RSA Kicks Off Cloud Strategy With Product Launch

virtualization compliance

The cloud launch, dubbed RSA Solution for Cloud Security and Compliance, was designed to help large enterprise organizations meet increasingly stringent and nuanced compliance requirements, as well as manage risk and establish best practices into a standard set of security policies applied to a cloud infrastructure.

RSA's new Cloud Security and Compliance product is based on the Archer eGRC platform acquired by EMC earlier this year. Altogether Archer, which touts about 6 million licensed users, is built on a framework that can be tailored to both on-premise or cloud environments. RSA executives said earlier this year that the new platform would enable the company to expand its own virtualization offerings.

The Cloud Security and Compliance product also integrates with RSA's existing enVision, which collects security events from a myriad of RSA security products, which would work together to beef up the compliance reports provided by the Archer platform.

Altogether, the product touts a simple dashboard and a comprehensive centralized library and reference of security policies that map to more than 100 VMware-specific controls that provide a template for global regulations such as PCI and HIPAA. It also features workflow and notification automation processes designed to simplify the process of addressing security issues.

Sponsored post

The release promises to be the kicker in a series of cloud launches following an announcement RSA President Art Coviello made at the RSA Conference in March that the company would eventually migrate the entirety of its product line to the cloud. Other releases are tentatively slated to be unveiled some time next year.

Some enterprise solution providers say that cloud launches down the road might be just one more option for their customers' security environments, but won't radically change their business model or expand their customer base.

"I don't think it means a lot to us," said Nirav Mehta, director of office strategy and technology for RSA. "Enterprise customers will shy away from cloud-based solutions. They want to manage their own devices. You're going to find a segment that will buy that stuff. Others will say, 'Naw.'"

"(Cloud security products) are a great option to offer the customer. It really depends on the economy, and how the customer views security and control of their own infrastructure," he added.

However, it's unlikely that the product kicker to RSA's future cloud strategy will even be sold widely through the channel -- at least not right away. Executives said that the Archer sales strategy wouldn't change for the RSA offering, indicating that the product will likely be sold through direct channels to RSA's largest enterprise customers.

"Archer is a little more direct sales-led. We're not changing that," Mehta said. "In the future we might open up the door to push this through the channel. I'm not aware of any plans to change our think strategy."

That direct focus could change down the road, Mehta said, as RSA opens up some of its other offerings to be compatible with cloud platforms.

"What Art side was absolutely right. We're making sure that (the products) are virtualization aware, cloud aware, and better than any other product out there for virtualization," Mehta said. "It's (for) the largest customers. Over time we do have to change that mix. We'll have to get back to you when that will happen, when the environment creates the condition for it to become more widely applicable."

Meanwhile, partners are taking a "wait and see" attitude in regard to RSA's impending cloud strategy and how it will pan out over the long term.

"They have the wherewithal to do it. If they're going to have to be in lockstep with everybody else, they're going to have to do it. I don't know where it's all leading," the solution provider said. "We'll see."