Click here to close now.


Microservices Expo Authors: Carmen Gonzalez, Pat Romanski, Elizabeth White, Blue Box Blog, Liz McMillan

News Feed Item

RSA Chief Art Coviello Calls for Proof, Not Promises to Assure Trust in the Cloud

Industry Must Close "Trust Void" by Giving Control and Visibility of Identities, Information and Infrastructure in the Cloud

SAN FRANCISCO, Feb. 15, 2011 /PRNewswire/ -- RSA® CONFERENCE 2011 -- In his opening keynote at RSA Conference 2011, Art Coviello, Executive Vice President of EMC and Executive Chairman of RSA, The Security Division of EMC (NYSE: EMC), outlined a strategy to close the trust void that holds many organizations back from deploying mission-critical applications in cloud environments.

In both the opening keynote address at RSA Conference and in a new EMC Vision Paper released today, "Proof Not Promises: Creating the Trusted Cloud," EMC challenges conventional thinking by affirming that the cloud can meet the security, compliance and performance conditions of any business process, even those with the strictest regulatory requirements such as PCI. However, actually trusting mission-critical business to the cloud requires the ability to inspect and monitor actual cloud conditions first-hand, not just rely on outside attestations. This can be achieved by rethinking long-standing security beliefs and using existing technologies in creative new ways.

"Establishing control and visibility over clouds is the dominant security challenge preventing organizations from fully leveraging cloud environments today, and it's a fundamental problem that EMC is committed to solving," Coviello said. "The promise is that you CAN achieve safety in the cloud. The promise is that we CAN fundamentally do security differently than we've ever done before. The proof comes when leveraging virtualization technology we can demonstrate control and visibility, the key elements of trust, in cloud environments.

"As with other IT transformations over the decades from mainframes, to client server, to the web, Coviello pointed out that virtualization and cloud computing share the same underlying information security goal of getting the right information to the right people over a trusted infrastructure in a system that can be governed and managed. But in contrast to previous IT shifts, Coviello asserted that, unless properly addressed, the enormous amount of change across the core security dimensions of information, identities and infrastructure can create immense control and visibility challenges.

"Virtualization is the cloud's silver lining because virtualization fuels the cloud's ability to surpass the level of control and visibility that physical IT delivers," Coviello continued. "By consolidating multiple systems on a single platform, organizations gain a centralized control point for managing and monitoring every virtual infrastructure component."

To gain this unparalleled visibility and consolidated control, security in virtual and cloud infrastructure must align to three fundamental attributes:

  1. Security becomes logical and information-centric, defending logical rather than physical boundaries and focusing on the protection of sensitive information and transactions rather than infrastructure.
  2. Security becomes built into infrastructure and applications with security management controls becoming far more automated, essential to enabling security and compliance to work at the speed and scale of the cloud. Achieving this means building security into virtualized components and, by extension, distributing security throughout the cloud.
  3. Security becomes risk-based and adaptive, in which organizations reduce their reliance on static rules and signatures and instead employ real-time analytics to predict threats and proactively adjust to them.

Coviello added, "These three principles can lead us to a heightened level of control and visibility that will create the critical evidence, the proof if you will, that leads to trust. The ability for organizations to inspect and verify conditions first-hand is the highest standard for trust in the cloud. It's a standard based on proof, not promises."

Richard McAniff, VMware Chief Development Officer and Co-President, Products joined Coviello onstage to illustrate several core concepts of a secure, trusted cloud by embedding security controls into the VMware virtual infrastructure. For example, McAniff demonstrated how a combined VMware vShield(TM) technology and RSA® Data Loss Prevention (DLP) solution can automatically enable information classification, discovery and security policy enforcement at the virtual infrastructure layer.

"What this will let organizations do is take an information-centric approach to creating security zones within their infrastructure," McAniff said. "Imagine your infrastructure telling you, 'Here's a suggested zone for PCI, or PII or PHI.' That truly is an intelligent infrastructure. This example reflects a key element of our collaboration with RSA to embed security controls into the virtual infrastructure and automate management to help organizations simplify the setup and operation of secure, trusted clouds."

Additional news from RSA:

  • RSA Establishes RSA(TM) Cloud Trust Authority to Accelerate Cloud Adoption: RSA announced the RSA Cloud Trust Authority, a set of cloud-based services designed to facilitate secure and compliant relationships among organizations and multiple cloud service providers. By enabling visibility and control over identities, information and infrastructure, the RSA Cloud Trust Authority will foster the trust and confidence necessary for organizations to more fully adopt cloud computing for business-critical applications and sensitive information.
  • RSA Launches Industry's First End-to-End Incident Management Solution: RSA today announced the RSA(TM) Solution for Security Incident Management, the industry's first automated solution that helps CISOs visualize and prioritize the growing number of security threats while minimizing the time-consuming manual investigation processes. The new solution is designed to enable security analysts to focus on the security risks most likely to impact business objectives with more complete information to manage the resolution of those incidents.

EMC's vision paper, "Proof not Promises: Creating the Trusted Cloud," is co-authored by Pat Gelsinger, President and Chief Operating Officer, EMC Information Infrastructure Products; Howard D. Elias, President and Chief Operating Officer, EMC Information Infrastructure and Cloud Services; Arthur W. Coviello, Jr., Executive Vice President, EMC Corporation and Executive Chairman, RSA, The Security Division of EMC; and Richard McAniff, Chief Development Officer and Co-President, Products, VMware.

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit and

This release contains "forward-looking statements" as defined under the Federal Securities Laws. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) adverse changes in general economic or market conditions; (ii) delays or reductions in information technology spending; (iii) our ability to protect our proprietary technology; (iv) risks associated with managing the growth of our business, including risks associated with acquisitions and investments and the challenges and costs of integration, restructuring and achieving anticipated synergies; (v) competitive factors, including but not limited to pricing pressures and new product introductions; (vi) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (vii) component and product quality and availability; (viii) the transition to new products, the uncertainty of customer acceptance of new product offerings and rapid technological and market change; (ix) insufficient, excess or obsolete inventory; (x) war or acts of terrorism; (xi) the ability to attract and retain highly qualified employees; (xii) fluctuating currency exchange rates; (xiii) litigation that we may be involved in; and (xiv) other one-time events and other important factors disclosed previously and from time to time in the filings of EMC Corporation, the parent company of RSA, with the U.S. Securities and Exchange Commission. EMC and RSA disclaim any obligation to update any such forward-looking statements after the date of this release.

RSA, RSA Data Loss Prevention and RSA Solution for Security Incident Management are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. VMware and VMware vShield are registered trademarks and/or trademarks of VMware, Inc. in the United States and/or other jurisdictions. All other products and/or services referenced are trademarks of their respective companies.

Get RSA News from RSA Conference:

SOURCE EMC Corporation

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@MicroservicesExpo Stories
Containers are all the rage among developers and web companies, but they also represent two very substantial benefits to larger organizations. First, they have the potential to dramatically accelerate the application lifecycle from software builds and testing to deployment and upgrades. Second they represent the first truly hybrid-approach to consuming infrastructure, allowing organizations to run the same workloads on any cloud, virtual machine or physical server. Together, they represent a ver...
SYS-CON Events announced today the Containers & Microservices Bootcamp, being held November 3-4, 2015, in conjunction with 17th Cloud Expo, @ThingsExpo, and @DevOpsSummit at the Santa Clara Convention Center in Santa Clara, CA. This is your chance to get started with the latest technology in the industry. Combined with real-world scenarios and use cases, the Containers and Microservices Bootcamp, led by Janakiram MSV, a Microsoft Regional Director, will include presentations as well as hands-on...
As operational failure becomes more acceptable to discuss within the software industry, the necessity for holding constructive, actionable postmortems increases. But most of what we know about postmortems from "pop culture" isn't actually relevant for the software systems we work on and within. In his session at DevOps Summit, J. Paul Reed will look at postmortem pitfalls, techniques, and tools you'll be able to take back to your own environment so they will be able to lay the foundations for h...
It is with great pleasure that I am able to announce that Jesse Proudman, Blue Box CTO, has been appointed to the position of IBM Distinguished Engineer. Jesse is the first employee at Blue Box to receive this honor, and I’m quite confident there will be more to follow given the amazing talent at Blue Box with whom I have had the pleasure to collaborate. I’d like to provide an overview of what it means to become an IBM Distinguished Engineer.
Containers are changing the security landscape for software development and deployment. As with any security solutions, security approaches that work for developers, operations personnel and security professionals is a requirement. In his session at @DevOpsSummit, Kevin Gilpin, CTO and Co-Founder of Conjur, will discuss various security considerations for container-based infrastructure and related DevOps workflows.
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in high-performance, high-efficiency server, storage technology and green computing, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology is a premier provider of advanced server Building Block Solutions® for Data ...
Between the compelling mockups and specs produced by analysts, and resulting applications built by developers, there exists a gulf where projects fail, costs spiral, and applications disappoint. Methodologies like Agile attempt to address this with intensified communication, with partial success but many limitations. In his session at DevOps Summit, Charles Kendrick, CTO and Chief Architect at Isomorphic Software, will present a revolutionary model enabled by new technologies. Learn how busine...
IT data is typically silo'd by the various tools in place. Unifying all the log, metric and event data in one analytics platform stops finger pointing and provides the end-to-end correlation. Logs, metrics and custom event data can be joined to tell the holistic story of your software and operations. For example, users can correlate code deploys to system performance to application error codes.
Achim Weiss is Chief Executive Officer and co-founder of ProfitBricks. In 1995, he broke off his studies to co-found the web hosting company "Schlund+Partner." The company "Schlund+Partner" later became the 1&1 web hosting product line. From 1995 to 2008, he was the technical director for several important projects: the largest web hosting platform in the world, the second largest DSL platform, a video on-demand delivery network, the largest eMail backend in Europe, and a universal billing syste...
If you are new to Python, you might be confused about the different versions that are available. Although Python 3 is the latest generation of the language, many programmers still use Python 2.7, the final update to Python 2, which was released in 2010. There is currently no clear-cut answer to the question of which version of Python you should use; the decision depends on what you want to achieve. While Python 3 is clearly the future of the language, some programmers choose to remain with Py...
When I describe Continuous Delivery to people I generally spend a fair amount of time impressing on them that it is not about tools and technicalities. It is not even about the relationship between developers and operations or product owners and testers. Continuous Delivery is about minimizing the gap between having an idea and getting that idea, in the form of working software, into the hands of users and seeing what they make of it. This vital feedback loop is at the core of not just good deve...
Containers have changed the mind of IT in DevOps. They enable developers to work with dev, test, stage and production environments identically. Containers provide the right abstraction for microservices and many cloud platforms have integrated them into deployment pipelines. DevOps and containers together help companies achieve their business goals faster and more effectively. In his session at DevOps Summit, Ruslan Synytsky, CEO and Co-founder of Jelastic, will review the current landscape of...
There’s no shortage of guides and blog posts available to provide you with best practices in architecting microservices. While all this information is helpful, what doesn’t seem to be available in such a great number are hands-on guidelines regarding how microservices can be scaled. Following a little research and sifting through lots of theoretical discussion, here is how load-balancing microservices is done in practice by the big players.
DevOps is here to stay because it works. Most businesses using this methodology are already realizing a wide range of real, measurable benefits as a result of implementing DevOps, including the breakdown of inter-departmental silos, faster delivery of new features and more stable operating environments. To take advantage of the cloud’s improved speed and flexibility, development and operations teams need to work together more closely and productively. In his session at DevOps Summit, Prashanth...
In a report titled “Forecast Analysis: Enterprise Application Software, Worldwide, 2Q15 Update,” Gartner analysts highlighted the increasing trend of application modernization among enterprises. According to a recent survey, 45% of respondents stated that modernization of installed on-premises core enterprise applications is one of the top five priorities. Gartner also predicted that by 2020, 75% of
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading in...
DevOps Summit, taking place at the Santa Clara Convention Center in Santa Clara, CA, and Javits Center in New York City, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait...
Despite all the talk about public cloud services and DevOps, you would think the move to cloud for enterprises is clear and simple. But in a survey of almost 1,600 IT decision makers across the USA and Europe, the state of the cloud in enterprise today is still fraught with considerable frustration. The business case for apps in the real world cloud is hybrid, bimodal, multi-platform, and difficult. Download this report commissioned by NTT Communications to see the insightful findings – registra...
Saviynt Inc. has announced the availability of the next release of Saviynt for AWS. The comprehensive security and compliance solution provides a Command-and-Control center to gain visibility into risks in AWS, enforce real-time protection of critical workloads as well as data and automate access life-cycle governance. The solution enables AWS customers to meet their compliance mandates such as ITAR, SOX, PCI, etc. by including an extensive risk and controls library to detect known threats and b...
As we increasingly rely on technology to improve the quality and efficiency of our personal and professional lives, software has become the key business differentiator. Organizations must release software faster, as well as ensure the safety, security, and reliability of their applications. The option to make trade-offs between time and quality no longer exists—software teams must deliver quality and speed. To meet these expectations, businesses have shifted from more traditional approaches of d...