Complex Security, Risk and Compliance Challenges Require 'Air Traffic Control' for the Information Infrastructure

By Emc Corporation, PRNE
Monday, October 11, 2010

Top Executives at EMC's RSA Security Division Outline Security Management System to Span Physical, Virtual and Cloud Environments

LONDON, October 12, 2010 - RSA(R) Conference Europe 2010 — Building a systematic strategy to help
organizations efficiently and reliably manage security across physical,
virtual and cloud infrastructures was the theme of the opening keynote at
RSA(R) Conference Europe 2010 delivered by top executives from RSA, The
Security Division of EMC (NYSE: EMC).

In a joint keynote address, RSA President Art Coviello and RSA Chief
Operating Officer Tom Heiser outlined a compelling vision and real world
strategy demonstrating how security organizations can take advantage of the
opportunities enabled by virtualization and cloud computing to build "air
traffic control systems for information security" to achieve more secure,
compliant and manageable information infrastructures.

"The security industry does not have a system that integrates people,
process and individual security controls that can be managed with the same
kind of correlated, contextual and comprehensive view used by the aviation
industry to guarantee the safety of our airways," said Art Coviello,
President, RSA, The Security Division of EMC. "Information security
management needs to function as a system capable of effectively and
efficiently managing our information infrastructures providing visibility,
manageability and control across all three domains — physical, virtual and
cloud. We need a system that enables us to close the gaps of protection and
apply controls in a more holistic, systemic manner, centralizing management
not just for some vendor controls, but for all."

In the joint keynote address, both EMC executives addressed the
challenges IT teams face as a result of siloed, inefficient and ineffective
point tool approaches to administering and enforcing security policy across
hybrid IT infrastructures. Coviello and Heiser also detailed three layers,
working in concert required to achieve the vision of a successful 'air
traffic control system' for information security:

    1. A Controls Enforcement Layer which is the point of security detection
       enforcement across the infrastructure. In an ideal environment, many
       controls are embedded directly into IT infrastructure such as
       operating systems and networks, providing ubiquitous coverage without
       deploying and managing hundreds of point tools.
    2. A Controls Management Layer where organizations can provision and
       monitor security controls. Establishing this layer offers the
       opportunity to consolidate numerous security consoles.
    3. A Security Management Layer where policies are defined that govern the
       organization and information infrastructure based on compliance
       requirements, best practices and the nature of risk. This is also the
       layer where events and alerts from controls across the infrastructure
       come together and are correlated to assess compliance and remediate as
       necessary. This visibility layer is about bringing together what were
       once isolated technologies, inputs and feeds, into a single platform
       or framework, the same as an air traffic control system.

"In the end the goal is to simplify management and enhance alignment
between the security team responsible for defining security policy and the
operations team charged with implementing that policy," said Tom Heiser,
Chief Operations Officer for RSA, The Security Division of EMC. "By
integrating these technologies, systems and feeds we enable a holistic
approach to risk management and compliance; a single view to the most
important security and compliance elements across the entire IT environment.
In effect, we've built our version of air traffic control for the traditional
information infrastructure."

The executives then detailed how this same approach could be used as
organizations journey to the cloud, leveraging virtualization to deliver
better security by providing a single point of visibility and coordination
for physical, virtual and cloud assets. They provided two examples of air
control capabilities in cloud environments. The first referenced a RSA,
VMWare and Intel technology demonstration that leverages Intel's Trusted
Execution Technology and the RSA Archer(R) Enterprise Governance, Risk and
Compliance platform designed to create a chain of trust from the processor
through the hypervisor and to the operating system. This capability is
engineered to make it possible to actually verify that virtual applications
are running on infrastructure that has not been compromised by malware. The
second example described a new technology demonstration that now leverages
Intel's TXT processor, VMWare vCenter and the RSA Archer eGRC platform
designed to control and manage geographic location of VMs. This technology is
engineered to enable policy based restrictions preventing sensitive data and
processes in the cloud from travelling to unauthorized locations.

Information regarding additional RSA announcements can be found at

About RSA

RSA, The Security Division of EMC, is the premier provider of security,
risk and compliance management solutions for business acceleration. RSA helps
the world's leading organizations succeed by solving their most complex and
sensitive security challenges. These challenges include managing
organizational risk, safeguarding mobile access and collaboration, proving
compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption &
key management (,
SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC
capabilities and robust consulting services, RSA brings visibility and trust
to millions of user identities, the transactions that they perform and the
data that is generated. For more information, please visit

RSA. Archer and EMC are either registered trademarks or trademarks of EMC
Corporation in the United States and/or other countries. All other products
and/or services referenced are trademarks of their respective companies.

This release contains "forward-looking statements" as defined under the
Federal Securities Laws. Actual results could differ materially from those
projected in the forward-looking statements as a result of certain risk
factors, including but not limited to: (i) adverse changes in general
economic or market conditions; (ii) delays or reductions in information
technology spending; (iii) our ability to protect our proprietary technology;
(iv) risks associated with managing the growth of our business, including
risks associated with acquisitions and investments and the challenges and
costs of integration, restructuring and achieving anticipated synergies; (v)
competitive factors, including but not limited to pricing pressures and new
product introductions; (vi) the relative and varying rates of product price
and component cost declines and the volume and mixture of product and
services revenues; (viii) component and product quality and availability;
(viii) the transition to new products, the uncertainty of customer acceptance
of new product offerings and rapid technological and market change; (ix)
insufficient, excess or obsolete inventory; (x) war or acts of terrorism;
(xi) the ability to attract and retain highly qualified employees; (xii)
fluctuating currency exchange rates; (xiv) litigation that we may be involved
in; and (xiii) other one-time events and other important factors disclosed
previously and from time to time in the filings of EMC Corporation, the
parent company of RSA, with the U.S. Securities and Exchange Commission. EMC
and RSA disclaim any obligation to update any such forward-looking statements
after the date of this release.

Jenn McManus-Goode of RSA, +1-781-515-6313, jennifer.mcmanus at; or Kerry Walker, OutCast Communications, +1-339-244-4089, kerry at

will not be displayed