EMC Beefs Up Storage Security Offerings

The Hopkinton, Mass.-based storage vendor used its EMC World conference, held this week in Boston, to discuss the importance of information security, which it described as the weak link in a business' overall security strategy, and to offer a look at what EMC is doing about it.

With that in mind, EMC unveiled two new offerings aimed at helping secure customer data, and said it is working to integrate information security into its entire product line.

The first, EMC Assessment Service for Storage Security, brings EMC in to audit a customer environment for security policies, review and appraise the customer's policy rules and configurations, and produce a report showing where the customer is weak or strong, said Dennis Hoffman, vice president of information security at EMC.

The assessment, based on the National Security Agency's Information Assurance Methodology, is important to both the customer's storage team and its security team, Hoffman said. "It's important to the security team because they don't understand storage," he said. "It's important to the storage team because they know the security team doesn't understand storage."

Sponsored post

The second offering, EMC Documentum Digital Rights Management, lets businesses dynamically control access and use of unstructured data and content, both inside and outside the enterprise.

That software, based on technology from Lexington, Mass.-based Authentica, which EMC acquired in February, controls access at the data level in order to enforce protection against loss, leakage or unauthorized use of documents and e-mails regardless of where they are stored, said Hoffman.

The application embeds control rights into such data to ensure unauthorized users cannot access it, as well as to maintain a continuous audit of when and where such data is accessed, as well as who accessed it, he said.

EMC has also started a program to integrate security policy technology across its entire line of storage products, and is investing between 5 percent and 10 percent of its R&D budget on the program, Hoffman said.

"Customers don't want to buy, manage or secure another box," he said. "Every product we sell will have to be compliant with security policies by year-end. Every quarter, the status of every product line to comply with this goes before [EMC Chairman, President, and CEO Joe] Tucci."

Such moves are necessary because today's information security systems are ineffective in that they secure networks and servers, but do nothing to secure information, Hoffman said.

For instance, Hoffman cited the recent rash of lost data tapes and unsecured customer databases as ways in which data can be compromised. As another example, he said that a PowerPoint presentation he might be using could be marked "EMC Confidential," but with existing technology, there is little anyone could do to prevent him from sending it as an e-mail or copying it to a USB drive. "The security solutions today secure the assets, not the information," he said.

Because EMC has a large share of the data storage market, along with virtualization and data protection and archiving technologies, the company has to be on the forefront of information security, said Hoffman. "The security market is really coming to EMC," he said. "It's not EMC coming to the market and saying, we're a security company. That's why a combination like Symantec and Veritas makes no sense to me."