RSA Announces Identity And Compliance Profiling Services For The Cloud

Services go into beta in the second half of this year, followed by cloud data protection, compliance verification

SAN FRANCISCO, CA -- RSA Conference 2011 -- RSA, the security division of EMC, today launched the Cloud Trust Authority -- a series of cloud security and compliance services starting with two initial offerings, Identity Service and Compliance Profiling Services.
Access control and authentication and data protection are often cited as hurdles for enterprises looking to cloud services to take advantage of reduced operational and capital expenses and increase business agility. Organizations are concerned about issues such as loss of control and enforcing corporate risk and compliance policies as they migrate portions of their IT infrastructure to the public cloud and their users consume SaaS-based cloud applications.
Cloud providers, in turn, are increasingly expected to prove adherence to control standards as a condition of doing business.
As more and more enterprises start to consume more and more services from the cloud, one of the challenges is creating trusted relationships between providers and enterprises, says Brian FitzGerald, vice president of marketing for RSA. Theres a lot of cost and complexity that can slow down the ability to provision each new provider.
The Identity Service provides federated identity and single sign-on (SSO) to major cloud providers through synchronization with corporate directories and federation standards, such as SAML. Enterprise users log on once to access both internal resources and cloud services based on their access and authorization levels defined in Active Directory or other user stores. Identity Service acts as the trusted broker between the enterprise and supported cloud providers, such as Salesforce.com, SuccessFactors, Google Apps, WebEx, and Box.net.
Multifactor authentication is also an option with RSAs SecurID.
Identity Service is based on technology from TriCipher, which was acquired last year by VMware. TriCiphers TACS appliance and myOneLogin SaaS service provide federation, SSO, and strong authentication for thousands of cloud and internal applications.
I think its a good approach, says IDC analyst Sally Hudson. Whats most appealing is the central view and central point of management and automation, combined with a secure identity-driven trust platform.
The Compliance Profiling Services use the RSA Archer eGRC platform and are based on the Cloud Security Alliances Consensus Assessments Initiative Questionnaire (CAIQ). The questionnaires are a tool for enterprises and/or auditors to evaluate a cloud providers security program based on best practices and control specifications, as well as for vendor self-assessment. RSA will use the CAIQ format to assess cloud providers and make the resulting trust profiles available to service subscribers. The central repository will enable enterprises to evaluate and compare prospective providers.
Our surveys show 85 percent of all identity and access and management purchases in 2010 were driven by the need for compliance, IDCs Hudson says. Compliance regulations are getting more intricate, and anything enterprises can do speed the process is good.
Both RSA services will be launch in beta programs in the second half of this year. They are expected to be followed by other services, such as data protection in the cloud and compliance verification leveraging RSA Solution for Cloud Security and Compliance, which uses a dashboard based on RSA Archer to assess security and compliance posture across their VMware virtual infrastructure.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
RSA Announces Identity And Compliance Profiling Services For The Cloud