Fi-Tek Selects RSA to Help Meet Multi-Factor Authentication Compliance Requirements

RSA, The Security Division of EMC (NYSE: EMC) announced that Fi-Tek, LLC (www.fi-tek.com) has deployed the RSA® Adaptive Authentication platform to help enable TrustPortal™ online wealth management customers to meet U.S. Office of the Comptroller of the Currency (OCC) compliance mandates that require strong authentication to help prevent identity theft. The OCC charters, regulates, and supervises all national banks and also supervises the federal branches and agencies of foreign banks.

TrustPortal™ is Fi-Tek's flagship hosted solution for fully-integrated wealth management, providing a suite of products to more than 135 financial services institutions that collectively hold more than $100 billion in combined trust assets. RSA Adaptive Authentication replaces an in-house user name and strong password solution with necessary multi-factor authentication controls designed to protect Fi-Tek customers from online fraud.

"In addition to meeting OCC compliance, choosing RSA Adaptive Authentication above our own developed solution has enabled us to focus on our core business - further developing the TrustPortal™ for the benefit of our customers," said Ramsey El-Fakir, CIO at Fi-Tek. "What's more, it enables our customers to reassure their customers that their wealth management solutions are compliant with industry regulations. Without multi-factor authentication many of them would be unable to continue offering these critical services."

RSA Adaptive Authentication is engineered to provide secure and convenient access to online accounts using a Software-as-a-Service (SaaS) model. It provides Fi-Tek's customers with enhanced user validation by assigning a unique risk score to each user's activity based on key indicators including device identification, geo-location, and behavioral profiling. When high-risk policies are triggered through the RSA® Risk Engine, TrustPortal™ users can be prompted for additional credentials such as challenge/response questions. According to El-Fakir, "RSA technology gives our customers confidence that they can conduct their business securely using our services. We also knew that they would have no problems accepting RSA Adaptive Authentication as a best-in-class security solution as many of them - already existing customers of RSA - recommended it to us. As we move to a full software-as-a-service business offering, we are confident RSA's own software-as-a-service technology will continue to meet our clients' security needs."

The Fi-Tek TrustPortal™ provides a full suite of products, including investment management with electronic trade execution, compliance, administration, accounting, operations, automated account review and extensive web-based report engines. RSA Adaptive Authentication has been deployed to provide secure access to Client Internet Access™, a TrustPortal™ report engine, where customers are able to view their account details online, keep track of recent activity, see the current value of their assets, and view their latest account statements.

"Consumers will conduct more financial transactions on the Internet if they feel more secure. With RSA Adaptive Authentication in place, well over one hundred financial institutions using Fi-Tek TrustPortal™ will gain an extra level of assurance and confidence that their customers' financial assets and personal information will be better protected," said Tom Corn, Vice President of Product Marketing at RSA, The Security Division of EMC. "The software-as-a-service deployment of RSA Adaptive Authentication is a logical step forward in the evolution of Fi-Tek's security infrastructure that continues to meet its evolving customer needs."

To purchase RSA's products visit http://www.TokenGuard.com

Swiss Environmental Company Taps RSA to Ensure Business Continuity

RSA, The Security Division of EMC (NYSE: EMC) announced that Valorec Services AG, a Swiss environmental and waste services company, has almost quadrupled its deployment of the RSA SecurID® On-Demand Authenticator for secure, remote network access in order to help guarantee business continuity. Valorec previously outfitted RSA SecurID to a smaller group of employees including members of upper management. It decided to ready an expansion of its RSA SecurID deployment as a precaution to help prepare ahead of a potential global H1N1 pandemic scenario which could require anywhere, anytime access for a significantly expanded remote workforce.

"Many of our clients have been taking measures to ensure business continuity during a pandemic and this has been at the top of our agenda because protecting their data is critical to our organization's success," said John Martinussen, Chief Information Officer, Valorec Services. "We upgraded to the newer version of RSA® Authentication Manager to use its business continuity option where user access rights are controlled centrally, making it secure and easy to manage."

The business continuity option within RSA Authentication Manager - the server-side software that powers the RSA SecurID system - allows Valorec to temporarily expand its license to a large number of users. Pre-authorized personnel from departments such as purchasing, control and production will be able to leverage RSA SecurID in order to protect valuable data and help ensure that operations go uninterrupted. To prevent overwhelming the IT help desk during a time when a large number of users require secure network access, an online self-service module can be accessed to request and receive an eight-digit one-time password via simple messaging service (SMS) or email.

According to Patrick Epper, Technical Engineer, Valorec Services, "It is the perfect solution because it requires no physical hardware token or software to be installed on a laptop or smart phone. We simply create a user profile and define the length of time users have access to the network, whether it's a few hours or an entire day. This technology will provide us with a reliable and secure solution in the event of a pandemic."

"With the business continuity option, an enterprise can empower users to manage their RSA SecurID token lifecycles while maintaining compliance to organizational security policies designed to protect identities, information and the infrastructure," said Tom Corn, Vice President of Product Marketing at RSA. "The RSA SecurID On-Demand Authenticator can also open the door to productivity-enhancing applications by making it easier to support a large base of users, partners and vendors that do not access the network frequently enough to justify the issuing of individual credentials."

To purchase RSA's products visit http://www.TokenGuard.com

EMC Offers Portfolio of New Products and Services

EMC, the world leader in information infrastructure solutions (NYSE: EMC), today announced a range of new products, solutions and services designed to enhance the value of the VMware View™ 4 desktop virtualization solutions. These offerings provide organizations with new technology capabilities, along with consulting services and actionable guidance to apply EMC® management and security controls for hosted virtual desktop environments.

Businesses across many industries and government entities are deploying hosted virtual desktops using VMware View solutions to centralize management, improve security, increase operational efficiencies, and address compliance. Centralizing the management of employees' desktop and laptop environments through virtualization and applying security controls such as strong authentication, data loss prevention, security information and event management along with management controls such as server configuration management, helps ensure key company and government assets remain available, shareable and secure.

"VMware View™ fundamentally transforms how desktops are managed within enterprises by enabling them to be delivered as a managed service," said Jocelyn Goldfein, vice president and general manager, Desktop Business Unit, VMware. "Together with EMC, we are enabling a complete set of services along with tested storage, security and management solutions that help enterprises increase agility and accelerate time to value while reducing desktop management costs."

EMC Storage Infrastructure for VMware View™
The combination of EMC® unified storage solutions and VMware View Composer products enables customers to deploy hosted virtual desktops at competitive pricing to traditional desktops while adding operational efficiencies, reducing storage costs, providing higher availability, and increasing flexibility that delivers greater overall business value. Greater efficiencies and cost savings are possible by leveraging additional EMC product features and technologies such as data deduplication and Enterprise Flash Disk drives.

Deploying VMware View on EMC's industry-leading unified storage systems provides a fully optimized infrastructure with high levels of availability and disaster recovery capabilities. Leveraging PC over IP also enables a robust desktop experience for end users.

For businesses and government organizations seeking expertise in leveraging VMware View™ based on EMC information infrastructure and customer deployment best practices, EMC offers comprehensive consulting services that accelerate projects, guarantee outcomes, and integrate VMware and EMC technologies together. An example presented at VMworld 2009 based on a customer project was the intellectual property to integrate VMware View Composer, VMware vCenter™ Site Recovery Manager and EMC Replication technologies - for turnkey disaster recovery for virtualized clients.

"Desktop virtualization holds tremendous promise for improved controls, management and security compared to traditional desktop and laptop environments. Together, EMC and VMware are working to bring the full range of these efficiency, management, agility and security benefits to customers," said Chad Sakac, EMC Vice President, VMware Technology Alliance. "Key examples of this collaboration, including those announced today, will help customers transition to or expand their virtual desktop environments smoothly and with minimal risk."

New Solution from EMC's RSA Security Division
Securing endpoints such as laptops and desktops to reduce security risks such as accidental data loss, theft or inappropriate access to sensitive information and applications is one of the biggest challenges in IT today. Another cornerstone of the new EMC offerings to combat these risks is the RSA® Solution for VMware View, an integrated set of RSA and EMC® Ionix® technologies which, in conjunction with VMware View, enhance management and security of virtualized desktops. As part of the solution, RSA announced the RSA SecurBook™ for VMware View solution, which provides detailed guidance for deploying and administering key security controls in hosted virtual desktop environments. Specifically, the RSA SecurBook solution details how businesses may integrate RSA® Data Loss Prevention (DLP) Endpoint, RSA enVision® technology, RSA® SecurID® authentication and EMC Ionix Server Configuration Manager within a VMware View environment.

"RSA SecurBook for VMware View™ is designed to provide business users with a conceptual guide to think about endpoint security in a hosted virtual desktop environment and can also help bridge the gap between business and security professionals," said Jon Oltsik, Principal Analyst, Enterprise Strategy Group, who authored a new white paper titled Desktop Virtualization Management, and Security. "This type of guidance puts organizations in a position to maximize the operational and security benefits from virtual desktop investments."

Technology capabilities delivered as part of the RSA solution include:

* Ensuring Data Confidentiality: As part of the solution for VMware View, RSA now addresses the risk of sensitive data leakage by delivering integration with the RSA DLP Suite. Specifically, with RSA DLP Endpoint, administrators can configure data detection policies to discover sensitive information and enforce controls across all workstations in the enterprise from a centralized location.
* Monitoring Security Events and Demonstrating Compliance: The RSA enVision security information and event management (SIEM) platform now delivers the ability to monitor user and administrator actions within VMware View. In addition, the RSA enVision platform is designed to monitor and report on the VMware vSphere™ environment to enable organizations to make better security decisions based on more accurate and timely security intelligence.
* Establishing Trusted Identities: RSA SecurID two-factor authentication provides an added layer of security to ensure the right user can access the relevant virtual session and the most sensitive content within the virtual desktop environment. Specifically, RSA SecurID is engineered to integrate with VMware View to enable customers to enforce strong authentication to the VMware View portal and with the VMware ESX Service Console to protect administrative access.

In addition, EMC Ionix Server Configuration Manager (SCM) has been documented in the RSA SecurBook solution to support managing changes and configurations within the VMware View environment. EMC Ionix SCM offers organizations tools to automate the process of identifying configuration changes that violate policy to help reduce security risk. The software is designed to monitor virtual desktops, send automatic alerts, and can remediate configuration problems when systems need to be fine-tuned to ensure compliance or service levels. EMC Ionix SCM combines discovery, policy management, change/remediation, and reporting to increase operational efficiency, decrease costs, and ensure secure, compliant and up-to-date configurations across physical and virtualized desktop and server environments

EMC Consulting and Delivery Expertise
Virtual Desktop Infrastructure services from EMC Consulting offer organizations the ability to decrease the cost of desktop management while improving overall service delivery. These services help clients plan an effective desktop virtualization strategy and architecture, develop business justification for the initiative, determine viability through proof of concept and pilot engagement models and establish enterprise architectures with robust administration and management, hardened security, and business continuity. A virtual desktop infrastructure will provide increased business agility, improve user response time and enable user access from almost any device - in ways not possible with traditional desktop technologies.

To purchase RSA's products visit http://www.TokenGuard.com

New RSA Security Brief Outlines Best Practices for Protecting Enterprise Data

RSA, The Security Division of EMC (NYSE: EMC) today released a new RSA® Security Brief entitled "Identity and Data Protection in the Cloud: Best Practices for Establishing Environments of Trust." This Brief offers guidance and actionable best practices for organizations faced with the challenges of securing identities and data in the cloud. The new RSA Security Brief combines the expertise of top technologists in the field of cloud security to help organizations understand how to build trust relationships to link cloud services, protect against fraud and meet new compliance challenges arising in the cloud.

Authors of the RSA Security Brief include many of the industry's foremost security and virtualization experts from EMC and VMware, including Bret Hartman, Chief Technology Officer of EMC's RSA security division, Dr. Stephen Herrod, Chief Technology Officer and Senior Vice President of R&D for VMware and other senior EMC technologists. In the new Brief, the authors collectively contend that cloud security has vast potential to surpass the levels of information security that are possible today. In the cloud, security protocols can be built into the virtualization layer, not just imposed at the application level where they are typically enforced. By embedding security policies deeper in the technology stack and diffusing them throughout the virtual infrastructure of the cloud, enterprises can establish stronger, smarter security to protect their users and their data.
Establishing Cloud Relationships: Deciding Who to Trust
The RSA Security Brief asserts that many of the technologies, services, methodologies and much of the know-how needed to secure data and user identities in the cloud already exist in the enterprise and need to be strategically extended into the cloud. The main impediment to the cloud becoming a truly ubiquitous services platform is insufficient trust, particularly between the owner-providers of cloud resources and the companies who lease those resources. The authors provide guidance on how organizations can increase trust in cloud environments by agreeing to enforceable standards on cloud performance and security. Furthermore, the Brief presents emerging best practices for managing trust in private clouds.

Fraud Protection: Keeping the Bad Guys Out
Cloud computing is developing alongside a faster growing, fraud-driven "dark cloud." The potential for fraud is a major inhibitor to enterprises and their users in embracing cloud services. Enterprises need to expand their strong authentication and fraud detection capabilities to protect against unauthorized access, phishing, malware and even intellectual property theft. The RSA Security Brief offers specific advice for how to best implement multi-layered, risk-based authentication services and protect against increasingly sophisticated fraudster attacks.

Managing Data Compliance in the Cloud
One of the significant advantages of cloud computing is that the virtualization layer provides unprecedented visibility into just about every activity involved in providing application services. The virtualization layer's highly granular monitoring capabilities can greatly improve reporting processes for auditing and compliance within clouds. Cloud environments do, however, pose some new challenges to ensuring regulatory compliance. The cloud's lack of physical borders can make it difficult to comply with jurisdiction-specific privacy legislation.

The RSA Security Brief offers specific suggestions to improve regulatory compliance, such as importing cloud vendors' logs into security information and event management systems and deploying "data aware" cloud storage platforms that intelligently allocate data in accordance with policies and regulations.

Practitioner Guidance for Data and Identity Protection in Clouds The new RSA Security Brief concludes with recommendations for technology solutions and services that can help security practitioners better protect data and user identities in the cloud. Solutions and services center on Data Center Monitoring and Multi-tenancy, Data Encryption and Tokenization, Federated Identity Management, Strong Risk-based Authentication, Fraud Prevention and Malware Detection, Cloud Event Management and Audit, Data Loss Prevention and Regulatory Compliance.

RSA Security Briefs are designed to provide security leaders with essential guidance on today's most pressing information security risks and opportunities. Each Security Brief is created by a select response team of experts who mobilize across organizations to share specialized knowledge on a critical emerging topic. Offering both big-picture insight and practical technology advice, RSA Security Briefs are vital reading for today's forward-thinking security practitioners. Today's announcement marks the release of RSA's second Security Brief, "Identity and Data Protection in the Cloud: Best Practices for Establishing Environments of Trust".

To purchase RSA's products visit http://www.TokenGuard.com

RSA Announces Services and Solutions for Implementing World-Class Security

RSA, the Security Division of EMC (NYSE: EMC), today announced new consultative and advisory services to help enterprises implement or improve their security operations function to more effectively manage both risk and IT compliance programs. These new consulting and advisory services are based on the deep expertise from EMC Consulting and EMC’s security division RSA, built through 25 years of customer engagements and combined with best practices derived from EMC’s own world-class security operations function.

As cyber threats become more sophisticated and IT systems more complex, large enterprises are examining ways to improve the performance and responsiveness of IT and security operations. Taking a more advanced approach to security operations, while also integrating key IT operations functions, better enables organizations to identify and manage incidents and protect valuable information and IT assets.

To address these issues in large enterprise environments, EMC and its security division, RSA are introducing a comprehensive suite of consulting and advisory services which complement the company’s award-winning security solutions. Together, the services and solutions are engineered to provide customers with a broader set of capabilities to effectively:

* Gather and analyze security data across the enterprise
* Evaluate risk in order to prioritize remediation
* Detect and react to security incidents, including first-line response to incidents
* Monitor the IT environment to ensure effectiveness of security controls
* Report out on security metrics
* Support the organizations' efforts to address IT compliance requirements

“Advanced enterprise risk management spans both periodic IT architecture assessment and proactive management across numerous systems to address the critical security challenges that organizations are facing today,” said Irida Xheneti, Security Services Research Analyst at IDC. “Organizations must think beyond the traditional view of security and understand how broader capabilities contribute to build a more advanced security operations function that can help effectively manage risk and enable an organization to further their business objectives.”

“Taking a broader view of risks – monitoring not just the perimeter but where the data moves and resides whether in the infrastructure or not – and aligning processes across both security and IT operations provides the visibility and control to detect and mitigate information security threats before they impact a business,” said Mischel Kwon, Vice President of Public Sector Security Solutions at RSA, the Security Division of EMC and the former director of the U.S. Computer Emergency Response Team for the Dept. of Homeland Security. “Looking beyond the perimeter and integrating technology such as security information and event management with data loss prevention and integrated feeds for threat, attack and mitigation processes, can also facilitate a quicker response to attacks and swift, effective decision-making. By delivering comprehensive services and solutions that enable an advanced security operations function, RSA is providing customers with the ability to effectively identify and manage information risk.”

New Consulting & Advisory Services for Advanced Security Operations
By drawing on the most comprehensive set of consulting services and solutions, EMC Consulting helps enterprises define, establish and manage a sustainable framework for long-term security and information risk management. The following new consulting & advisory services for Security Operations are available immediately:

* Security Operations Strategy & Assessment: appropriate for customers with established security operations processes, or who are establishing new security operations processes, or customers seeking to advance their capabilities based on industry best practices and current state gap analysis. Provides an actionable set of vendor and product-agnostic recommendations.
* Security Operations Management: appropriate for customers seeking the development of more comprehensive policies, procedures, guidelines and documentation to enhance their security operations function. This also includes operational run-books and workflow that support the ability to run a security operations center / function or incident handling program on a day-to-day basis.
* Security Operations Analysis & Design: appropriate for customers seeking a broad evaluation of security operations requirements and providing a recommended solution design to meet the customer’s objectives for security operations and incident management. It also includes an incident handling framework and next steps for the development of appropriate policies and procedures for security operations.

“Our security solutions are developed from in-depth industry knowledge and understanding of the range of technology that can be applied to clients’ security challenges,” said Sandra Hamilton, Vice President, EMC Consulting. “Today’s security challenges are unprecedented in the context of government and industry regulations, cyber attacks, and compliance requirements and the move toward private cloud. By helping to minimize risks and sustain long-term security frameworks, EMC Consulting empowers clients to achieve their ambitions for business and technology.”

Technology from EMC’s Ionix Portfolio Support Advanced Security Operations
RSA also provides implementation of best-in-class solutions – specifically, the RSA enVision® platform, RSA® Data Loss Prevention Suite and the RSA® FraudActionSM Threat Intelligence service – providing core capabilities needed to deliver advanced security operations. Further, by integrating IT management software from EMC’s Ionix® portfolio into the security operations program – specifically Server Configuration Manager, Network Configuration Manager and Ionix for IT Operations Intelligence – customers are able to more effectively manage the ever-changing landscape of IT compliance requirements globally. Together, these technologies are engineered to provide a robust foundation for instituting, managing and improving a security operations program for risk and compliance.

“Through our combined professional services and solutions portfolio, EMC, together with its RSA Security Division offer unmatched expertise and capabilities to help customers effectively address enterprise security controls in the context of comprehensively addressing IT compliance requirements,” adds Brian Zeman, Vice President of Worldwide Professional Services for RSA, the Security Division of EMC. “More importantly, these services can empower chief security officers to help show their compliance programs really do minimize the risks and associated costs to their business by identifying information security vulnerabilities and threats while gaining greater leverage from investments in other IT systems that are deployed more broadly across the infrastructure.”

To purchase RSA's products visit http://www.TokenGuard.com

Thousands of Developers Benefit From 'Built-In vs. Bolted-On'

RSA, The Security Division of EMC (NYSE:EMC) today announced that thousands of corporate and independent software developers and project leaders worldwide are benefiting from and/or contributing to the RSA™ Share Project online community, which is designed to provide advice and strategies from security experts, as well as no-cost access to technology from RSA. This community is part of the RSA Share Project initiative, created to bring world-class security tools within reach of corporate and independent software developers and project leaders to encourage built-in vs. bolted-on security in products and applications in any industry.

Since launching in April, more than 14,000 unique users have visited the RSA Share Project community to learn and share security best practices. More than 700 users have also become registered members who can actively contribute ideas and content. Developers have downloaded the no-cost versions of the RSA BSAFE® Share encryption toolkit, including the RSA BSAFE Share Adapter, more than 1,500 times. The developers represent various sectors of the IT industry, from information security to financial services to government to consumer products. The RSA BSAFE products are the world's most widely deployed encryption software, and they are available at no-cost through the RSA Share Project to allow project leaders and corporate and independent software developers to integrate world-class encryption into their own commercial and non-commercial applications and products.

"With the RSA Share Project, RSA has developed a simple way to get proven security capabilities out to the global software developer community," said Tom Corn, Vice President of Product Marketing at RSA, The Security Division of EMC. "We've had tremendous success in bringing people into this community and growing our user base in the past six months. The number of registered users and product downloads reflects the increasing need and interest to protect sensitive information, and having access to RSA's industry-leading software at no cost provides a strong foundational platform to do that."

Creative and Practical Uses of RSA BSAFE Share Software
The RSA Share Project is designed to arm developers and their managers with the tools and advice necessary to protect their products and applications. One of the project's biggest advantages is the ability to advance the use of encryption and other data protection in new technology areas. Winners of the first RSA Share Project programming contest for the most creative and practical use of the software used the no-cost RSA BSAFE Share encryption tools to protect information stored in cloud-based service offerings. As cloud and software-as-a-service models become mainstream, providing this kind of security will be critical. Other organizations have integrated the no-cost RSA BSAFE Share encryption tools as part of backup solutions and to examine root certificates. Some have also used RSA BSAFE Share within their own internally-developed and deployed applications. Expanding the security ecosystem in these environments through no-cost tools and developer collaboration is a powerful way of protecting against threats of all kind, and a major goal of the RSA Share Project.

A Vibrant Community Committed to Software Security Assurance
One goal of the RSA Share Project is to promote and build a vibrant community of security-focused engineers, developers and users committed to a higher level of security assurance in their application development projects. The community currently supports extensive developer-to-developer discussions so that new users can learn the products and experienced users can help solve programming issues quickly. Users participate in security discussions, share best practices and provide input on forums, and initial visitors to the site can view the forums and learn more generally about encryption.

"The RSA Share Project supports RSA's vision of building a strong security ecosystem for our customers," added Corn. "Our no-cost software tools are supported by a dedicated engineering team, and our community offers users the ability to exchange ideas."

To purchase RSA's products visit http://www.TokenGuard.com

RSA Executives Offer Seven Guiding Principles to Maximize Megatrends Redefining

Building a systemic security strategy to help organizations better face challenges and exploit opportunities spurred by next generation technology trends was the theme of the opening keynote at the 2009 RSA Conference Europe. In a joint keynote address, Art Coviello and Christopher Young, President and Senior Vice President, respectively, with RSA, The Security Division of EMC (NYSE: EMC), highlighted the need for organizations to develop a systemic security strategy that treats escalating technology trends not as a burden to be lifted, but as an unprecedented opportunity to improve security and build a more secure information infrastructure.

"While technology and information have evolved and grown dramatically over the past 100 years, people's behaviors to cope with this growth have evolved at a much slower pace and our ability to keep up with the complexity foisted upon us is limited," said Art Coviello. "So today, high value is found in taming the complexity so that humans can take full advantage of these dramatic developments and advancements in technology. This is the challenge facing IT organizations around the world."

In the joint keynote address, both EMC executives addressed oncoming trends - data center virtualization, cloud computing, the growth of mobile applications and social computing, for example - that are redefining the way information security is applied. Rather than bucking these trends and ignoring the risks they pose, Coviello and Young encouraged organizations to embrace them and seize the opportunity to build better security into the information infrastructure. To accelerate this shift, they equipped the audience with Seven Guiding Principles encompassing the critical elements required to build an effective information security strategy within today's evolving security landscape.

"Those who choose to embrace the trends will be best positioned to ride the wave of innovation reaping the associated rewards of increased revenues, reduced costs and faster, more flexible infrastructures," said Young. "To do so, we need to rise as an industry to meet next generation trends with a next generation information security strategy."

RSA's Seven Guiding Principles: Building a Systemic Security Strategy
RSA, The Security Division of EMC, asserts that the time is now for enterprise security leaders to define systemic strategies that will not only enable their organizations to effectively secure today's rapidly changing environment, but will also position them to deliver a more secure information infrastructure tomorrow. This system acknowledges independent products, but urges security practitioners to focus on how those products can work together to solve common problems and open up new opportunities.

The following are concrete examples from RSA's own business that exemplify how the Seven Guiding Principles can be implemented:

1. 1. Security must be embedded into the IT Infrastructure - The first principle acknowledges that security should not just be integrated within the infrastructure, it should be embedded within it. This belief is driving major RSA initiatives, including its work together with Cisco. Teams from RSA and Cisco have joined forces to embed data loss prevention into devices such as the Cisco IronPort® email security gateway. RSA and VMware have also engaged in a technology partnership to embed core security controls into the virtual infrastructure to help organizations reduce risk and increase their overall security posture.

2. 2. Develop ecosystems of solutions - Ecosystems must be formed to enable products and services from multiple organizations to work together to solve common security problems. RSA has invested in the RSA eFraudNetwork™ community, an ecosystem created in collaboration with thousands of financial institutions across the globe to spot fraud as it migrates between and among financial institutions on a worldwide scale.

3. 3. Create seamless, transparent security - Making security largely transparent to users and systems that it is designed to protect is critical to bridging the gap between the rate of technological advancement and the ability people have to keep up with it. The goal to create seamless and transparent security was the motivation behind RSA's technology partnership with First Data Corporation, the largest payment processing company in the world. RSA and First Data recently announced a service designed to secure payment card data from merchants by eliminating the need for merchants to store credit card data within IT systems. This service is being built into First Data's payment possessing system, making it seamless and transparent to merchants and their customers.

4. 4. Ensure security controls are correlated and content aware - The average user's access to information is growing exponentially alongside the number of regulations and requirements that govern the protection of that information. In the EMC Critical Incident Response Center (CIRC), security information management is centralized so it can correlate data from information controls such as data loss prevention, identity controls like risk-based authentication, and infrastructure controls such as patch, configuration and vulnerability management systems. This advanced approach to security operations is designed to accelerate how quickly security analysts can get the intelligence required to distinguish a benign security event from something more threatening to the business.

5. 5. Security must be both outside-in and inside-out focused - RSA argues security must include a two-pronged approach that protects both the perimeter (the outside-in) and the information itself (inside-out). Since users are accessing information from a variety of devices inside and outside the network as well as in the cloud, security policy and controls must adhere to information as it moves throughout the information infrastructure.

6. 6. Security has to be dynamic and risk-based - Since they are not bound by rules and regulations, criminals and fraudsters are free to deploy increasingly creative attacks. To battle this reality, organizations need to be positioned to dynamically correlate information from a number of sources and respond to real-time risks related to both infrastructure and information. RSA announced today that it is offering new consultative and advisory services to help enterprises implement or improve their security operations function to more effectively manage both risk and IT compliance programs.

7. 7. Effective security needs to be self-learning - The dynamic nature of IT infrastructures and the malicious attacks launched against them is outpacing the ability of human beings to keep up with their speed and complexity. For this reason, information security strategy must be dynamic and behavior-based. To help support this goal, RSA today also announced it is teaming up with Trend Micro to leverage real-time threat intelligence from the Trend Micro™ Smart Protection Network™ to further enhance capabilities of the RSA FraudAction® service to stop online attacks. The RSA FraudAction service is now tightly connected with the Trend Micro™ Smart Protection Network™ to increase global fraud intelligence on suspicious crimeware - including viruses, spyware, spam and other malware.

To purchase RSA's products visit http://www.TokenGuard.com