Software’s growing shift from the desktop to the cloud, and from the enterprise server to the grid or the virtual machine, promises new features — but also introduces new security concerns.
The shift also brings new business models, although partnerships and outsourcing can also exacerbate security problems.
Enter RSA, EMC’s security subsidiary, which is today offering its BSAFE encryption technology for free.
As a result, the company is offering developers a free download of the RSA BSAFE Share toolkit, an SDK
Of course, RSA expects to benefit from this free offer by learning about new software before it’s released. “We’re getting a chance to engage with people who are building products,” said Tom Corn, vice president of products at RSA’s data security group.
Corn noted that RSA’s BSAFE technology already makes the Web safe and is embedded “just about everywhere: in almost every Web browser, video game, and PDA.”
So what’s the ubiquitous technology in the cloud and in virtual environments that will be as vital as the Web browser?
RSA doesn’t know yet, “but we want to enable the first step in building those tools,” said Chris Court, product marketing manager for RSA’s data security group.
With enterprises experimenting with greater openness as a result of cloud computing, there’s a real need for such tools, RSA said. “Our view of the cloud and virtualization is that it’s exciting and can have a positive impact on security if done right,” Corn said.
But doing security right isn’t always easy. “We see a couple of stages of maturity,” Corn said. “The first is that we want to make sure that the process we enable doesn’t break in virtual environments or in the cloud. For example, if we encrypt or discover information or manage keys, it should work in the cloud and on virtual objects just as it works in the physical world.”
In the future, this need not be a concern if, say, RSA software is part of the infrastructure, the company said.
“The second level of maturity is when we embed the right technologies into the virtual and cloud infrastructures,” Corn said. “There’s the promise of making far more consistent infrastructure available everywhere in a frictionless manner.”
From selling products to selling services
There may be a consulting future for RSA if this works out. “We’ve increasingly noticed that we’re being brought in for our expertise in using encryption,” said Corn.
He added that if a successful product is built on a BSAFE foundation and sees a demand from government, RSA would help the developer produce a version that meets the FIPS (Federal Information Processing Standard) standard, the requirements of the federal government for security and interoperability. At that point, Corn said, RSA would have an opportunity for profit.
“We’re being very transparent about this,” Corn said. “It does solve a problem, but we think people will partner with us.”
If there’s a consulting opportunity, however, it’s a very focused opportunity.
“Our professional services in this area are essentially consulting,” Corn admitted. “But it’s a very, very technical kind of consulting that focuses on cryptography.”