RSA and Zscaler Teaming Up to Deliver Trusted Access for Cloud Computing
San Francisco, California, February 28, 2012
- RSA and Zscaler are collaborating to develop a new cloud-based solution to help secure access and identities in the cloud
- Cloud-based solution to integrate RSA’s Cloud Trust Authority, RSA®’s Adaptive Authentication and Zscaler’s Cloud Security service
RSA, The Security Division of EMC (NYSE:EMC) and Zscaler today announced they are jointly developing a cloud-based solution to assert continuous trust in identities accessing any web application or cloud service. The solution is designed to help enable organizations to apply policy and control to identities even outside corporate networks, and simplify the challenge of managing user credentials associated with multiple cloud applications and web services. The integration of risk-based authentication and identity federation from RSA’s Cloud Trust Authority and RSA® Adaptive Authentication solutions along with the inline web security capabilities of Zscaler’s Cloud Security service would enable a ubiquitous service for continuous, risk-aware identification of users accessing the Internet.
The solution will include strong user authentication, identity federation, and dynamic risk assessment based on device identification, user behavioral profiling, and vulnerability detection. The combined service being developed will be engineered to help organizations mitigate the risks of data theft, service abuse, and other threats that stem from insufficient authentication, stolen credentials or compromised user devices and accounts. By monitoring the behavior of authenticated users and environmental conditions, the developed service will create a dynamic risk profile that can be used by web applications to minimize the potential of access from compromised accounts, bots, and malware, while still ensuring a positive, simple user experience.
Phillip Hochmuth, IDC Analyst
“Enterprises are shifting mission-critical applications and data into the cloud, and users are becoming more mobile than ever. As a result more and more access to enterprise resources is occurring from outside corporate networks, using devices not controlled by the enterprise IT teams. Attackers know that they can often steal corporate data more easily by compromising user accounts, sessions and endpoints, rather than attacking the enterprise servers or SaaS applications directly. Zscaler and RSA are developing the industry's only solution to this growing risk by integrating dynamic, behavior–based authentication with a global web security platform that protects users and data across all applications and web destinations.”.
RSA Executive Quote
Art Coviello, Executive Vice President, EMC Corporation and Executive Chairman, RSA
“Tight integration between trusted authentication and web security technology delivered as a cloud service will offer much needed defense to counter increasingly sophisticated threats in mobile and cloud environments. RSA provides risk-aware authentication which, when combined with Zscaler’s Cloud Security service, will help enable continuous identity assurance and policy enforcement in the cloud.”
Zscaler Executive Quote
Jay Chaudhry, President and CEO, Zscaler
“Trust is no longer about simply identifying the user. With more devices accessing more applications and data from more locations, trust must be established and enforced dynamically. Through this development partnership with RSA, Zscaler will enhance security for our customers and the cloud services they depend upon, by continually and dynamically establishing trust.”
Joint Go-To-Market Initiatives
In addition to development of the cloud service to provide inline identity-awareness, both companies will also work together to jointly market and sell the combined solution.
RSA and Zscaler are showing a proof of concept of this capability in their booths at the RSA® Conference. RSA will also demonstrate a beta version of the RSA® Cloud Trust Authority federation service.
Security and Compliance in the Post-PC World
Mobility and Cloud Computing change not only how and where organizations access information and applications but also how to manage ensuring trusted access, policy enforcement and even governance. Ensuring and managing this trust becomes more complex as more and more IT services and sensitive information are accessed and consumed via devices, networks and applications that live entirely outside of corporate IT’s direct control.
RSA outlines five key criteria that are essential to delivering security and compliance for this remote, hyper-extended world.
- Authentication must move to the cloud. To address increased mobility of end users, authentication itself must be delivered from the cloud regardless of user location.
- Enterprise identity management must extend to the cloud. Identity information confined within the enterprise must extend to the cloud rather than create multiple independent silos of identities.
- Trust must be constantly verified. Trust is the key component throughout the user session and must go beyond authentication at login to more confidently detect and prevent session compromise.
- Security must be risk-based. Risk-based controls and analytics need to adapt to the risk levels that exist as users travel to remote locations, utilize remote networks and access a broader variety of cloud and web-based applications.
- Leverage an ecosystem. Providing trust, visibility and control will require an ecosystem versus any single vendor solution. Security must be built into the Internet directly across all devices and access methods wherever the user and information reside. This requires an ecosystem of vendors working in concert.
- Learn more about how Trusted IT from EMC = Trusted Business at: www.emc.com/trust
- Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and the RSA Speaking of Security Blog and Podcast.
RSA, The Security Division of EMC is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world’s leading organizations solve their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention, Continuous Network Monitoring, and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.EMC.com/RSA.
RSA, The Security Division of EMC
RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other company and product names may be trademarks of their respective owners.
This release contains “forward-looking statements” as defined under the Federal Securities Laws. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) adverse changes in general economic or market conditions; (ii) delays or reductions in information technology spending; (iii) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (iv) competitive factors, including but not limited to pricing pressures and new product introductions; (v) component and product quality and availability; (vi) fluctuations in VMware, Inc.’s operating results and risks associated with trading of VMware stock; (vii) the transition to new products, the uncertainty of customer acceptance of new product offerings and rapid technological and market change; (viii) risks associated with managing the growth of our business, including risks associated with acquisitions and investments and the challenges and costs of integration, restructuring and achieving anticipated synergies; (ix) the ability to attract and retain highly qualified employees; (x) insufficient, excess or obsolete inventory; (xi) fluctuating currency exchange rates; (xii) threats and other disruptions to our secure data centers or networks; (xiii) our ability to protect our proprietary technology; (xiv) war or acts of terrorism; and (xv) other one-time events and other important factors disclosed previously and from time to time in the filings of EMC Corporation, the parent company of RSA, with the U.S. Securities and Exchange Commission. EMC and RSA disclaim any obligation to update any such forward-looking statements after the date of this release.