It’s Technology Tuesday yet again, and I wanted to cover the latest news around EMC’s security arm, RSA. RSA had a lot of attention in 2011, mostly around their SecureID breach, but it gave them an opportunity to step back and focus on where the next move would take them. Last month, RSA Security executives announced that that move would focus on three key areas, anti-threat, mobility and cloud security. We’ve seen RSA partner with hardware manufacturers before (anyone look at their Wii? There’s a nice RSA logo on the console), so partnering with one of the most dynamic hardware industries is a very smart move for the EMC folks.
RSA, which is part of EMC, is looking to create solutions for personal mobile devices that separate personal and corporate data, and improve authentication to content accessed through those devices. If you remember, VMware has its own Horizon for mobile devices that allowed for a virtual instance on mobile phones to segregate corporate applications from personal data. This seems like a natural addition to that project (conveniently all EMC components are used).
So how would RSA get involved in something such as mobile phones? Well, it seems that the goal is to include features such as biometrics, geolocation and behavioral patterns in their authentication model (SecurID) and embed it into the mobile phones since they are an item commonly carried with users. They are working with chip makers to use this authentication to protect secrets including passwords and encryption keys at a hardware level so if the device is compromized, it won’t be accessible to attackers.
A side benefit would be that the anti-threat efforts will give businesses visibility in device usage and can be used for information-sharing efforts with government agencies and organizations such as ISAC (Information Sharing and Analysis Centers). The problem is that the amount of data created from this type of initative would require a heavy-duty engine for processing big data. Oh wait, doesn’t EMC own Greenplum for that?
RSA has also been busy with their cloud effort, such as project Pegasus which is dedicated to moving their current projects to a cloud environment to be offered as services. This will no doubt translate to RSA as being part of the key security backbone of service provider infrastructure (we already know that their enVision platform is one of the few SIEM tools able to get the right visibility in virtual environments) and a welcome addition to the VCE vBlock architecture.
Personally, I am happy to see RSA come back with a vengeance. They always had solid products and took quite a hit when it came to SecureID, so re-emerging as a solid cloud security option (and ideally part of the vBlock solution) would be a welcome addition.