EMC Rolls Out 5 GRC-Centered Security Services

EMC's consulting arm is introducing five security and risk management advisory services. "When you look at the services and the way we set this up, it's very much a reflection of our need to provide our customers with end-to-end solutions... framed under the broader umbrella of GRC--governance, risk and compliance," says Mat Allen, senior director, security and risk management global practice, EMC Consulting. "GRC acts as the center point."

The five services, available now, are: Trusted Cloud Advisory Services, to provide visibility into and control of an organization's private and public cloud environments; Information Governance Advisory Services, to facilitate a safe, efficient stewardship of high-value information; Governance, Risk and Compliance Advisory Services, to bring governance and visibility to risk management; Fraud and Identity Management Advisory Services, to protect sensitive information while allowing trusted identities to freely, securely interact with online systems in ways that increase efficiency, improve customer satisfaction and control costs; and Mobile Device Security Advisory Services, to help mitigate the rapidly escalating risks associated with providing mobile device access to sensitive data and resources. EMC says the new services are an extension of the security offerings of both the consulting and RSA units, backed by hundreds of certified security professionals with extensive governance, risk, compliance and security management experience.

Security analyst Ginny Roth, CISSP, Enterprise Strategy Group, thinks EMC's customers want security services, period, whether they come from RSA or some other vendor. "Security should be a natural adjunct to almost any vendor with offerings that either host or manage data, and hardware vendors should be no exception. EMC saw that years ago when they invested in RSA and this is the natural evolution of that vision."

She adds that most of the enterprise storage vendors also have security either built in to their offerings or as a P&L division within their organization (such as Dell-SecureWorks, HDS-HitachiID, HP-Enterprise Security Division and IBM-IBM Security Solutions). "EMC isn't really doing anything markedly different except packaging the services under the EMC name. The services themselves would rely heavily on RSA background and expertise. Granted, many of these security solutions are loosely coupled with storage, but that's not unusual since it's really about the data in all its forms, structured, unstructured, identity, etc.--that is the end game. Storage just happens to be the medium where the data, and consequently risk, resides."

Last September a Norton study put the cost of cyber crime at $114 billion annually, with an additional $274 billion for time lost. On a company basis, a recent HP-Ponemon study found the median annualized cost of cyber crime was $5.9 million per year, an increase of 56% from July 2010. Over a four-week period, the organizations surveyed experienced 72 successful attacks per week, an increase of nearly 45% from last year.

The numbers for 2011 aren't available yet, but in 2010 the worldwide security software revenue totaled $16.5 billion in 2010, a 12% increase from 2009 revenue of $14.7 billion, according to Gartner. Symantec had almost double the market share (18.9%) of its closest rival, McAfee, now owned by Intel (10.4%), but EMC cracked the top five with 3.8% of the overall market.

Allen says EMC has taken its security practice and practitioners to a whole new level, and now has the ability to formally address this market, as well as start investing in this business in a meaningful way. "We do an awful lot of work with clients designing architectures, and the logical progression is how do we secure that. We worked very closely with RSA and tied to their products, where necessary."

Initially, the company expects to work with industries or sectors that have had a material change in their operating environment through regulatory or technology inflection points, such as the pharmaceutical industry. "Anybody who is spinning a lot of data fast and use data in a way never used in the past. Those are the folks we're going to place our bets on as leaders in the marketplace."

Learn more about 5 Steps to Building A Private Cloud by subscribing to Network Computing Pro Reports (free, registration required).