloud environments.

In both the opening keynote address at RSA Conference and in a new EMC Vision Paper released today, "Proof Not Promises: Creating the Trusted Cloud," EMC challenges conventional thinking by affirming that the cloud can meet the security, compliance and performance conditions of any business process, even those with the strictest regulatory requirements such as PCI.  However, actually trusting mission-critical business to the cloud requires the ability to inspect and monitor actual cloud conditions first-hand, not just rely on outside attestations.  This can be achieved by rethinking long-standing security beliefs and using existing technologies in creative new ways.

"Establishing control and visibility over clouds is the dominant security challenge preventing organizations from fully leveraging cloud environments today, and it's a fundamental problem that EMC is committed to solving," Coviello said.  "The promise is that you can achieve safety in the cloud.  The promise is that we can fundamentally do security differently than we've ever done before.  The proof comes when leveraging virtualization technology we can demonstrate control and visibility, the key elements of trust, in cloud environments.

"As with other IT transformations over the decades from mainframes, to client server, to the web, Coviello pointed out that virtualization and cloud computing share the same underlying information security goal of getting the right information to the right people over a trusted infrastructure in a system that can be governed and managed.  But in contrast to previous IT shifts, Coviello asserted that, unless properly addressed, the enormous amount of change across the core security dimensions of information, identities and infrastructure can create immense control and visibility challenges. 

"Virtualization is the cloud's silver lining because virtualization fuels the cloud's ability to surpass the level of control and visibility that physical IT delivers," Coviello continued.  "By consolidating multiple systems on a single platform, organizations gain a centralized control point for managing and monitoring every virtual infrastructure component."

To gain this unparalleled visibility and consolidated control, security in virtual and cloud infrastructure must align to three fundamental attributes:

1. Security becomes logical and information-centric, defending logical rather than physical boundaries and focusing on the protection of sensitive information and transactions rather than infrastructure.

2. Security becomes built into infrastructure and applications with security management controls becoming far more automated, essential to enabling security and compliance to work at the speed and scale of the cloud.  Achieving this means building security into virtualized components and, by extension, distributing security throughout the cloud.

3. Security becomes risk-based and adaptive, in which organizations reduce their reliance on static rules and signatures and instead employ real-time analytics to predict threats and proactively adjust to them.

Coviello added, "These three principles can lead us to a heightened level of control and visibility that will create the critical evidence, the proof if you will, that leads to trust.  The ability for organizations to inspect and verify conditions first-hand is the highest standard for trust in the cloud.  It's a standard based on proof, not promises."

Richard McAniff, VMware Chief Development Officer and Co-President, Products joined Coviello onstage to illustrate several core concepts of a secure, trusted cloud by embedding security controls into the VMware virtual infrastructure. For example, McAniff demonstrated how a combined VMware vShield technology and RSA Data Loss Prevention (DLP) solution can automatically enable information classification, discovery and security policy enforcement at the virtual infrastructure layer.

"What this will let organizations do is take an information-centric approach to creating security zones within their infrastructure," McAniff said. "Imagine your infrastructure telling you, 'Here's a suggested zone for PCI, or PII or PHI.'  That truly is an intelligent infrastructure. This example reflects a key element of our collaboration with RSA to embed security controls into the virtual infrastructure and automate management to help organizations simplify the setup and operation of secure, trusted clouds."


 

Featured

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services
  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.