RSA Buys Encryption Vendor, Inks Resell Deals With Others


Printer-friendly version Email this CRN article

Tightening the tie between security and storage, RSA has acquired an encryption software maker and entered a series of technical alliances related to data encryption.

RSA on Tuesday said it bought Valyd Software, a Hyderabad, India-based developer of software that encrypts data at rest and in motion, for an undisclosed sum. Valyd's KeepSecure data encryption suite includes SecureDB, which encrypts data stored in databases; SecureFS, which encrypts data in files and directories; and SecureApp, which encrypts data at the application level.

RSA also signed agreements to resell appliances and software from three data encryption developers: Decru, Redwood City, Calif.; CipherOptics, Raleigh, N.C.; and NeoScale Systems, Milpitas, Calif.

RSA, the security division of storage giant EMC, unveiled the moves at this week's RSA Conference in San Francisco.

RSA's moves reflect the storage and security sectors' push to find new ways to beef up protection of customer data. One path vendors are taking is encryption of data, either in its primary location, on backup devices or as it moves across a corporate network.

Mark Teter, CTO of Advanced Systems Group, a Denver-based solution provider, said RSA's moves are just what the industry needs to help customers grasp the relationship between storage and security.

"This is what the security business has always needed," Teter said. "How long have we been talking about data vulnerabilities and data risk? Data security has been an obscure topic. Now these partnerships will put wind in its sails."

Earlier on Tuesday, EMC said it will enhance its Symmetrix enterprise-class storage arrays with RSA security technology and that similar enhancements are planned for its other storage products.

Rich Welch, vice president and general manager of data security solutions at RSA, said other recent events are heightening awareness of data encryption and RSA's interest in expanding its technology and products into that area. He cited the Payment Card Initiative, which specifies how companies that accept credit cards handle encrypted data, and states' adoption of laws that require companies to inform individuals and businesses whose private data was lost or stolen.

Down the road, RSA aims to work with vendor partners and others in the industry to develop standards for managing encryption keys, regardless of which technologies customers use, according to Welch.

"We're still working on it," he said. "Our goal is to eventually manage all the encryption keys with a single management interface under RSA. The most important part is to integrate with business applications to manage those keys."

NEXT: RSA aims to be one-stop data security source.
For now, he added, the goal is to give customers a one-stop source for data security technology, including RSA's token authentication technology, database and file encryption with Valyd technology, encryption of data on disk and tape with Decru and NeoScale appliances, and encryption of in-motion data with CipherOptics appliances.

The appliances from Decru, NeoScale and CipherOptics have been resold by EMC as "sales completers," Welch said. However, with the new emphasis on moving to integrate encryption technologies, EMC's sales of these products will be handled by RSA, he said.

Kevin Brown, vice president of marketing at Decru, said RSA's move to bring various encryption technologies to market makes it easier for customers to see the importance of data security. "This will help customers look at best practices, such as how to manage the encryption keys, how to do disaster recovery, how to do secure recovery, how to do audits," he said.

Jim Doherty, chief marketing officer at CipherOptics, said his company's products are mainly sold through solution providers and managed security service providers and that the company plans to have follow-up news about its RSA relationship in a few weeks.

Dore Rosenblum, vice president of marketing at NeoScale, said his company's sales mainly go through indirect channels, and the relationship with RSA shouldn't affect NeoScale's solution provider sales. "Large partners like RSA typically sell to larger customers," he said. "Other partners sell to smaller customers or work with RSA."

Despite RSA's involvement with the channel for its enterprise security product, the security vendor's new push in data security will rely mainly on direct sales for the time being, Welch said.

"To the extent we can make these channel-ready, we will look to do more with the channel," he said. "But most of our sales are still part of an overall solution. They are very complex. Our sales model has historically been direct because our products need programming to sell."

Still, RSA's data security plans will ultimately be good for the channel, according to Advanced Systems' Teter. "Once they work out the details, it will be a good channel solution," he said. "They'll need time. The channel represents a good upside for RSA and EMC."

Printer-friendly version Email this CRN article