Press Release

RSA Announces New Contexutal Authoriization Solution to Manage Deep and Defined Access to Enterprise Resources.

RSA® Entitlements Policy Manager Enables Enterprises to Protect Sensitive Information by Providing Users with the Right Access to the Right Applications, Web Services and Documents.

LONDON, U.K, October 27, 2008 - 

RSA, The Security Division of EMC (NYSE: EMC), today announced RSA® Entitlements Policy Manager, a new addition to its Identity Assurance portfolio of contextual authorization solutions – including RSA® Access Manager and RSA® Federated Identity Manager – that is engineered to enable organizations to increase security and enforce end user access control based on specific risk and business context, in accordance with policy.

“As part of a solid identity assurance strategy, a web access management solution must evolve beyond web single sign-on, as enterprises have moved more towards service-oriented architectures, Web services and the latest standards,” said Sally Hudson, Research Director, Security Products and Services at IDC. “More concentrated and specific access rights to a broader variety of resources, like customer relationship management software, will help those who are appropriately credentialed to access privileged and well-defined information, and those who are not authorized to stay away from what they do not need to see.”

More Secure Access through Fine Grained Role- and Attribute-Based Policy

RSA Entitlements Policy Manager is designed to provide IT organizations with a web-based interface to manage policies that create centralized user access controls based on fine-grained roles and attributes. As engineered, the product would accomplish this while preserving each user’s identity context across applications, URLs, service-oriented architectures (SOA) and Web Services. IT administrators can enhance risk management by defining controls based on content sensitivity such as materials including company financials and customer information. For example, user access privileges can be granted to specific database rows and columns, or files with content management and collaboration solutions such as Microsoft® SharePoint® or EMC Documentum® eRoom® products.

Reduced Operational Costs and Improved Efficiency

RSA Entitlements Policy Manager is designed to allow IT administrators to be more agile through the ability to create, enforce and monitor centralized security policies from one central location and across the distributed application infrastructure. The solution is built on a strong architectural foundation leveraging industry standards such as eXtensible Access Control Markup Language (XACML) and Security Assertion Markup Language (SAML) to create a scaleable system for enterprise applications. RSA Entitlements Policy Manager provides a centralized security platform that allows developers to focus on business logic – improving development agility and flexibility to modify controls on applications – without having to rewrite code.

Improved Risk Management and Regulatory Compliance

RSA Entitlements Policy Manager is engineered to provide broad and deep visibility into IT controls as well as consistent policies that link both the risk associated with user authentication and the risk associated with resources. By providing a context to authorization, as well as the ability to log and report all user and administrator activity, organizations can improve regulatory compliance and foster broader operational trust and information governance within the organization.

“Our identity assurance solutions are focused on allowing trusted identities to freely and securely interact with systems and access information, providing customers with a proven methodology and set of capabilities that minimize the risk associated with identity impersonation and inappropriate account use,” said Sam Curry, Vice President, Identity and Access Assurance at RSA. “Access to highly sensitive data should be granted only to those who need it, and in some job functions access to only very specific areas within the information infrastructure are necessary. Organizations need to be able to effectively manage the many nuances within large numbers of identities and resources, while simultaneously making it easier for their employees to do their jobs.”

Product Availability

RSA Entitlements Policy Manager will be available worldwide through RSA and EMC starting in late Q4 2008. RSA Access Manager and RSA Federated Identity Manager are currently available worldwide through RSA and EMC, and select RSA SecurWorld channel partners.

About RSA

RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle – no matter where it moves, who accesses it or how it is used.

RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit and

About EMC

EMC Corporation (NYSE: EMC) is the world's leading developer and provider of information infrastructure technology and solutions that enable organizations of all sizes to transform the way they compete and create value from their information. Information about EMC's products and services can be found at

Press Contacts

David Seuss
RSA, The Security Division of EMC

Matt Buckley
RSA, The Security Division of EMC
+44 (0)1344 781633

Heather Milne
OutCast Communications

RSA, enVision and SecurID are either registered trademarks or trademarks of RSA Security, Inc. in the U.S. and/or other countries. EMC Smarts and Voyence are registered trademarks of EMC Corporation. All other company and product names may be trademarks of their respective owners.

This release contains "forward-looking statements" as defined under the Federal Securities Laws. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) adverse changes in general economic or market conditions; (ii) delays or reductions in information technology spending; (iii) our ability to protect our proprietary technology; (iv) risks associated with managing the growth of our business, including risks associated with acquisitions and investments and the challenges and costs of integration, restructuring and achieving anticipated synergies; (v) fluctuations in VMware, Inc.'s operating results and risks associated with trading of VMware stock; (vi) competitive factors, including but not limited to pricing pressures and new product introductions; (vii) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (viii) component and product quality and availability; (ix) the transition to new products, the uncertainty of customer acceptance of new product offerings and rapid technological and market change; (x) insufficient, excess or obsolete inventory; (xi) war or acts of terrorism; (xii) the ability to attract and retain highly qualified employees; (xiii) fluctuating currency exchange rates; and (xiv) other one-time events and other important factors disclosed previously and from time to time in the filings of EMC Corporation, the parent corporation of RSA Security Inc., with the U.S. Securities and Exchange Commission. RSA and EMC disclaim any obligation to update any such forward-looking statements after the date of this release.