EMC Collaborates with VMware and Intel to Deliver Proof of Concept for Business Critical Security Compliance and Control in the Cloud

RSA CONFERENCE 2010 – SAN FRANCISCO, CA. - March 02, 2010 -

RSA, The Security Division of EMC (NYSE: EMC) today unveiled a shared vision with Intel Corporation and VMware, Inc. for building a more secure, transparent and accountable infrastructure for business-critical cloud services. This vision, leveraging technology and expertise from EMC's RSA Security Division as well as from Intel and VMware, is described in a newly released RSA® Security Brief titled "Infrastructure Security: Getting to the Bottom of Compliance in the Cloud" and is demonstrated through an innovative proof of concept which debuted at this week's RSA® Conference in San Francisco.

This press release is available in Social Media Format.

"For the cloud to mature into an enterprise-grade platform running high-value business processes and data, we must be able to trust the security of the underlying physical and virtual infrastructure without question," said Pat Gelsinger, President and Chief Operating Officer, EMC Information Infrastructure Products. "Today most organizations have little to no visibility into what's occurring within the infrastructure layers of clouds, making it impossible to verify their security. Together our companies are demonstrating that internal and external clouds can be visible, measurable and reportable for the secure management of a company's most important business processes."

RSA, Intel, VMware and GRC experts from Archer Technologies (recently acquired by EMC), have demonstrated a vision for a trusted cloud infrastructure that promises to deliver significant operational benefits for organizations and service providers running private clouds.

This concept – comprising a hardware root of trust, secure virtualization environment, security information and event management and GRC management software – provides truly unprecedented visibility into actual conditions within the bottom-most layers of the cloud. A demo is being shown publicly for the first time at this week's RSA Conference in San Francisco showcasing benefits including:

1. Greater Visibility into activities and actual states within physical and virtual machines, giving organizations the ability to verify secure conditions in what was formerly the "black box" of the cloud.
2. Finer Controls to enforce differentiated policies in private clouds, such as what types of physical hardware virtual machines may run on and which tenants or business units may co-reside and share resources.
3. Streamlined Compliance by providing automated processes for collecting, analyzing and reporting infrastructure-level activities and events.

"Terremark has always focused on secure cloud use cases as one of the premier cloud providers for the Federal government. For Terremark, demonstrating compliance on shared, virtualized platforms has been a manual, complex, and labor-intensive set of activities," said Chris Day, Chief Security Architect, Terremark Worldwide. "As a VMware vCloud™ partner, when we can easily prove compliance, security and control on multi-tenant, virtualized infrastructure it will be incredibly compelling to our customers and our own business. The technology integration that VMware, Intel and EMC demonstrated here reinforces that we've made the right technology partnerships, and that customers choosing Terremark for their cloud infrastructure have also made the right choice."

The foundation for this new trusted computing infrastructure is a hardware root of trust derived from Intel® Trusted Execution Technology (TXT), which authenticates each and every step of the boot sequence, from verifying hardware configurations and initializing the BIOS to launching the hypervisor. Once launched, the VMware virtualization environment collects data from both the hardware and virtual layers and feeds a continuous, raw data stream to the RSA enVision® Security Information and Event Management platform. The RSA enVision solution is engineered to analyze events coming through the virtualization layer to identify incidents and conditions affecting security and compliance. The information is then contextualized within the Archer SmartSuite Framework™ solution, which is designed to present a unified, policy-based assessment of the organization's security and compliance posture through a central dashboard.

"For more than 18 months, Burton Group has pinpointed concerns with privacy, isolation, and audit controls as major barriers to enterprise cloud infrastructure-as-a-service adoption," said Chris Wolf, Senior Analyst, Burton Group. "However, those concerns are now beginning to dissipate as cloud services built on a hardware root of trust emerge. It is very encouraging to see select vendors showing early leadership, and a very positive first step by fully addressing requirements such as PCI compliance and providing clearly defined security boundaries. When accompanied by a clearly defined tiered security model and requisite audit and policy enforcement controls, you have a true catalyst for cloud IaaS adoption."

"Savvis has a long-term reputation for operational excellence, and has been one of the early adopters of the VMware vCloud™ initiative," said Bryan Doerr, CTO, Savvis, Inc. "We have worked on a long term basis with fellow industry leaders such as VMware, Intel, EMC and Cisco, and we support the VCE Coalition's approach. We shared the security demands of shared multi-tenant cloud infrastructure with VMware, RSA and Intel – and the technology shown this week at RSA is innovation that we've asked for. Simple, demonstrated, and auditable compliance controls and security measures could be a significant improvement over the ways we've achieved this traditionally via physical isolation and rigorous process. This demonstrates the leverage our customers get from the collaboration and innovation between Savvis, VMware, Intel and EMC."

Also today, RSA released a new Security Brief titled "Infrastructure Security: Getting to the Bottom of Compliance in the Cloud." The brief presents an executive-level overview of the current challenges in proving security within the cloud's foundational layers and provides guidance on how to increase visibility and control in private clouds to meet compliance requirements.

The authors of the Security Brief include many of the industry's foremost security and virtualization experts including Jon Darbyshire, Founder of GRC leader Archer Technologies; Douglas Fisher, Vice President – General Manager of the Systems Software Division at Intel Corp.; Bret Hartman, Chief Technology Officer of EMC's RSA Security Division; and Dr. Stephen Herrod, Chief Technology Officer and Senior Vice President of R&D for VMware.

In the new Brief, the authors collectively assert the next frontier in cloud compliance will be to develop simpler, more reliable ways to attest to the security of physical and virtual machines within the cloud. The authors describe the business, security and compliance advantages of building secure private clouds on a hardware root of trust and present a vision for leveraging existing IT solutions and services to create an infrastructure for future cloud services that's easily inspected, measured and reported.

"By relying on a hardware root of trust backed by Intel® Trusted Execution Technology, cloud providers can offer an infrastructure that allows IT to implement and manage security policies as required by their business needs," said Kirk Skaugen, Vice President and General Manager of Intel's Data Center Group. "Working together Intel, VMware and EMC are helping to build more secure and efficient IT solutions."

"VMware vSphere™ provides customers the foundation for achieving 'better than physical' security as they continue on their journey to cloud computing," said Dr. Stephen Herrod, CTO and senior vice president of R&D, VMware. "Working with technology experts EMC and Intel, we've now taken a logical next step to enhance security in the cloud, with better insights into these environments so customers are assured that their data and applications are secure and compliant."

RSA Security Briefs are designed to provide security leaders with essential guidance on today's most pressing information security risks and opportunities. Each Security Brief is created by a select response team of experts who mobilize across organizations to share specialized knowledge on a critical emerging topic.Offering both big-picture insight and practical technology advice, RSA Security Briefs are vital reading for today's forward-thinking security practitioners. The latest RSA Security Brief, "Getting to the Bottom of Compliance in the Cloud," is available to download from RSA's website at www.rsa.com/innovation.

For information regarding announcements from EMC, its RSA Security Division and partners, please visit the RSA press center.

At the RSA Conference 2010 Expo (March 1-4, San Francisco):

• Information-centric security solutions and consulting services – booth 1725
• RSA Partner Pavilion – booth 1737
• Governance, Risk and Compliance solutions from Archer Technologies (now part of RSA) – booth 1338
• A full set of solutions and technologies to enable the "Journey to the Private Cloud", featuring a proof of concept to secure the private cloud from EMC, the RSA security division, Intel and VMware – booth 2029