EMC Unveils Five Managed GRC Services

As the line between storage and security continue to blur, EMC's consulting arm is launching an advisory service focused on governance, risk and compliance.

SAN FRANCISCO €” EMC's consulting division is stepping into the security arena with five new risk management advisory services to help customers secure their data while meeting various regulatory and compliance requirements.

EMC Consulting would offer customers end-to-end services designed to handle compliance requirements while considering each organization's unique set of business needs, the company announced Feb. 29 at the RSA Conference in San Francisco. The new security managed advisory services will be delivered as part of the EMC Consulting portfolio.

Virtualization, cloud computing, mobile and the emergence of big data applications have dramatically altered how organizations create, deliver and manage information, according to EMC. The openness of information within these new environments can significantly increase an organization's risk. These new security and risk management advisory services are also intended to boost customer confidence about the security of its data.

Businesses are €œbeing forced to make their information resources easily available to authenticated users anytime, anywhere,€ said Tom Roloff, COO of EMC Consulting.

To help organizations cope with the €œunprecedented levels of security, risk and compliance challenges and threats,€ EMC's new services offer different capabilities that fall under the broad governance, risk and compliance (GRC) umbrella.

Trusted Cloud Advisory Services provide visibility into the organization's private and public cloud infrastructure, as well as offering some control over the environment. Information Governance Advisory Services provides visibility into high-value information, such as where it is stored, who has access to it and how it is stored. Governance, Risk and Compliance Advisory Services identify, analyze, manage and mitigate risks.

Fraud and Identity Management Advisory Services protect sensitive information while allowing trusted identities to freely and securely interact with online systems. Fraud and Identity Management would increase organizational efficiency, improve customer satisfaction and control costs, according to EMC. Organizations would be able to understand evolving cyber-threats while making sure the data remained protected.

As more organizations grapple with the issue of allowing employee-owned mobile devices in the enterprise, there are a lot of questions about the risks they pose and how existing compliance rules apply. Mobile Device Security Advisory Services mitigate risks associated with allowing mobile devices to access sensitive data and resources by extending existing enterprise security policies and control over the mobile devices.

The services offer organizations with an €œideal remedy to lock down access control and identify IT infrastructure security gaps before they become problematic, or worse, irrevocably damaging,€ said Chris Christiansen, an analyst with IDC.

"Security culpability is no longer the responsibility of just the CISO [chief information security officer],€ IDC's Christiansen said.

Traditionally, security offerings from EMC have fallen under the banner of the company€™s RSA Security business, while EMC handles data storage technology itself.

EMC Consulting does have a GRC practice, and the new services are an extension of the products and services offered by the consulting division and RSA, according to EMC. Enterprises can transition from reactive security methods to a proactive security approach with these services.

€œBy combining these new security and risk management services with RSA's expanding product portfolio, EMC's security proposition has never been stronger," said Branden Williams, CTO of marketing at RSA Security.

EMC is not the first enterprise storage vendor to invest heavily in security services. HP has an Enterprise Security Division and IBM launched its IBM Security Solutions just a few months ago. Dell and Hitachi Data Storage have also made security moves with Secureworks and HitachiID.

RSA Executive Chairman Arthur Coviello said during the opening keynote Feb. 27 that organizations have to shift their security strategies to identify and manage risks. It is not possible to never be compromised, but it is possible to reduce what can be breached and also to minimize what can be successfully stolen, Coviello told attendees.