NEW RSA SECURITY BRIEF OFFERS ORGANIZATIONS ACTIONABLE STEPS FOR MANAGING COMPLIANCE IN VIRTUALIZED ENVIRONMENTS

Leading technologists from EMC and VMware Provide Critical Guidance to Enterprises with Virtual Deployments

RSA, The Security Division of EMC (NYSE: EMC) today released a new RSA® Security Brief titled: “Security Compliance in a Virtual World,” offering actionable best practices for organizations faced with proving compliance in virtualized environments.

As more organizations accelerate virtualization deployments, a more critical eye is turned towards compliance programs. The new RSA Security Brief offers executives and technology practitioners some practical guidance for establishing a solid foundation to mitigate risk and address compliance with various regulations, industry standards and internal policies in the context of virtual infrastructures. Authors of the RSA Security Brief include three of the industry’s foremost security and virtualization experts from EMC and VMware: Bret Hartman, Chief Technology Officer for EMC’s RSA security division, Dr. Stephen Herrod, Chief Technology Officer and Senior Vice President of R&D for VMware and Dave Shackelford, Chief Security Strategist for EMC Ionix.

“EMC and VMware are in a unique position to offer sound advice for how organizations can best achieve and maintain compliance in virtualized environments,” said Jon Oltsik, Senior Analyst, Enterprise Strategy Group. “Maintaining compliance in a virtualized environment requires the business to understand the impact of this new system on the overall IT risk management program.”

Enabling Executives to Communicate and Practitioners to Act

Organizations taking advantage of the benefits of virtualization will also have to demonstrate efforts to ensure these environments are fully integrated within a broader compliance program. Enterprises currently struggle with complex compliance environments that include the impact of local data protection laws (e.g., country level laws as part of the European Union Data Protection Directive), global industry mandates like the PCI Data Security Standard as well as regulatory requirements such as Sarbanes-Oxley and HIPAA. In addition, many organizations must navigate the complexities associated with internal polices and agreements with business partners and customers. Because of this, it is critical to have a complete view into how virtualization impacts an organizations’ compliance program.

Professionals responsible for IT security, risk management and compliance programs will discover useful guidance and actionable best practices in the RSA Security Brief. Key components include:

•Best practices for implementation – any enterprise implementing virtualization must understand and manage the impact on the compliance and risk management programs. The Security Brief addresses key areas including platform hardening, configuration and change management, patch management, administrative access control & separation of duties, network security & segmentation and audit logging.

•A virtualization software security assessment checklist – provides questions that organizations can pose to their vendors to better understand their providers’ capabilities to deliver secure software.

•Detailed considerations for technical practitioners – provides organizations with specific critical considerations such as how to use fine-grained access control to ensure separation of duties between an administrators’ role within the virtualized software and ensuring patch management practices extend to the virtualization software in addition to the virtual machines.

RSA Security Briefs provide security leaders with essential guidance on today’s most pressing information security risks and opportunities. Each Security Brief is created by a select response team of experts who mobilize across organizations to share specialized knowledge on a critical emerging topic. Offering both big-picture insight and practical technology advice, RSA Security Briefs are vital reading for today’s forward-thinking security practitioners. Today’s announcement marks the release of the flagship RSA Security Brief, “Security Compliance in a Virtual World, and is now available for download on the RSA website at www.rsa.com.

About RSA

RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world’s leading organizations succeed by solving their most complex and sensitive security challenges. RSA’s information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle – no matter where it moves, who accesses it or how it is used.

RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management,, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

RSA is either a registered trademark or trademark of RSA Security Inc. in the United States and/or other countries. EMC is a registered trademark of EMC Corporation. All other company and product names may be trademarks of their respective owners.

# # #

For media queries please contact:

Kerry Walker

OutCast Communications

1-617-201-7494

Kerry {at} outcastpr(.)com

Lona Therrien
RSA, The Security Division of EMC
781-515-6279

lona.therrien {at} rsa(.)com

Debjani Gupta

RSA, The Security Division of EMC

+91-98-2124-3750

debjani.gupta {at} rsa(.)com

Rashi Gupta

The PRactice

+91-98-9320827625

rashi {at} the-practice(.)net