Click here to close now.

Welcome!

CloudExpo® Blog Authors: Elizabeth White, Liz McMillan, Pat Romanski, Carmen Gonzalez, JP Morgenthal

News Feed Item

RSA Chief Art Coviello Calls for Proof, Not Promises to Assure Trust in the Cloud

Industry Must Close "Trust Void" by Giving Control and Visibility of Identities, Information and Infrastructure in the Cloud

SAN FRANCISCO, Feb. 15, 2011 /PRNewswire/ -- RSA® CONFERENCE 2011 -- In his opening keynote at RSA Conference 2011, Art Coviello, Executive Vice President of EMC and Executive Chairman of RSA, The Security Division of EMC (NYSE: EMC), outlined a strategy to close the trust void that holds many organizations back from deploying mission-critical applications in cloud environments.

In both the opening keynote address at RSA Conference and in a new EMC Vision Paper released today, "Proof Not Promises: Creating the Trusted Cloud," EMC challenges conventional thinking by affirming that the cloud can meet the security, compliance and performance conditions of any business process, even those with the strictest regulatory requirements such as PCI. However, actually trusting mission-critical business to the cloud requires the ability to inspect and monitor actual cloud conditions first-hand, not just rely on outside attestations. This can be achieved by rethinking long-standing security beliefs and using existing technologies in creative new ways.

"Establishing control and visibility over clouds is the dominant security challenge preventing organizations from fully leveraging cloud environments today, and it's a fundamental problem that EMC is committed to solving," Coviello said. "The promise is that you CAN achieve safety in the cloud. The promise is that we CAN fundamentally do security differently than we've ever done before. The proof comes when leveraging virtualization technology we can demonstrate control and visibility, the key elements of trust, in cloud environments.

"As with other IT transformations over the decades from mainframes, to client server, to the web, Coviello pointed out that virtualization and cloud computing share the same underlying information security goal of getting the right information to the right people over a trusted infrastructure in a system that can be governed and managed. But in contrast to previous IT shifts, Coviello asserted that, unless properly addressed, the enormous amount of change across the core security dimensions of information, identities and infrastructure can create immense control and visibility challenges.

"Virtualization is the cloud's silver lining because virtualization fuels the cloud's ability to surpass the level of control and visibility that physical IT delivers," Coviello continued. "By consolidating multiple systems on a single platform, organizations gain a centralized control point for managing and monitoring every virtual infrastructure component."

To gain this unparalleled visibility and consolidated control, security in virtual and cloud infrastructure must align to three fundamental attributes:

  1. Security becomes logical and information-centric, defending logical rather than physical boundaries and focusing on the protection of sensitive information and transactions rather than infrastructure.
  2. Security becomes built into infrastructure and applications with security management controls becoming far more automated, essential to enabling security and compliance to work at the speed and scale of the cloud. Achieving this means building security into virtualized components and, by extension, distributing security throughout the cloud.
  3. Security becomes risk-based and adaptive, in which organizations reduce their reliance on static rules and signatures and instead employ real-time analytics to predict threats and proactively adjust to them.

Coviello added, "These three principles can lead us to a heightened level of control and visibility that will create the critical evidence, the proof if you will, that leads to trust. The ability for organizations to inspect and verify conditions first-hand is the highest standard for trust in the cloud. It's a standard based on proof, not promises."

Richard McAniff, VMware Chief Development Officer and Co-President, Products joined Coviello onstage to illustrate several core concepts of a secure, trusted cloud by embedding security controls into the VMware virtual infrastructure. For example, McAniff demonstrated how a combined VMware vShield(TM) technology and RSA® Data Loss Prevention (DLP) solution can automatically enable information classification, discovery and security policy enforcement at the virtual infrastructure layer.

"What this will let organizations do is take an information-centric approach to creating security zones within their infrastructure," McAniff said. "Imagine your infrastructure telling you, 'Here's a suggested zone for PCI, or PII or PHI.' That truly is an intelligent infrastructure. This example reflects a key element of our collaboration with RSA to embed security controls into the virtual infrastructure and automate management to help organizations simplify the setup and operation of secure, trusted clouds."

Additional news from RSA:

  • RSA Establishes RSA(TM) Cloud Trust Authority to Accelerate Cloud Adoption: RSA announced the RSA Cloud Trust Authority, a set of cloud-based services designed to facilitate secure and compliant relationships among organizations and multiple cloud service providers. By enabling visibility and control over identities, information and infrastructure, the RSA Cloud Trust Authority will foster the trust and confidence necessary for organizations to more fully adopt cloud computing for business-critical applications and sensitive information.
  • RSA Launches Industry's First End-to-End Incident Management Solution: RSA today announced the RSA(TM) Solution for Security Incident Management, the industry's first automated solution that helps CISOs visualize and prioritize the growing number of security threats while minimizing the time-consuming manual investigation processes. The new solution is designed to enable security analysts to focus on the security risks most likely to impact business objectives with more complete information to manage the resolution of those incidents.

EMC's vision paper, "Proof not Promises: Creating the Trusted Cloud," is co-authored by Pat Gelsinger, President and Chief Operating Officer, EMC Information Infrastructure Products; Howard D. Elias, President and Chief Operating Officer, EMC Information Infrastructure and Cloud Services; Arthur W. Coviello, Jr., Executive Vice President, EMC Corporation and Executive Chairman, RSA, The Security Division of EMC; and Richard McAniff, Chief Development Officer and Co-President, Products, VMware.

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

This release contains "forward-looking statements" as defined under the Federal Securities Laws. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) adverse changes in general economic or market conditions; (ii) delays or reductions in information technology spending; (iii) our ability to protect our proprietary technology; (iv) risks associated with managing the growth of our business, including risks associated with acquisitions and investments and the challenges and costs of integration, restructuring and achieving anticipated synergies; (v) competitive factors, including but not limited to pricing pressures and new product introductions; (vi) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (vii) component and product quality and availability; (viii) the transition to new products, the uncertainty of customer acceptance of new product offerings and rapid technological and market change; (ix) insufficient, excess or obsolete inventory; (x) war or acts of terrorism; (xi) the ability to attract and retain highly qualified employees; (xii) fluctuating currency exchange rates; (xiii) litigation that we may be involved in; and (xiv) other one-time events and other important factors disclosed previously and from time to time in the filings of EMC Corporation, the parent company of RSA, with the U.S. Securities and Exchange Commission. EMC and RSA disclaim any obligation to update any such forward-looking statements after the date of this release.

RSA, RSA Data Loss Prevention and RSA Solution for Security Incident Management are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. VMware and VMware vShield are registered trademarks and/or trademarks of VMware, Inc. in the United States and/or other jurisdictions. All other products and/or services referenced are trademarks of their respective companies.

Get RSA News from RSA Conference:

www.rsa.com/rsaconference2011

SOURCE EMC Corporation

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@CloudExpo Stories
The consumption economy is here and so are cloud applications and solutions that offer more than subscription and flat fee models and at the same time are available on a pure consumption model, which not only reduces IT spend but also lowers infrastructure costs, and offers ease of use and availability. In their session at 15th Cloud Expo, Ermanno Bonifazi, CEO & Founder of Solgenia, and Ian Khan, Global Strategic Positioning & Brand Manager at Solgenia, discussed this shifting dynamic with an ...
Due of the rise of Hadoop, many enterprises are now deploying their first small clusters of 10 to 20 servers. At this small scale, the complexity of operating the cluster looks and feels like general data center servers. It is not until the clusters scale, as they inevitably do, when the pain caused by the exponential complexity becomes apparent. We've seen this problem occur time and time again. In his session at Big Data Expo, Greg Bruno, Vice President of Engineering and co-founder of StackI...
Once the decision has been made to move part or all of a workload to the cloud, a methodology for selecting that workload needs to be established. How do you move to the cloud? What does the discovery, assessment and planning look like? What workloads make sense? Which cloud model makes sense for each workload? What are the considerations for how to select the right cloud model? And how does that fit in with the overall IT transformation?
You use an agile process; your goal is to make your organization more agile. But what about your data infrastructure? The truth is, today's databases are anything but agile - they are effectively static repositories that are cumbersome to work with, difficult to change, and cannot keep pace with application demands. Performance suffers as a result, and it takes far longer than it should to deliver new features and capabilities needed to make your organization competitive. As your application an...
17th Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises a...
The recent trends like cloud computing, social, mobile and Internet of Things are forcing enterprises to modernize in order to compete in the competitive globalized markets. However, enterprises are approaching newer technologies with a more silo-ed way, gaining only sub optimal benefits. The Modern Enterprise model is presented as a newer way to think of enterprise IT, which takes a more holistic approach to embracing modern technologies.
SYS-CON Events announced today that SUSE, a pioneer in open source software, will exhibit at SYS-CON's DevOps Summit 2015 New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. SUSE provides reliable, interoperable Linux, cloud infrastructure and storage solutions that give enterprises greater control and flexibility. More than 20 years of engineering excellence, exceptional service and an unrivaled partner ecosystem power the products and support that help ...
Move from reactive to proactive cloud management in a heterogeneous cloud infrastructure. In his session at 16th Cloud Expo, Manoj Khabe, Innovative Solution-Focused Transformation Leader at Vicom Computer Services, Inc., will show how to replace a help desk-centric approach with an ITIL-based service model and service-centric CMDB that’s tightly integrated with an event and incident management platform. Learn how to expand the scope of operations management to service management. He will al...
There's no doubt that the Internet of Things is driving the next wave of innovation. Google has spent billions over the past few months vacuuming up companies that specialize in smart appliances and machine learning. Already, Philips light bulbs, Audi automobiles, and Samsung washers and dryers can communicate with and be controlled from mobile devices. To take advantage of the opportunities the Internet of Things brings to your business, you'll want to start preparing now.
In a world of ever-accelerating business cycles and fast-changing client expectations, the cloud increasingly serves as a growth engine and a path to new business models. Dynamic clouds enable businesses to continuously reinvent themselves, adapting their business processes, their service and software delivery and their operations to achieve speed-to-market and quick response to customer feedback. As the cloud evolves, the industry has multiple competing cloud technologies, offering on-premises ...
As the world moves from DevOps to NoOps, application deployment to the cloud ought to become a lot simpler. However, applications have been architected with a much tighter coupling than it needs to be which makes deployment in different environments and migration between them harder. The microservices architecture, which is the basis of many new age distributed systems such as OpenStack, Netflix and so on is at the heart of CloudFoundry – a complete developer-oriented Platform as a Service (PaaS...
T-Mobile has been transforming the wireless industry with its “Uncarrier” initiatives. Today as T-Mobile’s IT organization works to transform itself in a like manner, technical foundations built over the last couple of years are now key to their drive for more Agile delivery practices. In his session at DevOps Summit, Martin Krienke, Sr Development Manager at T-Mobile, will discuss where they started their Continuous Delivery journey, where they are today, and where they are going in an effort ...
SAP is delivering break-through innovation combined with fantastic user experience powered by the market-leading in-memory technology, SAP HANA. In his General Session at 15th Cloud Expo, Thorsten Leiduck, VP ISVs & Digital Commerce, SAP, discussed how SAP and partners provide cloud and hybrid cloud solutions as well as real-time Big Data offerings that help companies of all sizes and industries run better. SAP launched an application challenge to award the most innovative SAP HANA and SAP HANA...
There is no question that the cloud is where businesses want to host data. Until recently hypervisor virtualization was the most widely used method in cloud computing. Recently virtual containers have been gaining in popularity, and for good reason. In the debate between virtual machines and containers, the latter have been seen as the new kid on the block – and like other emerging technology have had some initial shortcomings. However, the container space has evolved drastically since coming on...
P2P RTC will impact the landscape of communications, shifting from traditional telephony style communications models to OTT (Over-The-Top) cloud assisted & PaaS (Platform as a Service) communication services. The P2P shift will impact many areas of our lives, from mobile communication, human interactive web services, RTC and telephony infrastructure, user federation, security and privacy implications, business costs, and scalability. In his session at @ThingsExpo, Robin Raymond, Chief Architect...
The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential. The DevOps Summit at Cloud Expo – to be held June 3-5, 2015, at the Javits Center in New York City – will expand the DevOps community, enable a wide...
The web app is Agile. The REST API is Agile. The testing and planning are Agile. But alas, Data infrastructures certainly are not. Once an application matures, changing the shape or indexing scheme of data often forces at best a top down planning exercise and at worst includes schema changes which force downtime. The time has come for a new approach that fundamentally advances the agility of distributed data infrastructures. Come learn about a new solution to the problems faced by software orga...
Cloud Expo, Inc. has announced today that Andi Mann returns to DevOps Summit 2015 as Conference Chair. The 4th International DevOps Summit will take place on June 9-11, 2015, at the Javits Center in New York City. "DevOps is set to be one of the most profound disruptions to hit IT in decades," said Andi Mann. "It is a natural extension of cloud computing, and I have seen both firsthand and in independent research the fantastic results DevOps delivers. So I am excited to help the great team at ...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at Internet of @ThingsExpo, James Kirkland, Chief Ar...
Container technology is sending shock waves through the world of cloud computing. Heralded as the 'next big thing,' containers provide software owners a consistent way to package their software and dependencies while infrastructure operators benefit from a standard way to deploy and run them. Containers present new challenges for tracking usage due to their dynamic nature. They can also be deployed to bare metal, virtual machines and various cloud platforms. How do software owners track the usag...