EMC and RSA: A New Day for Data Security

Stay in the technology business long enough and you'll see everything come full circle. In January 2003, we were among the first to make the case for focusing security efforts on data by becoming less perimeter-centric and more asset-centric (see "Secure to the Core" ). Fast forward: EMC's June 29 acquisition of RSA is heralded as a new way of thinking about data security. Says RSA CEO Art Coviello, "Information security threats are evolving from attacks on the network and the perimeter to attacks on the data itself." It's about time.

This merger offers interesting possibilities. Encrypting data is relatively simple. It's key management that's hard, and EMC gets RSA's best-of-breed key-management capabilities. Identity management, another big piece of the puzzle, is difficult to develop, and EMC can benefit from RSA's established Access Manager and Federated Identity Manager. If EMC and RSA integrate their product lines, EMC could develop a robust data security ecosystem for the entire data lifecycle.

Still, EMC must resolve some thorny issues. First, the world is bigger than one vendor, even a vendor as big as EMC ($26 billion at press time, according to Google Finance). The potential for data-centric security is huge. But unless there's a standardized method for creating and exchanging protected data among multiple vendors' products, the true benefit will be extremely low. Companies can't dictate the software customers use, and other pressures may force standardization.

The RSA acquisition gives EMC competitive advantage in the information security space, and a golden opportunity to lead the market in a new direction. If it successfully executes its announced vision, the way we do information security will finally change for the better. --Mike Fratto, [email protected]