Melpomene - Fotolia

RSA president outlines cloud security strategy, IDaaS plans

RSA President Amit Yoran discusses how the security vendor is changing its focus and explains how cloud security will play an important role in RSA's new strategy.

Like many legacy information security vendors, RSA Security has dramatically shifted its strategy recently, but RSA President Amit Yoran said that shift won't include focusing on cloud-only products and services.

Speaking to a group of journalists at an event in Boston last month, Yoran discussed a variety of topics including his company's cloud security strategy. Yoran, who was named president of RSA in late 2014, explained how the vendor is focusing on identity and authentication technology and leaving behind security categories and markets such as data loss prevention and cryptography.

"Our view of the world is that the approach that people have taken for decades is not getting the job done and the market is ripe for disruption," Yoran said. "And we think we have the ability and the willingness to disrupt ourselves. So we've been on a very deliberate journey to radically transform RSA to align with our view of the world and future."

But that transformation, Yoran said, will not include developing and marketing cloud-specific security products. Instead, he said, the RSA cloud security strategy will take a unified approach with products and services that can cover both on-premise and cloud security needs.

"There are definitely some cloud- specific security functions that don't exist or don't have natural parallels in the traditional enterprise environment, but I know of very few companies that are cloud only," Yoran said. "There are very few security programs or teams that say 'I need to have visibility into my cloud environment.' Usually it's 'I need to have visibility into what's going on in my IT environment,' whether it's inside the enterprise or in the cloud. So we don't view cloud as a separate and distinct environment."

We think we have the ability and the willingness to disrupt ourselves. So we've been on a very deliberate journey to radically transform RSA to align with our view of the world and future.
Amit YoranPresident of RSA Security

Yoran said that RSA has made a concerted effort over the last year to extend its core products and services to the cloud. For example, the vendor announced at RSA Conference 2015 last spring that the RSA Security Analytics platform had been revamped to include coverage for cloud environments.

"RSA's Security Analytics platform will help you see what's happening in your environment whether it's your enterprise or pulling data off of cloud-based environments so you can have a unified view," Yoran said. "Our [RSA Via] identity management solution is designed so you can get provisioning and de-provisioning and authentication and identity management needs met internal to the enterprise or into cloud based apps and services."

But that's not to say that RSA won't be competing with cloud security vendors and service providers. Yoran said that technology like Via Access, which provides secure authentication to cloud services, will compete with cloud access security brokers. "To some extent, we're going after that market as well," he said. "[But] we think people want to do security and risk management across their enterprise, whether it's in the cloud or in a traditional environment. That's our approach. And we'll see how many of the cloud-only security vendors end up succeeding."

Yoran said the RSA cloud security strategy will concentrate heavily on building up a presence in the identity-as-a-service (IDaaS) market with its Via suite. However, the biggest challenge to its IDaaS push won't be other security vendors, he said.

"If you look at the enterprise identity-as-a-service market, the companies that want to own it are Facebook, Apple and Google. And the companies that corporations probably trust the least in the ecosystem are Facebook, Apple and Google," Yoran said. "We've got 25,000 of the world's largest enterprises that already trust us with their authentication needs, so even though I joke with the team about this uphill battle that we have in front of us, I think we have a unique opportunity to expand from authentication into this enterprise identity-as-a-service space."

Despite its IDaaS ambitions, Yoran doesn't expect RSA to adopt a cloud-heavy message. "I think RSA has a very trusted name in security. We haven't been hyping the cloud-specific aspects of what we do," Yoran said. "It's definitely part of what we do, but we just don't go around advertising or marketing it that way."

Next Steps

Find out why Amit Yoran believes the security industry needs a "radical change"

Learn about the benefits and risks of identity as a service

Discover why security vendors and cloud providers support cloud identity standards

Dig Deeper on Cloud Provisioning and Cloud Identity Management Issues