Global Sales Contact List

Contact   A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

OPERATIONS

Information Security & Privacy in Our Operations

The unprecedented number of targeted, increasingly sophisticated cyber-attacks is requiring companies to rethink and redefine their security strategies for this new threat environment. EMC has adopted a new intelligence-driven security strategy to address not only today’s threats but also the evolving challenges of tomorrow.

The preventative value of traditional perimeter-focused security practices of firewalls, anti-virus, and intrusion detection systems has been diminished as the perimeter has been eroded by the dramatic adoption of social and cloud-based applications and mobile devices. Today’s increasingly agile and consumerized business and IT practices, coupled with a more dangerous threat landscape, require a change in our approach from one that focuses only on preventing network intrusions to one that is able to prevent, rapidly detect and effectively respond to attacks in a highly-dynamic environment. Intelligence-Driven Security provides EMC the necessary visibility, insight, and ability to respond to threats that enable us to protect both our own infrastructure and any sensitive information we hold about our customers and our products.

EMC’s Global Security Organization (GSO) develops the security strategy that identifies the high-level objectives to be addressed and strategic initiatives to be undertaken to fulfill EMC's security mission.

To achieve this mission, the GSO addresses the following organizational responsibilities:

  • Security Operations and Incident Response
  • Emerging Technology and Security Engineering
  • Governance, Risk and Compliance

These responsibilities are fulfilled through the following functions:

 

Critical Incident Response Center

  • Uses technical solutions coupled with detailed processes and skilled analysts to provide a holistic approach to operating, monitoring, analyzing, responding to and researching the latest threats to the enterprise.

Security Architecture

  • Provides consulting to IT and other internal business units and delivers designs for application and data security. These internal teams include product engineering and customer service.

Security Engineering

  • Works with other IT functions to design and build EMC’s global network infrastructure, including WAN, LAN, Internet gateways, remote access infrastructure, wireless infrastructure, firewalls, internet filtering technology, IDS and network monitoring. The goal of this team is to  provide a secure operating environment for EMC’s business units and a secure network for EMC product engineering.

Strategy and Emerging Technology

  • Evaluates new technology, drives proof of concept programs, provides input to architecture and consulting teams and wider IT.

Compliance

  • Works to identify, test, and implement automated tools to enable business units to monitor and measure controls effectiveness and reporting. This team primarily supports EMC’s governance, risk, and compliance (GRC) committees, which have the responsibility to understand EMC’s overall compliance to applicable regulations and standards. Many standards—for example, Product Source Code Protection—are included in this assurance process.

Security Enablement

  • Consulting group with alignment to specific areas of EMC to understand their unique operations and align information security protection strategies for them. This team supports the EMC governance process by administering much of the risk management, resolving identified security issues and providing guidance on the direction of key programs that are ultimately delivered to our customers as products and services.

Security Relations

  • Develops and manages the EMC FirstLine Security Awareness and Training Program. This program is one of the most critical components in establishing a “culture of security” to inform our business practices and promote and reinforce employee behaviors that safeguard EMC’s information and assets. EMC’s FirstLine Security Awareness and Training Program involves everyone in the organization. The program components include employee training in areas such as phishing detection and reporting, developing and using strong passwords, safe use of social networking sites, smartphone security, safe web browsing and social engineering; a FirstLine website with security alerts and learning resources; awareness videos and presentations; articles, blogs, newsletters and e-mail campaigns; posters and collateral; and both employee and community-focused events and programs, such as National Cyber Security Awareness Month and in-school cyber security awareness and cyberbullying prevention programs.

Governance

  • Provides strategic planning for security priorities, suggests updates for IT security policies and standards, facilitates cross-functional collaboration for security priorities, and reviews and prioritizes security findings.

Information Risk Management

  • Maintains the information risk management framework in accordance with EMC’s enterprise risk management framework and provides risk based assessments and analysis for major projects, programs and initiatives related to information technology. Manages ongoing risk elements in cooperation with governance and compliance functions.

Responding To Cyber Security Risks

As with any large company, EMC experiences and successfully defends numerous cyber-attacks on its IT infrastructure every day. We remain committed to our relentless pursuit of building trust in the digital world and have dedicated ourselves to maintaining the confidence of our customers and partners. Through a rigorous process of regular enhancements to our products and services, we continuously strengthen EMC’s internal security to better protect our business and customers from cyber threats.

IT Proven Program

Through the IT Proven Program, EMC’s GSO implements our security solutions across IT operations throughout the enterprise. By tackling the same problems our customers face, we can test our own products and provide real-world feedback on their performance.

The GSO also supports the development of new security solutions for EMC. For example, in collaboration with RSA product management, the GSO developed a Security Operations Management module for RSA’s Archer eGRC software platform. This module enables enterprises to seamlessly orchestrate people, process, and technology to respond to security incidents.

Protecting Personal Information

At EMC, confidential, personal information may not be used or disclosed except as necessary for legitimate business purposes, such as for human resources and employment functions or as otherwise permitted or required by applicable law. From a data security standpoint, we use reasonable administrative, technical, and physical measures to safeguard confidential, personal, and corporate information.

EMC complies with the U.S.-E.U. Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework ("Safe Harbor") as set forth by the U.S. Department of Commerce regarding the collection, use, retention, and transfer of personal information from the European Union, the European Economic Area, and Switzerland. EMC has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. EMC has been awarded TRUSTe's Privacy Seal signifying that its Privacy Statement and EMC’s practices as described in that statement have been reviewed by TRUSTe for compliance with TRUSTe’s program requirements.

Certifications

EMC’s security program is based on industry standards for security management systems. Our RSA Archer GRC hosted environment is in the final stages of attaining SOC-2 Type 2 certification this year. Nine business units in four countries are ISO 27001 certified, and many of our data centers follow policies and procedures based on the ISO 27001 Information Security Management System.

Partnering for Security in a Changing World

An ongoing challenge for EMC, and all large companies, is the implementation of security processes for new, rapidly changing technology environments. As our company evolves, we are becoming a hyper-extended enterprise, sharing information with more people and using more technology tools across more geographies than ever before.

Our information security strategy and practices prepare us for this challenge. We also recognize that we don’t have all the solutions, and we are working with partner organizations to address the evolving security landscape. Some of our 2014 initiatives include:

  • National Cyber Security Alliance (NCSA) – Through funding and board-level participation, EMC actively supports the NCSA, a nonprofit organization dedicated to promoting Internet safety and security at home, work, and school. For the eighth year in a row, we collaborated with NCSA to celebrate National Cyber Security Awareness Month in October 2014.
  • SAFECode – As it relates to product security and privacy, EMC continues to participate with SAFECode, a global organization it helped launch in 2007 that is focused on improving trust in IT products and services. In 2014, EMC continued to offer five software development training modules through SAFECode. These modules are free and publicly available and aim to raise the bar on software development security across the industry. To learn more, visit Product Information Security & Privacy.
  • Internet Engineering Task Force (IETF) – EMC supports the development of Internet standards through our work with IETF, an open, international community of IT professionals and researchers concerned with the evolution of Internet architecture and seamless operation. EMC’s involvement continued in 2014 with EMC’s Global Lead Security Architect in the EMC Office of the CTO serving as the organization’s IETF Security Area Director. EMC is sponsoring her as she focuses on providing security insight and approval for a new set of IETF standards.
  • Open Group – EMC is a member of Open Group, a nonprofit organization working to develop open, secure, vendor-neutral IT standards and certifications. Through the Open Group Trusted Technology Forum, EMC is helping the organization to develop solutions for a more trusted global supply chain.
  • Computer Security Research Alliance (CSRA) – In 2014, EMC continued to work with CSRA, a nonprofit research consortium it helped found in 2012 that aims to tackle information security challenges. The consortium works closely with industry members, universities, and government agencies to develop breakthrough technologies to improve cyber security.
  • Cloud Security Alliance (CSA) – EMC is an executive member of CSA, a nonprofit industry coalition that promotes best practices in security assurance within cloud computing and provides education on the uses of cloud computing to help secure all other forms of computing.
  • International Information Integrity Institute (I-4) – I-4 is the leading forum for senior information security leaders involved in implementing sophisticated risk management and security operations, many of whom hold the highest ranking positions within some of the most influential global organizations. I-4 brings together some of the leading minds in the world of information security and risk to help its members stay one step ahead of the big issues. I-4 is recognized for its thought leadership role, and members are united by their willingness to share their extensive experience to make a valuable contribution to today’s security issues.
  • Financial Services – Information Sharing and Analysis Center (FS-ISAC) – Information sharing is a key component of an Intelligence-Driven Security strategy. In 2014, RSA continued its strategic relationship with FS-ISAC’s global operations, including maintaining its Board position with the organization.
  • PCI Security Standards Council (PCI SSC) – RSA continues to be a Participating Organization and serve on the Board of Advisors for the PCI SSC, an open global forum launched in 2006, that is responsible for the development, management, education and awareness of best practices for securing consumers’ payment card data.
  • FIDO (Fast IDentity Online) Alliance – RSA is a Board member of FIDO, an non-profit industry organization dedicated to addressing the problems users face with creating and remembering multiple usernames and passwords for websites and cloud applications – a key issue in making users safe online.
  •  Organization for the Advancement of Structured Information Standards (OASIS) – EMC employees actively participate on several OASIS Technical Committees helping to define industry standards in areas such as security, content management, and cloud computing. These standards help ensure that EMC products are able to interoperate with other systems and products.
  • Security for Business Innovation Council (SBIC) – In 2008, EMC formed SBIC, a group of leading security executives from Global 1000 enterprises. SBIC publishes recommendations to help advance information security worldwide. We sponsored two reports in 2013 focused on the transformation of two of the three elements of information security: people and processes, and published a report focused on the third element, technology,  in 2014. To learn more, visit the SBIC website.

To learn more about information security and privacy in our products, visit Our Products and Customers.


Additional Information:

Notes:
Connect with EMCConnect with EMC
Need help immediately? EMC Sales Specialists are standing by to answer your questions real time.
Use Live Chat for fast, direct access to EMC Customer Service Professionals to resolve your support questions.
Explore and compare EMC products in the EMC Store, and get a price quote from EMC or an EMC partner.
Explore our world-class business partners and connect with a partner today.
We're here to help. Send us your sales inquiry and an EMC Sales Specialist will get back to you within one business day.
Want to talk? Call us to speak with an EMC Sales Specialist live.