EMC unveiled its data security strategy on Tuesday, including a new services offering and the availability of digital rights management software through its recent acquisition of Authentica.
Lost data tapes, database breaches and regulations requiring secure data retention moved storage security to the forefront last year. In response, EMC and other vendors have been scrambling to offer greater data security features. EMC promised greater emphasis on security at its annual analyst meeting last year, and also began reselling storage security gear.
"Despite significant investments in security personnel, processes and technology, few companies feel their information is truly secure," Dennis Hoffman, EMC's vice president of information security, said in a statement.
"The evolving threat environment has made it abundantly clear that the information many companies consider to be their most important asset is increasingly becoming a significant liability. And simply erecting physical security perimeters such as firewalls and antivirus gateways ignores the fact that information lives and moves throughout its life."
Hoffman said EMC's "information-centric" security strategy "is built upon the recognition that information security is becoming an information management problem."
Companies need to understand their data and implement a risk-based approach to securing it that comprises both the information and the infrastructure that handles it, he said.
EMC said its four-part strategy secures information throughout its lifecycle, helping customers assess the security of their information, secure their infrastructure, protect their sensitive information, and manage security information and events to assure effectiveness and regulatory compliance.
The Hopkinton, Mass.-based storage giant said its new Assessment Service for Storage Security, based on the National Security Agency's Information Assurance Methodology, evaluates the security of a customer's SAN, NAS and content addressed storage (CAS) deployments. EMC technology solutions personnel analyze storage platforms, networks, management systems, access controls, applications and other elements of the IT infrastructure to locate potential security risks and propose solutions for critical components.
EMC said Authentica's technology "provides a logical extension of EMC's highly secure Documentum Enterprise Content Management platform," allowing users to control access and use of unstructured data and content both inside and outside the enterprise.
Other offerings include:
EMC Documentum Trusted Content Services, which features repository encryption, electronic signatures, mandatory access control and digital shredding, among other features;
EMC Certified Data Erasure Services, which provide certified disk data sanitization to U.S. Department of Defense standards;
EMC NetWorker and Retrospect, backup software products that offer data encryption with advanced encryption standard (AES) 128-bit and AES 256-bit encryption on disk or tapes; and
EMC Centera, with content addressing and write once read many (WORM) design to assure the integrity and authenticity of data stored on and retrieved from the Centera platform.
Partnerships with NeoScale, Decru and CipherOptics provide encryption appliances to protect data at rest and in flight.
For more information, visit www.emc.com/security.