RSA Executives Offer Seven Guiding Principles To Maximize Megatrends Redefining the Information Security Industry

RSA Executives Offer Seven Guiding Principles To Maximize Megatrends
Redefining the Information Security Industry
Leaders From EMC's Security Division Urge Audience at 2009 RSA(R) Conference
Europe to Embrace Trends and Seize Opportunities to Provide Better Security

LONDON, Oct. 20 /PRNewswire/ -- RSA® CONFERENCE EUROPE 2009 -- Building a
systemic security strategy to help organizations better face challenges and
exploit opportunities spurred by next generation technology trends was the
theme of the opening keynote at the 2009 RSA Conference Europe.  In a joint
keynote address, Art Coviello and Christopher Young, President and Senior Vice
President, respectively, with RSA, The Security Division of EMC (NYSE: EMC),
highlighted the need for organizations to develop a systemic security strategy
that treats escalating technology trends not as a burden to be lifted, but as
an unprecedented opportunity to improve security and build a more secure
information infrastructure.


"While technology and information have evolved and grown dramatically over the
past 100 years, people's behaviors to cope with this growth have evolved at a
much slower pace and our ability to keep up with the complexity foisted upon
us is limited," said Art Coviello. "So today, high value is found in taming
the complexity so that humans can take full advantage of these dramatic
developments and advancements in technology.  This is the challenge facing IT
organizations around the world."


In the joint keynote address, both EMC executives addressed oncoming trends --
data center virtualization, cloud computing, the growth of mobile applications
and social computing, for example -- that are redefining the way information
security is applied.  Rather than bucking these trends and ignoring the risks
they pose, Coviello and Young encouraged organizations to embrace them and
seize the opportunity to build better security into the information
infrastructure.  To accelerate this shift, they equipped the audience with
Seven Guiding Principles encompassing the critical elements required to build
an effective information security strategy within today's evolving security
landscape.


"Those who choose to embrace the trends will be best positioned to ride the
wave of innovation reaping the associated rewards of increased revenues,
reduced costs and faster, more flexible infrastructures," said Young. "To do
so, we need to rise as an industry to meet next generation trends with a next
generation information security strategy."


RSA's Seven Guiding Principles:  Building a Systemic Security Strategy


RSA, The Security Division of EMC, asserts that the time is now for enterprise
security leaders to define systemic strategies that will not only enable their
organizations to effectively secure today's rapidly changing environment, but
will also position them to deliver a more secure information infrastructure
tomorrow.  This system acknowledges independent products, but urges security
practitioners to focus on how those products can work together to solve common
problems and open up new opportunities.


The following are concrete examples from RSA's own business that exemplify how
the Seven Guiding Principles can be implemented:


    1. Security must be embedded into the IT Infrastructure -- The first
       principle acknowledges that security should not just be integrated
within
       the infrastructure, it should be embedded within it. This belief is
       driving major RSA initiatives, including its work together with Cisco. 
       Teams from RSA and Cisco have joined forces to embed data loss
prevention
       into devices such as the Cisco IronPort® email security gateway.  RSA
       and VMware have also engaged in a technology partnership to embed core
       security controls into the virtual infrastructure to help organizations
       reduce risk and increase their overall security posture.
    2. Develop ecosystems of solutions -- Ecosystems must be formed to enable
       products and services from multiple organizations to work together to
       solve common security problems.  RSA has invested in the RSA
       eFraudNetwork(TM) community, an ecosystem created in collaboration with
       thousands of financial institutions across the globe to spot fraud as
it
       migrates between and among financial institutions on a worldwide scale.
    3. Create seamless, transparent security -- Making security largely
       transparent to users and systems that it is designed to protect is
       critical to bridging the gap between the rate of technological
       advancement and the ability people have to keep up with it.  The goal
to
       create seamless and transparent security was the motivation behind
RSA's
       technology partnership with First Data Corporation, the largest payment
       processing company in the world.  RSA and First Data recently announced
a
       service designed to secure payment card data from merchants by
       eliminating the need for merchants to store credit card data within IT
       systems.  This service is being built into First Data's payment
       possessing system, making it seamless and transparent to merchants and
       their customers.
    4. Ensure security controls are correlated and content aware -- The
average
       user's access to information is growing exponentially alongside the
       number of regulations and requirements that govern the protection of
that
       information.  In the EMC Critical Incident Response Center (CIRC),
       security information management is centralized so it can correlate data
       from information controls such as data loss prevention, identity
controls
       like risk-based authentication, and infrastructure controls such as
       patch, configuration and vulnerability management systems.  This
advanced
       approach to security operations is designed to accelerate how quickly
       security analysts can get the intelligence required to distinguish a
       benign security event from something more threatening to the business.
    5. Security must be both outside-in and inside-out focused -- RSA argues
       security must include a two-pronged approach that protects both the
       perimeter (the outside-in) and the information itself (inside-out). 
       Since users are accessing information from a variety of devices inside
       and outside the network as well as in the cloud, security policy and
       controls must adhere to information as it moves throughout the
       information infrastructure.
    6. Security has to be dynamic and risk-based -- Since they are not bound
by
       rules and regulations, criminals and fraudsters are free to deploy
       increasingly creative attacks.  To battle this reality, organizations
       need to be positioned to dynamically correlate information from a
number
       of sources and respond to real-time risks related to both
infrastructure
       and information. RSA will announce this week that it is offering new
       consultative and advisory services to help enterprises implement or
       improve their security operations function to more effectively manage
       both risk and IT compliance programs.

    7. Effective security needs to be self-learning -- The dynamic nature of
IT
       infrastructures and the malicious attacks launched against them is
       outpacing the ability of human beings to keep up with their speed and
       complexity.  For this reason, information security strategy must be
       dynamic and behavior-based.   To help support this goal, RSA today also
       announced it is teaming up with Trend Micro to leverage real-time
       intelligence of spyware, viruses, spam and other data generated by
their
       Trend Micro's Threat Resource centers.  To increase endpoint protection
       for RSA® FraudAction(sm) Anti-Trojan Service customers, this vital
       information is now being ported directly to the RSA® Anti-Fraud Command
       Center.





About RSA


RSA, The Security Division of EMC, is the premier provider of security
solutions for business acceleration, helping the world's leading organizations
succeed by solving their most complex and sensitive security challenges. RSA's
information-centric approach to security guards the integrity and
confidentiality of information throughout its lifecycle -- no matter where it
moves, who accesses it or how it is used.


RSA offers industry-leading solutions in identity assurance & access control,
data loss prevention, encryption & key management, compliance & security
information management and fraud protection. These solutions bring trust to
millions of user identities, the transactions that they perform, and the data
that is generated. For more information, please visit www.RSA.com and
www.EMC.com.


RSA, eFraud Network and FraudAction are registered trademarks, trademarks or
service marks of RSA Security Inc. in the United States and/or other countries
EMC is a registered trademark of EMC Corporation.  IronPort is a registered
trademark or trademark of Cisco Systems, Inc. and/or its affiliates in the
U.S. and certain other countries.  All other products and/or services are
trademarks of their respective owners.


This release contains "forward-looking statements" as defined under the
Federal Securities Laws.  Actual results could differ materially from those
projected in the forward-looking statements as a result of certain risk
factors, including but not limited to: (i) adverse changes in general economic
or market conditions; (ii) delays or reductions in information technology
spending; (iii) our ability to protect our proprietary technology; (iv) risks
associated with managing the growth of our business, including risks
associated with acquisitions and investments and the challenges and costs of
integration, restructuring and achieving anticipated synergies; (v) 
competitive factors, including but not limited to pricing pressures and new
product introductions; (vi) the relative and varying rates of product price
and component cost declines and the volume and mixture of product and services
revenues; (viii) component and product quality and availability; (viii) the
transition to new products, the uncertainty of customer acceptance of new
product offerings and rapid technological and market change; (ix)
insufficient, excess or obsolete inventory; (x) war or acts of terrorism; (xi)
the ability to attract and retain highly qualified employees; (xii)
fluctuating currency exchange rates; (xiv) litigation that we may be involved
in; and (xiii) other one-time events and other important factors disclosed
previously and from time to time in the filings of EMC Corporation, the parent
company of RSA, with the U.S. Securities and Exchange Commission.  EMC and RSA
disclaim any obligation to update any such forward-looking statements after
the date of this release.


SOURCE  EMC Corporation

Kerry Walker of Outcast Communications, +1-617-201-7494, kerry@outcastpr.com,
for EMC Corporation; or Kevin Kempskie of RSA, The Security Division of EMC,
+1-781-515-5915, kevin.kempskie@rsa.com