One of the areas of focus for the company’s new offering will be to help IT organizations ensure their virtualization and private cloud projects are secure and comply with all applicable governance requirements.
Branden Williams, senior director of security consulting with EMC’s RSA security division, said that up until now, the majority of virtual machines in deployment have been in non-mission critical, production environments. He said that many companies currently lack the understanding and the comfort level necessary to deal with virtualization and private clouds.
“Companies have not pushed virtualization for mission-critical and production environments because they’re worried about security,” he said.
With its virtualization-focused services, RSA’s consultants will take a vendor neutral approach and examine how policies and configurations are set up in both the physical and virtual environment. The company is also working on an offering specific to desktop virtualization security, Williams said.
James Quin, a senior research analyst covering security for London, Ont.-based Info-Tech Research Group Ltd., said EMC’s heavy focus on virtual and cloud infrastructure is a wise move and one that many big vendors — like IBM Corp. and HP Co. — have been increasingly focused on.
“The biggest stumbling block for companies has been around this issue of security and compliance in the cloud,” Quin said. “There’s no maturity on that area.”
He said that with most companies primarily concerned with the functionality aspects of their private cloud rollouts, security and compliance concerns have gone virtually unnoticed.
“The vendor that can come to market with a really good story on truly delivering security for the cloud has a big advantage in this market,” Quin said.
The new RSA offering will also address issues outside of virtualization.
RSA’s new Policy Driven Management service, which will assist organizations in meeting standards and compliance regulations, is based on its recent acquisition of Archer Technologies. The deal was officially unveiled last month and will bring Archer’s governance, risk and compliance software to RSA.
Rounding out its security consulting services, RSA will also protect against fraud and identity-based attacks with a service that provides recommendations for mitigating IT risks. With this offering, RSA consultants will literally go into an organization, look at their financial statements and attempt to reduce the financial losses due to fraud by a certain percentage, Williams said.
With its consulting services, EMC will address a market that it hasn’t been very active in, Williams said.
Following its acquisition of RSA in 2006, the company failed to build up its security consulting services as much as it would have liked, he said. But with the economy getting better and more IT shops having to deal with virtualization and the regulatory compliance issues that go along with it, the time might be right for EMC to increase its focus in this area.
For Quin, the immaturity of the cloud security market means that EMC should be able to make-up for its late entry into this space. “EMC needs to play a little catch-up here, but they’re not really that far away.” he added.