Q&A: EMC Exec Lays Out Security Strategy

CRN: A lot of small vendors are coming out with point solutions, such as encryption. Then you have Network Appliance acquiring Decru and Symantec merging with Veritas. Is part of EMC's push on security a reaction to what's happening in the market?

LEWIS: A lot of our motivation around security has been driven by large-company CIOs coming to us and saying, ‘We have more regulations coming our way around data security and information rights protections. We have more compliance needs than ever before.’ And the vulnerabilities are getting pointed out. So this is a very customer-driven thing.

In terms of response to competitors, I think we're going our own route. I think [NetApp's acquisition of] Decru is interesting. Encryption will be a part of our portfolio. But we didn't consider that particular technology as strategic. I mean, you need it, but we're going to have encryption in lots of places. An appliance is a great place to put it early on.

But our core strategy is around secure information management. And the key word is management--how we manage security levels, how we protect the data end to end, how we protect the data at rest or the data in flight. So you'll see us invest much more in the management side, putting in AES or DES encryption.

CRN: How quickly will VARs be able to play with EMC in services, such as ILM, storage services or new security assessment services?

LEWIS: For existing capabilities, as a managed services-type of offering, that can be done today. [The] security assessment services are something that very early on will be a small practice for EMC to go out and help customers assess their security needs. In those types of areas, first, we want to build the capability and practice ourselves and make sure we are doing a good job delivering it, and then over time extend that as a credible practice to a wider set of partners.

CRN: How long will that take?