RSA Comes Up with New Security, Compliance Package for Cloud Providers
On Day One of VMworld 2010, EMC's RSA security arm on Aug. 30 introduced a new integrated security and compliance package designed expressly for multitenant cloud computing.
RSA Solution for Cloud Security and Compliance is aimed at managing security, risk and regulatory compliance of cloud infrastructures--multitenant or otherwise--and to decrease customer uneasiness about deploying virtualized business-critical applications.
"Historically, it's been hard for a [cloud computing] enterprise to say to the business, 'Look, this shared infrastructure is secure, it's auditable, and we've followed all of VMware's security-hardening guidelines, of which there are 160,'" Chad Sakac, EMC's vice-president of tech alliances with VMware, told eWEEK.
"Even though these are written down in one place and everything's really fluid, and people are working really hard to try and resolve something they are facing, they could tweak [something], and unknowingly in that tweak, they could expose the infrastructure in some way to various security attacks."
RSA Solution for Cloud Security and Compliance features a dashboard-based RSA Archer eGRC (enterprise governance, risk and compliance) platform, Sakac said, which gives organizations an up-to-date assessment of security and compliance across their VMware virtual infrastructures.
RSA Archer allows customers to centrally manage security across both virtual and physical infrastructures, Sakac said. The dashboard integrates with a library of more than 100 VMware-specific controls--including administrative authentication--that connect directly to the latest versions of global regulations, such as PCI-DSS and HIPAA.
Further, the package also integrates with the RSA enVision security information and event management platform to provide a comprehensive assessment of security events from across the enterprise, Sakac said.
"Security is a top concern organizations have about moving critical business applications to the cloud," said Jon Oltsik, principal analyst at the Enterprise Strategy Group.
"Even with all the benefits cloud computing provides, CIOs will continue to be wary until there is a way to manage security and compliance with the same level of assurance that is available today with physical data center environments. EMC has made an important first step in addressing this fundamental concern with security in today's growing virtualized and cloud infrastructures."
The RSA Solution for Cloud Security and Compliance will become available in Q4 2010, Sakac said.