Welcome!

Microservices Expo Authors: Elizabeth White, Christopher Keene, Sematext Blog, Liz McMillan, Greg O'Connor

News Feed Item

RSA Chief Art Coviello Calls for Proof, Not Promises to Assure Trust in the Cloud

Industry Must Close "Trust Void" by Giving Control and Visibility of Identities, Information and Infrastructure in the Cloud

SAN FRANCISCO, Feb. 15, 2011 /PRNewswire/ -- RSA® CONFERENCE 2011 -- In his opening keynote at RSA Conference 2011, Art Coviello, Executive Vice President of EMC and Executive Chairman of RSA, The Security Division of EMC (NYSE: EMC), outlined a strategy to close the trust void that holds many organizations back from deploying mission-critical applications in cloud environments.

In both the opening keynote address at RSA Conference and in a new EMC Vision Paper released today, "Proof Not Promises: Creating the Trusted Cloud," EMC challenges conventional thinking by affirming that the cloud can meet the security, compliance and performance conditions of any business process, even those with the strictest regulatory requirements such as PCI. However, actually trusting mission-critical business to the cloud requires the ability to inspect and monitor actual cloud conditions first-hand, not just rely on outside attestations. This can be achieved by rethinking long-standing security beliefs and using existing technologies in creative new ways.

"Establishing control and visibility over clouds is the dominant security challenge preventing organizations from fully leveraging cloud environments today, and it's a fundamental problem that EMC is committed to solving," Coviello said. "The promise is that you CAN achieve safety in the cloud. The promise is that we CAN fundamentally do security differently than we've ever done before. The proof comes when leveraging virtualization technology we can demonstrate control and visibility, the key elements of trust, in cloud environments.

"As with other IT transformations over the decades from mainframes, to client server, to the web, Coviello pointed out that virtualization and cloud computing share the same underlying information security goal of getting the right information to the right people over a trusted infrastructure in a system that can be governed and managed. But in contrast to previous IT shifts, Coviello asserted that, unless properly addressed, the enormous amount of change across the core security dimensions of information, identities and infrastructure can create immense control and visibility challenges.

"Virtualization is the cloud's silver lining because virtualization fuels the cloud's ability to surpass the level of control and visibility that physical IT delivers," Coviello continued. "By consolidating multiple systems on a single platform, organizations gain a centralized control point for managing and monitoring every virtual infrastructure component."

To gain this unparalleled visibility and consolidated control, security in virtual and cloud infrastructure must align to three fundamental attributes:

  1. Security becomes logical and information-centric, defending logical rather than physical boundaries and focusing on the protection of sensitive information and transactions rather than infrastructure.
  2. Security becomes built into infrastructure and applications with security management controls becoming far more automated, essential to enabling security and compliance to work at the speed and scale of the cloud. Achieving this means building security into virtualized components and, by extension, distributing security throughout the cloud.
  3. Security becomes risk-based and adaptive, in which organizations reduce their reliance on static rules and signatures and instead employ real-time analytics to predict threats and proactively adjust to them.

Coviello added, "These three principles can lead us to a heightened level of control and visibility that will create the critical evidence, the proof if you will, that leads to trust. The ability for organizations to inspect and verify conditions first-hand is the highest standard for trust in the cloud. It's a standard based on proof, not promises."

Richard McAniff, VMware Chief Development Officer and Co-President, Products joined Coviello onstage to illustrate several core concepts of a secure, trusted cloud by embedding security controls into the VMware virtual infrastructure. For example, McAniff demonstrated how a combined VMware vShield(TM) technology and RSA® Data Loss Prevention (DLP) solution can automatically enable information classification, discovery and security policy enforcement at the virtual infrastructure layer.

"What this will let organizations do is take an information-centric approach to creating security zones within their infrastructure," McAniff said. "Imagine your infrastructure telling you, 'Here's a suggested zone for PCI, or PII or PHI.' That truly is an intelligent infrastructure. This example reflects a key element of our collaboration with RSA to embed security controls into the virtual infrastructure and automate management to help organizations simplify the setup and operation of secure, trusted clouds."

Additional news from RSA:

  • RSA Establishes RSA(TM) Cloud Trust Authority to Accelerate Cloud Adoption: RSA announced the RSA Cloud Trust Authority, a set of cloud-based services designed to facilitate secure and compliant relationships among organizations and multiple cloud service providers. By enabling visibility and control over identities, information and infrastructure, the RSA Cloud Trust Authority will foster the trust and confidence necessary for organizations to more fully adopt cloud computing for business-critical applications and sensitive information.
  • RSA Launches Industry's First End-to-End Incident Management Solution: RSA today announced the RSA(TM) Solution for Security Incident Management, the industry's first automated solution that helps CISOs visualize and prioritize the growing number of security threats while minimizing the time-consuming manual investigation processes. The new solution is designed to enable security analysts to focus on the security risks most likely to impact business objectives with more complete information to manage the resolution of those incidents.

EMC's vision paper, "Proof not Promises: Creating the Trusted Cloud," is co-authored by Pat Gelsinger, President and Chief Operating Officer, EMC Information Infrastructure Products; Howard D. Elias, President and Chief Operating Officer, EMC Information Infrastructure and Cloud Services; Arthur W. Coviello, Jr., Executive Vice President, EMC Corporation and Executive Chairman, RSA, The Security Division of EMC; and Richard McAniff, Chief Development Officer and Co-President, Products, VMware.

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

This release contains "forward-looking statements" as defined under the Federal Securities Laws. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) adverse changes in general economic or market conditions; (ii) delays or reductions in information technology spending; (iii) our ability to protect our proprietary technology; (iv) risks associated with managing the growth of our business, including risks associated with acquisitions and investments and the challenges and costs of integration, restructuring and achieving anticipated synergies; (v) competitive factors, including but not limited to pricing pressures and new product introductions; (vi) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (vii) component and product quality and availability; (viii) the transition to new products, the uncertainty of customer acceptance of new product offerings and rapid technological and market change; (ix) insufficient, excess or obsolete inventory; (x) war or acts of terrorism; (xi) the ability to attract and retain highly qualified employees; (xii) fluctuating currency exchange rates; (xiii) litigation that we may be involved in; and (xiv) other one-time events and other important factors disclosed previously and from time to time in the filings of EMC Corporation, the parent company of RSA, with the U.S. Securities and Exchange Commission. EMC and RSA disclaim any obligation to update any such forward-looking statements after the date of this release.

RSA, RSA Data Loss Prevention and RSA Solution for Security Incident Management are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. VMware and VMware vShield are registered trademarks and/or trademarks of VMware, Inc. in the United States and/or other jurisdictions. All other products and/or services referenced are trademarks of their respective companies.

Get RSA News from RSA Conference:

www.rsa.com/rsaconference2011

SOURCE EMC Corporation

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@MicroservicesExpo Stories
SYS-CON Events announced today that Isomorphic Software will exhibit at DevOps Summit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Isomorphic Software provides the SmartClient HTML5/AJAX platform, the most advanced technology for building rich, cutting-edge enterprise web applications for desktop and mobile. SmartClient combines the productivity and performance of traditional desktop software with the simp...
Thomas Bitman of Gartner wrote a blog post last year about why OpenStack projects fail. In that article, he outlined three particular metrics which together cause 60% of OpenStack projects to fall short of expectations: Wrong people (31% of failures): a successful cloud needs commitment both from the operations team as well as from "anchor" tenants. Wrong processes (19% of failures): a successful cloud automates across silos in the software development lifecycle, not just within silos.
Node.js and io.js are increasingly being used to run JavaScript on the server side for many types of applications, such as websites, real-time messaging and controllers for small devices with limited resources. For DevOps it is crucial to monitor the whole application stack and Node.js is rapidly becoming an important part of the stack in many organizations. Sematext has historically had a strong support for monitoring big data applications such as Elastic (aka Elasticsearch), Cassandra, Solr, S...
SYS-CON Events announced today that 910Telecom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Housed in the classic Denver Gas & Electric Building, 910 15th St., 910Telecom is a carrier-neutral telecom hotel located in the heart of Denver. Adjacent to CenturyLink, AT&T, and Denver Main, 910Telecom offers connectivity to all major carriers, Internet service providers, Internet backbones and ...
As the world moves toward more DevOps and Microservices, application deployment to the cloud ought to become a lot simpler. The Microservices architecture, which is the basis of many new age distributed systems such as OpenStack, NetFlix and so on, is at the heart of Cloud Foundry - a complete developer-oriented Platform as a Service (PaaS) that is IaaS agnostic and supports vCloud, OpenStack and AWS. Serverless computing is revolutionizing computing. In his session at 19th Cloud Expo, Raghav...
Monitoring of Docker environments is challenging. Why? Because each container typically runs a single process, has its own environment, utilizes virtual networks, or has various methods of managing storage. Traditional monitoring solutions take metrics from each server and applications they run. These servers and applications running on them are typically very static, with very long uptimes. Docker deployments are different: a set of containers may run many applications, all sharing the resource...
It's been a busy time for tech's ongoing infatuation with containers. Amazon just announced EC2 Container Registry to simply container management. The new Azure container service taps into Microsoft's partnership with Docker and Mesosphere. You know when there's a standard for containers on the table there's money on the table, too. Everyone is talking containers because they reduce a ton of development-related challenges and make it much easier to move across production and testing environm...
DevOps at Cloud Expo, taking place Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long dev...
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
DevOps at Cloud Expo – being held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Am...

Modern organizations face great challenges as they embrace innovation and integrate new tools and services. They begin to mature and move away from the complacency of maintaining traditional technologies and systems that only solve individual, siloed problems and work “well enough.” In order to build...

The post Gearing up for Digital Transformation appeared first on Aug. 26, 2016 01:30 PM EDT  Reads: 1,452

Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addres...
Cloud Expo 2016 New York at the Javits Center New York was characterized by increased attendance and a new focus on operations. These were both encouraging signs for all involved in Cloud Computing and all that it touches. As Conference Chair, I work with the Cloud Expo team to structure three keynotes, numerous general sessions, and more than 150 breakout sessions along 10 tracks. Our job is to balance the state of enterprise IT today with the trends that will be commonplace tomorrow. Mobile...
The following fictional case study is a composite of actual horror stories I’ve heard over the years. Unfortunately, this scenario often occurs when in-house integration teams take on the complexities of DevOps and ALM integration with an enterprise service bus (ESB) or custom integration. It is written from the perspective of an enterprise architect tasked with leading an organization’s effort to adopt Agile to become more competitive. The company has turned to Scaled Agile Framework (SAFe) as ...
SYS-CON Events announced today that eCube Systems, a leading provider of middleware modernization, integration, and management solutions, will exhibit at @DevOpsSummit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. eCube Systems offers a family of middleware evolution products and services that maximize return on technology investment by leveraging existing technical equity to meet evolving business needs. ...
To leverage Continuous Delivery, enterprises must consider impacts that span functional silos, as well as applications that touch older, slower moving components. Managing the many dependencies can cause slowdowns. See how to achieve continuous delivery in the enterprise.
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - comp...
This is a no-hype, pragmatic post about why I think you should consider architecting your next project the way SOA and/or microservices suggest. No matter if it’s a greenfield approach or if you’re in dire need of refactoring. Please note: considering still keeps open the option of not taking that approach. After reading this, you will have a better idea about whether building multiple small components instead of a single, large component makes sense for your project. This post assumes that you...
A company’s collection of online systems is like a delicate ecosystem – all components must integrate with and complement each other, and one single malfunction in any of them can bring the entire system to a screeching halt. That’s why, when monitoring and analyzing the health of your online systems, you need a broad arsenal of different tools for your different needs. In addition to a wide-angle lens that provides a snapshot of the overall health of your system, you must also have precise, ...
19th Cloud Expo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterpri...