EMC: Vendor cooperation key to data security

Harmony on security policy key to data security

The cool reception from Wall Street this summer after EMC’s announcement that it would buy RSA Security had EMC executives feeling a bit flummoxed -- like the guy who elopes, only to find out that his friends didn’t like his girlfriend to begin with.

EMC’s stock fell 3 percent following the announcement, and in talks with analysts and reporters about the $2.1 billion deal, CEO Joe Tucci faced tough questions about the price his company paid for RSA and EMC’s overall strategy . Four months later, EMC’s stock has recovered nicely, and the company is moving forward on efforts to use RSA’s assets to create a common security platform that stretches across all its products. InfoWorld Senior Editor Paul F. Roberts checked in recently with Dennis Hoffman, vice president and general manager of the Enterprise Solutions Business Unit at RSA, the Security Division of EMC, to see how things are going.

InfoWorld: You headed up EMC’s security group prior to the RSA purchase. How is your strategy different now?

The interesting thing is that there’s no difference in the strategy before and after. We made some broad conclusions and built a plan around that. We saw information security, as a market, colliding with information management. The only thing that took a lot of time was sorting out what were the salient parts of the information-security industry for that strategy. When we did that, we carved out what turned out to be the vast majority of the security revenues. We said, “We’re not part-interested in anti-virus, firewall, IPS, and IDS systems. That’s yesterday’s security battle.” Everyone paying attention to what’s in the news: people losing information and data breaches that are exposed in the public eye.

Dennis Hoffman:

IW: You’ve said RSA’s technology will become a common authentication platform for EMC’s products. How far off is that vision?

DH: Those services -- authentication services, authorization services, auditing services -- are all being delivered into the base EMC platforms throughout 2007 as part of delivery of the common security platform. It will all start during the middle of next year, and it will just depend on when various releases get on the train.

IW: How do you get true security without better platform security from companies like Microsoft? How do developments in Redmond affect what EMC and RSA do?

DH: They’re certainly interrelated. In fact, I just got off the phone with the general manager of the Windows Security Business just before our call. We’re talking about ways the two companies can partner more deeply and better than we have historically. As an industry we’ve been obsessed with the idea of “perfect security” for a long time. It doesn’t exist. Perfect security is called business discontinuance. You turn off the company and then everything is secure. We’ve learned with our adaptive authentication products that as banks seek to protect the identities of their own consumers, they’ve found that the mathematically correct, rigidly correct security isn’t the right kind for them.

I don’t think that any of us in the rest of the stack -- Microsoft at the operating system level ... Cisco at the network, and EMC at the storage and information layer -- can stand and throw rocks at each other or wait for the other guy to get perfect before we can do anything.

We have an obligation in our part of the world, lower in stack and in our hardware, to secure them and enable a more infocentric form of security in what we do. Hopefully we’ll closely partner with the Microsofts and Ciscos to do that.

IW: How might those partnerships look?

DH: I’m not going to foreshadow the things we’re in talks about, because they’re not finished. At the highest level, we all need to be able to do a better job speaking security policy and exchanging policies with one another. We have close partnerships today with ... Cisco and Microsoft. Ideally, if someone wants to create a policy in the network to protect data in flight, when that data rests on a storage device, we should be able to support that policy.

When something is established by a user at the desktop and traverses Cisco networking equipment to be stored and managed as information within the EMC infrastructure, that’s where the collaborations ultimately have to happen.

Copyright © 2006 IDG Communications, Inc.

How to choose a low-code development platform