At the RSA Security Conference 2011 being held in San Francisco this week,RSA announced the RSA Cloud Trust Authority, a set of cloud-based services designed to facilitate secure and compliant relationships among organizations and cloud service providers.
By enabling visibility and control over identities, information, and infrastructure, the RSA Cloud Trust Authority aims to foster the trust necessary for organizations to adopt cloud computing for mission-critical applications and sensitive information.
To further support and strengthen this requirement, EMC (RSA's parent company) announced the new EMC Cloud Advisory Service with Cloud Optimizer, which will allow customers to create a balanced cloud strategy extending from legacy architectures through cloud service providers.
"Surveys show that lack of trust in cloud computing is slowing broader adoption of cloud services," said Art Coviello, Executive Chairman, RSA, the Security Division of EMC. "While cloud computing offers tremendous benefits in cost and agility, it breaks down some of the traditional means of ensuring visibility and control of infrastructure and information. Forcing enterprises to develop trusted relationships individually with each cloud service provider they wish to use is cumbersome and will not scale. New thinking in security and compliance is required to provide a future in which organizations can consume services from a wide variety of cloud service providers on-demand and for all their application needs."
The Cloud Trust Authority's initial offerings include:
- Identity Service: This service will be powered by VMware's forthcoming Project Horizon, a cloud-based management service with the mission of delivering simple, secure end-user access and provisioning to applications and data across the widest range of end-user devices. The Identity Service will be designed to enable a customer to manage secure user access and user provisioning to multiple cloud providers via federated single sign-on and directory synchronization.
- Compliance Profiling Service: Leveraging the RSA Archer GRC platform, the Compliance Profiling Service will be engineered to enable customers to view the trust profiles of various cloud providers against a set of common benchmarks developed by the Cloud Security Alliance among other security frameworks. This first-ever cloud compliance solution is a step towards more automated compliance for cloud services. By providing centralized access to security profiles of various cloud providers against a common benchmark, RSA will make it easier for enterprises to rapidly add capabilities and on-board new cloud service providers, dramatically lowering the barriers to trusted cloud computing.
A beta of the RSA Cloud Trust Authority will be available in the second half of 2011, and will include both Identity and Compliance offerings. Visit Dark Reading for more news on this topic "here.