New RSA Offering Centralizes and Streamlines Encryption Key Management Throughout the Enterprise

BEDFORD, MA - April 08, 2008 -

• RSA® Key Manager(RKM) for the Datacenter Simplifies Encryption Across Multiple Layers of the IT Stack
• RKM part of the RSA® Data Security System, a Set of integrated Products and Services Designed Around a Holistic Approach for Securing Data

BEDFORD, MA - April 8, 2008

RSA, The Security Division of EMC (NYSE: EMC), today introduced a new offering, RSA^® Key Manager (RKM) for the Datacenter, designed to centralize and streamline encryption key lifecycle management throughout the enterprise.

A fundamental element of the RSA® Data Security System, RKM for the Datacenter is an easy-to-use, centrally administered encryption key management system that can manage encryption keys at the database, file server, and storage layer. It is designed to simplify the deployment and ongoing use of encryption throughout the enterprise and helps ensure that information is properly secured and fully accessible when needed at any point in its information lifecycle.

“Encryption is a powerful control because it stays with data throughout its lifecycle. Many customers have had to deploy multiple types of encryption to address different data security risks across the IT stack.  Unfortunately, multiple point encryption solutions, each with their own approach to encryption key management, increases management complexity and the risk of lost or stolen keys,” said Dennis Hoffman, Vice President and General Manager, Data Security Group and Chief Strategy Officer, RSA, The Security Division of EMC. “Enterprise key management addresses these issues by providing a central management system that helps reduce the cost and complexity associated with point solutions. With the ability to manage and protect encryption keys across multiple encryption solutions across the IT stack, enterprise key management provides security over the long term, essentially opening up the use of encryption, and making it effective for customers now.”

Why Enterprise Key Management

Adopting an enterprise key management system enables customers to adopt an encryption solution that works for them today and expand to other encryption solutions in the future, without having to change their approach to key management. This addresses several customer needs including:

• Vaulting –Store and secure encryption keys and meta data about the encrypted media, to ensure that keys are not compromised and the enterprise will be able to decrypt the data in the future.
• Encryption Key Policy Management- Reduce the complexity of managing encryption by enabling a centralized policy based approach to key management, governing access to keys, sharing of keys, expiration of keys, shredding of keys, and all other aspects of key life cycle management.
• Separation of Duties – Reduce security risks by insuring that the management of encrypted data and the management of encryption keys are maintained as two separate functions within the IT organization.

"The barrage of data-loss incidents going public now is forcing many organizations to rush into encryption technology -- from endpoints, all the way up to the data center," says Phil Hochmuth, an analyst with the Yankee Group. "However, barging ahead with encryption, without a long-term strategy or the tools for proper key deployment and management, invites potential problems such as data inaccessibility or even loss -- which voids the effort of encrypting in the first place."

About RKM for the Datacenter

RSA Key Manager for the Datacenter is designed to provide centralized key management across multiple encryption points in the enterprise including tape/virtual tape, disk, databases, and file systems. The offering is engineered to include:

• RSA Key Manager Server Appliance — a hardware form-factor, pre-configured for central management of encryption keys throughout the enterprise.
• EMC PowerPath^® Encryption with RSA — protects information at rest from unauthorized access or the unauthorized removal of a disk drive or array from a secured environment.
• Connectrix^® MDS Storage Media Encryption (SME) with RSA — a SAN-based solution for encryption to tape or virtual tape. This solution offers interoperability with Cisco technology in the SAN switch and with RKM through common APIs.
• Native Tape Encryption — a tape based solution that encrypts data natively on the tape drives themselves.
• Oracle® Database 11g Advanced Security Transparent Data Encryption (TDE) with RSA — native Oracle Database encryption solution requiring no application level changes.
• RSA® File Security Manager — File Security Manager is a software-based security solution that is designed to provide transparent encryption of files and folders in conjunction with role-based access control on heterogeneous platforms.

RSA Data Security System

RKM for the Datacenter is one of the only encryption key management solutions on the market that truly scales across the entire enterprise, leveraging RSA, EMC, and a rich partner ecosystem for fully-integrated solutions. It also is an integral part of the RSA Data Security System, which provides a policy based approach to securing data: helping to enable customers to classify their sensitive data, discover that data across the enterprise; enforce controls; and report and audit to help ensure compliance with policy.

“The RSA Data Security System helps organizations secure sensitive information by providing centralized policy management that is business risk driven,” said Hoffman. “The RSA® Data Loss Prevention Suite, announced last week, is engineered to allow organizations to classify, discover and monitor sensitive data, while our encryption and key management suite is designed to allow organizations to apply the appropriate enforcement mechanisms to secure that data. As built, the Data Security System has reporting and audit capabilities that allow organizations to prove that the sensitive data was secured, with future versions conducting the audit and reporting within individual products, and through RSA enVision^® technology. As a result, we’re able to offer customers a wide set of products and services designed around a holistic process for securing the data that is most important to them.”

Availability

RSA Key Manager for the Datacenter will be available beginning in Q2 2008. RSA Key Manager for the Datacenter is also integrated with RSA Key Manager with Application Encryption, which provides encryption and key management to secure sensitive data at the application layer.

More information on RSA’s announcements and related initiatives may be found online at www.rsa.com/rsaconference2008/. In addition, RSA’s information risk management solutions, services and partners will be featured in Booths #1717 and 1817 at RSA Conference 2008, April 7-11, 2008, at the Moscone Center in San Francisco.