RSA 2012: EMC Offers New Security And Risk Management Services

The consulting division of EMC has stepped into the security arena with five new risk management advisory services.

The services are designed to help customers secure their data while meeting various regulatory and compliance requirements.

End-to-end services

EMC Consulting would offer customers end-to-end services designed to handle compliance requirements while considering each organization’s unique set of business needs, the company announced 29 February at the RSA Conference in San Francisco. The new security managed advisory services will be delivered as part of the EMC Consulting portfolio.

Virtualisation, cloud computing, mobile and the emergence of big data applications have dramatically altered how organisations create, deliver and manage information, according to EMC. The openness of information within these new environments can significantly increase an organisation’s risk. These new security and risk management advisory services are also intended to boost customer confidence about the security of its data.

Businesses are “being forced to make their information resources easily available to authenticated users anytime, anywhere,” said Tom Roloff, COO of EMC Consulting.

To help organisations cope with the “unprecedented levels of security, risk and compliance challenges and threats,” EMC’s new services offer different capabilities that fall under the broad governance, risk and compliance (GRC) umbrella.

Trusted Cloud Advisory Services provide visibility into the organisation’s private and public cloud infrastructure, as well as offering some control over the environment. Information Governance Advisory Services provides visibility into high-value information, such as where it is stored, who has access to it and how it is stored. Governance, Risk and Compliance Advisory Services identify, analyse, manage and mitigate risks.

Fraud and Identity Management Advisory Services protect sensitive information while allowing trusted identities to freely and securely interact with online systems. Fraud and Identity Management would increase organisational efficiency, improve customer satisfaction and control costs, according to EMC. Organisations would be able to understand evolving cyber-threats while making sure the data remained protected.

Compliance questions

As more organisations grapple with the issue of allowing employee-owned mobile devices in the enterprise, there are a lot of questions about the risks they pose and how existing compliance rules apply. Mobile Device Security Advisory Services mitigate risks associated with allowing mobile devices to access sensitive data and resources by extending existing enterprise security policies and control over the mobile devices.

The services offer organisations with an “ideal remedy to lock down access control and identify IT infrastructure security gaps before they become problematic, or worse, irrevocably damaging,” said Chris Christiansen, an analyst with IDC.

“Security culpability is no longer the responsibility of just the CISO [chief information security officer],” IDC’s Christiansen said.

Traditionally, security offerings from EMC have fallen under the banner of the company’s RSA Security business, while EMC handles data storage technology itself.

EMC Consulting does have a GRC practice, and the new services are an extension of the products and services offered by the consulting division and RSA, according to EMC. Enterprises can transition from reactive security methods to a proactive security approach with these services.

“By combining these new security and risk management services with RSA’s expanding product portfolio, EMC’s security proposition has never been stronger,” said Branden Williams, CTO of marketing at RSA Security.

EMC is not the first enterprise storage vendor to invest heavily in security services. HP has an Enterprise Security Division and IBM launched its IBM Security Solutions just a few months ago. Dell and Hitachi Data Storage have also made security moves with Secureworks and HitachiID.

RSA Executive Chairman Arthur Coviello said during the opening keynote 27 February that organisations have to shift their security strategies to identify and manage risks. It is not possible to never be compromised, but it is possible to reduce what can be breached and also to minimise what can be successfully stolen, Coviello told attendees.

How well do you know Internet security? Try our quiz and find out!