Press Release

Beyond Authentication: RSA Unveils Identity Assurance Solution To Enable Secure, Easy & Intelligent Access To Enterprise Information And Applications

RSA Delivers New Capabilities in Credential Management, Authentication, Contextual Authorization and Intelligence.

BEDFORD, Mass, April 8, 2008 - 

RSA, The Security Division of EMC (NYSE: EMC), today outlined the next phase in its solution for Identity Assurance—a key component of the company's Information Risk Management strategy - offering a set of solutions with capabilities designed to minimize information risk and enable business success and innovation for customers.

Information Risk Management is a set of strong processes that follow the information within an organization. These processes are designed to determine where the risks lie to present a holistic view of risk related to information across the enterprise—thereby helping to determine what information needs protecting, where the risks exist—and then outline how a company should best prioritize its security investments to align with business needs.

Identity Assurance

An integral component to Information Risk Management is Identity Assurance, the methodology and set of capabilities that minimize the business risk associated with identity impersonation and inappropriate account use, thereby enabling enterprises to allow trusted identities to freely and securely interact with systems and access information. Identity Assurance supports an information risk management process by helping define and enforce policy around users and access and providing the essential technology controls to mitigate risks related to unauthorized access.

"Identity assurance is essential for a sound identity management strategy," noted Mark Diodati, Senior Identity and Privacy Analyst with Burton Group. "Without it, the value of your security policies is severely diminished."

The solutions announced today expand RSA's existing Identity Assurance portfolio to provide a new generation of powerful and seamless user authentication experiences that support new business models, providing secure access for employees, customers and partners, while striking the right balance between risk, cost and convenience.

"Authentication will always remain key in the security equation; when protecting information at a granular level, understanding and regulating who has access to that information is key to preventing unauthorized people from accessing sensitive systems and data," said Christopher Young, Vice President and General Manager, Identity and Access Assurance Group, RSA. "RSA has always been an innovator in this field. What we're doing today is redefining authentication and extending our approach, moving to a continuous trust and facilitation model—Identity Assurance—that will be the basis of how an identity is used at all times and what it can do."

RSA, a trusted partner for Identity and Access Management solutions for more than two decades, is building on its history and introducing a comprehensive Identity Assurance platform that includes four essential components: Credential Management, Authentication, Contextual Authorization, and Intelligence. Together, these solution areas help customers effectively address and provide an end-to-end identity assurance foundation that supports the requirements of today's businesses and provides a flexible infrastructure for future business initiatives and technologies.

  • Credential Management: RSA's comprehensive credential management solutions are designed to give customers the ability to verify each identity before the credential is issued; define ID and credential policy; and manage a diverse range of credentials centrally throughout all phases of its full lifecycle—from issuance to post-issuance management, in addition to policy administration.
  • Authentication: RSA's authentication solutions are engineered to assure identities to a system, resource, information, or a transaction, based on risk. There is no 'one size fits all' security solution, so RSA offers a full range of solutions to authenticate and store credentials that balances cost, end-user convenience and security.

    RSA's drive to bring confidence, flexibility and choice in strong authentication can be seen in the diversity of its authentication offerings. RSA's solutions are delivered through a choice of appliance, hosted (software as a service) or on-premises software, and through a range of authentication methods, including one-time passwords, device identification, knowledge-based authentication and certificate management. All these solutions are offered with a variety of form factors from hardware tokens, software tokens delivered across a range of mobile devices and platforms, SMS delivery of one-time passwords, a token toolbar and transparent, risk-based authentication methods that layer authentication based on the risk of users or transactions.

  • Contextual Authorization: These RSA solutions are built to enforce access control based on a specific risk and business context, according to policy. RSA helps customers manage access, federate identities, and enforce policies across web resources, portals and applications. Step-up authentication is enabled by these capabilities, which provides the right authentication at the right time and optimizes user experience.

    Businesses have the ability to manage large numbers of users while enforcing a centralized security policy, ensuring compliance and providing secure access to information.

  • Intelligence: RSA offers an overarching layer of intelligence that helps protect the integrity of identities by mitigating any misuse. RSA's Identity Assurance solutions do this in a spectrum of ways, through reporting on who has had access to what information; by monitoring credentials and activities to ensure that credentials are used by the appropriate party and for the appropriate purpose; and by aiding businesses to stay on top of the changing risk landscape through proactive threat and real-time information detection.

    This intelligence in RSA's Identity Assurance solutions provides knowledge back into the business, and the confidence to explore and exploit new business models and channels.

    Together, these four components comprise RSA's Identity Assurance solution and provide today's businesses with a holistic solution that addresses security from an information-centric perspective.

New Technologies for Identity Assurance

Today, RSA is announcing the following new Identity Assurance capabilities:

Credential Management and Authentication: RSA® Authentication Manager 7.1
RSA Authentication Manager 7.1 is a significant advance in RSA's enterprise-class authentication solution and the power behind the RSA SecurID® product. The new solution is engineered to continue to meet the evolving security needs of customers by providing business continuity options—in the event that a large number of users unexpectedly have to work offsite—along with extended authentication choices and enhanced operational efficiencies. Please see the full press release for more details.

Authentication Choice: the RSA SecurID® Software Token 4.0 for Windows® Desktops
With a significant upgrade to the RSA SecurID Software Token 4.0 for Windows Desktops, RSA continues its ongoing commitment to provide a broad choice of two-factor authentication form factors—including software tokens for smart phones, USB flash drives, and other portable devices—in order to enable consumers, enterprises and government organizations to balance convenience, risk and cost of ownership.

This software token is now engineered to provide support for the Windows Vista™ Enterprise and Windows Vista Business operating systems, as well as a revised and streamlined user interface. The solution is also now designed to be interoperable with computer screen readers, enabling those with visual impairments to have access to two-factor authentication technology. In addition, when used with RSA Authentication Manager 7.1, the new software token supports simplified "over-the-air" seed provisioning as well as an authentication process familiar to those who have migrated from RSA SecurID hardware tokens.

Availability

The RSA SecurID Software Token 4.0 for Windows Desktops is available from today. RSA Authentication Manager 7.1 will be available worldwide in Q2 2008; any current RSA SecurCare® customers licensing a prior version of RSA Authentication Manager are eligible to upgrade to an RSA Authentication Manager 7.1 license.

More information on RSA's announcements and related initiatives may be found online at www.rsa.com/rsaconference2008/. In addition, RSA's information risk management solutions, services and partners will be featured in Booths #1717 and 1817 at RSA Conference 2008, April 7-11, 2008, at the Moscone Center in San Francisco.

About EMC

RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle—no matter where it moves, who accesses it or how it is used.

RSA offers industry-leading solutions in identity assurance & access control, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com

Press Contacts

Matt Buckley
781-515-6212
matthew.buckley@rsa.com

RSA, SecurCare and SecurID are either registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. EMC is a registered trademark of EMC Corporation. Microsoft, Windows and Windows Vista are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries. All other products and/or services mentioned are trademarks of their respective companies.

This release contains "forward-looking statements" as defined under the Federal Securities Laws. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) adverse changes in general economic or market conditions; (ii) delays or reductions in information technology spending; (iii) risks associated with acquisitions and investments, including the challenges and costs of integration, restructuring and achieving anticipated synergies; (iv) competitive factors, including but not limited to pricing pressures and new product introductions; (v) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (vi) component and product quality and availability; (vii) the transition to new products, the uncertainty of customer acceptance of new product offerings and rapid technological and market change; (viii) insufficient, excess or obsolete inventory; (ix) war or acts of terrorism; (x) the ability to attract and retain highly qualified employees; (xi) fluctuating currency exchange rates; and (xii) other one-time events and other important factors disclosed previously and from time to time in EMC's filings with the U.S. Securities and Exchange Commission. EMC and RSA disclaim any obligation to update any such forward-looking statements after the date of this release.

Notes: