RSA And Zscaler Teaming Up To Deliver Trusted Access For Cloud Computing
New Solution to Enable Enterprises to Establish Visibility and Control over User Access in Cloud and Mobile Environments
- RSA and Zscaler are collaborating to develop a new cloud-based solution to help secure access and identities in the cloud
- Cloud-based solution to integrate RSA's Cloud Trust Authority, RSA's Adaptive Authentication and Zscaler's Cloud Security service
RSA, The Security Division of EMC and Zscaler recently announced they are jointly developing a cloud-based solution to assert continuous trust in identities accessing any web application or cloud service. The solution is designed to help enable organizations to apply policy and control to identities even outside corporate networks, and simplify the challenge of managing user credentials associated with multiple cloud applications and web services. The integration of risk-based authentication and identity federation from RSA's Cloud Trust Authority and RSA Adaptive Authentication solutions along with the inline web security capabilities of Zscaler's Cloud Security service would enable a ubiquitous service for continuous, risk-aware identification of users accessing the Internet.
The solution will include strong user authentication, identity federation, and dynamic risk assessment based on device identification, user behavioral profiling, and vulnerability detection. The combined service being developed will be engineered to help organizations mitigate the risks of data theft, service abuse, and other threats that stem from insufficient authentication, stolen credentials or compromised user devices and accounts. By monitoring the behavior of authenticated users and environmental conditions, the developed service will create a dynamic risk profile that can be used by web applications to minimize the potential of access from compromised accounts, bots, and malware, while still ensuring a positive, simple user experience.
Phillip Hochmuth, IDC Analyst
"Enterprises are shifting mission-critical applications and data into the cloud, and users are becoming more mobile than ever. As a result more and more access to enterprise resources is occurring from outside corporate networks, using devices not controlled by the enterprise IT teams. Attackers know that they can often steal corporate data more easily by compromising user accounts, sessions and endpoints, rather than attacking the enterprise servers or SaaS applications directly. Zscaler and RSA are developing the industry's only solution to this growing risk by integrating dynamic, behavior–based authentication with a global web security platform that protects users and data across all applications and web destinations."
RSA Executive Quote
Art Coviello, Executive Vice President, EMC Corporation and Executive Chairman, RSA
"Tight integration between trusted authentication and web security technology delivered as a cloud service will offer much needed defense to counter increasingly sophisticated threats in mobile and cloud environments. RSA provides risk-aware authentication which, when combined with Zscaler's Cloud Security service, will help enable continuous identity assurance and policy enforcement in the cloud."
Zscaler Executive Quote
Jay Chaudhry, President and CEO, Zscaler
"Trust is no longer about simply identifying the user. With more devices accessing more applications and data from more locations, trust must be established and enforced dynamically. Through this development partnership with RSA, Zscaler will enhance security for our customers and the cloud services they depend upon, by continually and dynamically establishing trust."
Joint Go-To-Market Initiatives
In addition to development of the cloud service to provide inline identity-awareness, both companies will also work together to jointly market and sell the combined solution.
RSA and Zscaler are showing a proof of concept of this capability in their booths at the RSA Conference. RSA will also demonstrate a beta version of the RSA Cloud Trust Authority federation service.
Security and Compliance in the Post-PC World
Mobility and Cloud Computing change not only how and where organizations access information and applications but also how to manage ensuring trusted access, policy enforcement and even governance. Ensuring and managing this trust becomes more complex as more and more IT services and sensitive information are accessed and consumed via devices, networks and applications that live entirely outside of corporate IT's direct control. RSA outlines five key criteria that are essential to delivering security and compliance for this remote, hyper-extended world.
- Authentication must move to the cloud. To address increased mobility of end users, authentication itself must be delivered from the cloud regardless of user location.
- Enterprise identity management must extend to the cloud. Identity information confined within the enterprise must extend to the cloud rather than create multiple independent silos of identities.
- Trust must be constantly verified. Trust is the key component throughout the user session and must go beyond authentication at login to more confidently detect and prevent session compromise.
- Security must be risk-based. Risk-based controls and analytics need to adapt to the risk levels that exist as users travel to remote locations, utilize remote networks and access a broader variety of cloud and web-based applications.
- Leverage an ecosystem. Providing trust, visibility and control will require an ecosystem versus any single vendor solution. Security must be built into the Internet directly across all devices and access methods wherever the user and information reside. This requires an ecosystem of vendors working in concert.
RSA, The Security Division of EMC is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations solve their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention, Continuous Network Monitoring, and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated.
Through a multi-tenant, globally-deployed infrastructure, Zscaler enforces business policy, mitigates risk, and provides twice the functionality at a fraction of the cost of current solutions. It enables organizations to provide the right access to the right users, from any place and on any device - while empowering the end-user with a rich Internet experience. For more information, visit us www.zscaler.com.
SOURCE: EMC Corporation