RSA announced the RSA Cloud Trust Authority, a set of cloud-based services designed to facilitate secure and compliant relationships among organizations and cloud service providers. By enabling visibility and control over identities, information and infrastructure, it will foster the trust necessary for organizations to adopt cloud computing for mission-critical applications and sensitive information.
Organizations will be able to manage relationships with cloud service providers via the RSA Cloud Trust Authority console making it easy to configure and deploy cloud-based security services. The system is being architected to greatly streamline the ongoing management of trusted relationships eliminating the need for multiple point-to-point integrations involving custom code with both organizations and service providers.
Cloud Trust Authority initial offerings:
Identity Service: This service will be powered by VMware’s forthcoming Project Horizon, a cloud-based management service with the mission of delivering simple, secure end-user access and provisioning to applications and data across the widest range of end-user devices. The Identity Service will be designed to enable a customer to manage secure user access and user provisioning to multiple cloud providers via federated single sign-on and directory synchronization. It will be engineered to enable federated identity management among an enterprise and its cloud service providers, or among multiple cloud service providers themselves with options for strong authentication using RSA SecurID technology.
Compliance Profiling Service: Leveraging the RSA Archer GRC platform, the Compliance Profiling Service will be engineered to enable customers to view the trust profiles of various cloud providers against a set of common benchmarks developed by the Cloud Security Alliance among other security frameworks. This cloud compliance solution is a step towards more automated compliance for cloud services. By providing centralized access to security profiles of various cloud providers against a common benchmark, RSA will make it easier for enterprises to rapidly add capabilities and on-board new cloud service providers, lowering thus the barriers to trusted cloud computing.
The RSA Cloud Trust Authority is part of a more complete portfolio of offerings being created by EMC to simplify the customer journey to cloud computing. EMC’s new Cloud Advisory Service with Cloud Optimizer is a strategic offering by EMC Consulting to assist customers in evaluating workloads for suitability to move to cloud models: private, public and hybrid. The new service helps customers develop a strategy for optimizing the placement of workloads by looking at three factors – economics, trust and functionality – to maximize cost savings and business agility.
A beta of the RSA Cloud Trust Authority will be available in the second half of 2011, and will include both Identity and Compliance offerings. Through it, RSA is building an ecosystem of cloud service providers who will collaborate with the company to enable secure and compliant cloud computing.
“Today, enterprises wanting to leverage one or more cloud service providers have to create secure access methods, establish compliance measurement and data controls and solve a number of other security challenges,” said Drew Simonis, Group Information Security Officer, Willis Group Holdings, plc. “The complexity and cost of establishing trusted relationships with each provider erodes the value of cloud computing by slowing down the ability to provision new providers as part of the total IT portfolio. The approach RSA is taking with the RSA Cloud Trust Authority holds promise for changing that by creating an intermediary for hosted security and compliance services and will move the burden of establishing trusted cloud computing from the customer to the cloud.”