RSA Delivers Centralized Management of Diverse Credentials to the Enterprise Market

GARTNER IT SECURITY SUMMIT/LONDON, UK - September 18, 2007 -

RSA, The Security Division of EMC (NYSE: EMC), today announced a new version of the RSA® Card Manager solution that is designed to enable enterprises to manage diverse credentials centrally throughout all phases of the credential lifecycle – from issuance to post-issuance management.

RSA SecurID® two-factor authentication customers with existing or planned public key infrastructure (PKI) applications can now manage their full set of credentials from a single management platform, regardless of their mix of one-time passwords, digital certificates and form factors. With more than 30 million RSA SecurID authenticators shipped to date, and the growing use of PKI-enabled applications, the newest capabilities of RSA Card Manager are both timely and relevant for businesses in every sector.

Diverse Credentials Bolster Security but Pose Management Challenge

The need for credentials of various types – one-time passwords, digital certificates, usernames/passwords – continues to evolve as enterprises seek more efficient and cost-effective ways of securing a growing number of applications as well as the exponential explosion in business data. As companies, particularly those in highly-regulated industries, seek to bolster security via digital signing, secure email, secure transactions and hard disk encryption, they are considering a mix of credentials to serve the wide-ranging needs and risk levels across disparate user populations. Enterprises are seeking to put the most appropriate credentials in the hands of each user – and this matching of credential type with risk level is critical to an enterprise’s overall security posture.

“Enterprises are able to tap more of their potential by strengthening security through the use of diverse credentials,” said Christopher Young, Vice President and General Manager, Identity and Access Assurance Group at RSA, The Security Division of EMC. “However, with a mix of credentials comes a serious management challenge: the security value offered by those credentials can be significantly undermined by inefficient, disjointed administration. Unified management of an enterprise’s full mix of credential types across the entire credential lifecycle is essential to mitigating security risk.”

New Functionality Engineered to Enable Unified Management of Mixed Credentials

Building on proven functionality, the new release of RSA Card Manager is designed to bring centralized management of diverse credentials to the enterprise. Now fully integrated with RSA® Authentication Manager – the power behind RSA SecurID two-factor authentication – RSA Card Manager is newly built to issue and manage RSA SecurID credentials, including RSA SecurID hardware authenticators and software tokens installed on smart cards.

For enterprises, this new functionality means they can now tightly manage their credentials, whatever the current or future mix may be, from a single management platform. RSA Card Manager is designed to equip enterprise security managers to administer every phase of the credential lifecycle centrally, enabling them to efficiently:

This close management of an enterprise’s full set of credentials closes the security gaps that are created when changes to the business – or to a user’s status – outpace the ability to update credentials to reflect those changes. For example, a user whose employment is suddenly terminated may have access to critical, confidential information and that access may be governed by various types of credentials on one or more devices. The speed with which all of those credentials can be revoked will significantly help lower the risk borne by the enterprise when such changes occur.

U.S. Federal Government’s HSPD-12 Initiative Influences Highly Regulated Enterprises

HSPD-12, a directive driving U.S. federal government employees and contractors to use a smart card for both physical and logical access, has not only substantially changed credentialing in the federal market, but is also influencing the credential management strategies of some large enterprises. In addition to enterprises that contract with the federal government and must therefore comply with HSPD-12, enterprises in highly regulated industries such as financial services, banking, healthcare, and biotechnology, are recognizing a need to establish trusted identities with managed credentials for physical and logical access. As they look for systems with established and secure technology, and proven credentialing workflows, the HSPD-12 / FIPS-201 standard offers an excellent model. As RSA SecurID two-factor authentication is widely deployed in these vertical industries, the new release of RSA Card Manager is highly relevant to their overall credential management strategies.

Availability

The new version of the RSA Card Manager solution is available beginning September 2007. For more information, please visit www.rsa.com/rsacardmanager.