RSA Moving Away From Single Sign-On

single sign-on

The Bedford, Mass.-based vendor earlier this week announced plans to offload maintenance licensing and support for its enterprise single sign-on product to Passlogix, a New York-based authentication and identity/access management vendor.

RSA, which has had a technology partnership with Passlogix since 2003, next year will hand over sole support for its Sign-On Manager product to Passlogix, which will continue to support the product until 2010, said Toffer Winslow, vice president of product management and marketing at RSA.

To ensure that the transfer goes smoothly, RSA will embed Passlogix developers into the Sign-On Manager team, according to Winslow.

"We've been very careful to make sure Sign-On Manager customers have their investment well protected," Winslow said, adding that RSA will release an additional version of Sign-On Manager by the end of the year.

Sponsored post

RSA will also license its SecureID authentication technology to Passlogix, which will integrate it into its v-Go single sign-on platform, Winslow said. V-Go has more than 6 million seat licenses, he added.

"We see this as a way to significantly expand the market for SecureID, which has been primarily used for remote access. We now see opportunities for using it with employees inside the firewall," he said.

Dave Gilden, COO of Acuity Solutions, a Tampa, Fla.-based solution provider, said RSA may not have seen Sign-On Manager as a strategic fit for its long-term strategy, or the product simply might not have been profitable.

"We've had some success with [Sign-On Manager], but not to the extent that we've had with their two-factor authentication products," Gilden said.

Also this week, RSA rolled out what it called a strategic framework for achieving compliance with the Payment Card Industry (PCI) standard: a set of requirements for locking down cardholder data.

RSA sells PCI-related technologies such as strong authentication, encryption and log management, all of which have been key pain points in passing audits, said Michael Ross, area vice president for North American channels at RSA.

"PCI is a nice, sweet-spot opportunity for the products we offer," Ross said.

RSA has mapped each of its product capabilities to PCI requirements and has begun to do the same for EMC's product portfolio, although Ross said the latter effort is "nowhere close to finished."

"We created this road map to help familiarize the field and channel with the products and services and where the partner ecosystem fits into PCI," Ross said.

However, RSA doesn't consider itself a one-stop shop for PCI compliance, Ross noted. For example, PCI-related services like qualified security assessments and vulnerability scanning are outside RSA's area of expertise and are best handled by channel partners, he said.

RSA is training its field and channel teams on auditing and services methodologies around PCI compliance, which includes policy-based management, assessment and testing, remediation, deployment services and auditing, Ross said.