RSA and Zscaler concocting cloud authentication cure

Cloud security

EMC's security division has hooked up with Silicon Valley start-up Zscaler to create a product to make managing identity management outside of corporate networks simpler and more effective.

RSA said the cloud-based service would see its authentication technologies combined with Zscaler's agent-less, hardware-less security service to watch over external use of applications.

Zscaler's product works by pushing access and policy controls to company devices from datacentres that the vendor runs in 150 countries.

All Zscaler customers need to do is point traffic towards those datacentres. That traffic will also be scanned for potential threats.

The combined product will use that Zscaler technology - its ability to monitor users behaviour when accessing apps as well as check for vulnerabilities - with RSA's established authentication services.

We still haven't gotten rid of permiter-based thinking. We do not have a construct or a model for defence in depth. We need that badly.

During a prebrief at the RSA 2012 conference in San Francisco, RSA showed how the authentication rules would change depending on where the worker was.

For mobile device users, it will mean they are first authenticated at the ZScaler Secure Web Gateway.

So if the employee had hooked up to a new device and was attempting to access an app like, the Zscaler technology would detect that before pushing them to RSA authentication for further questioning. If the worker passed the questions, they would get to access

The product will seek to protect against hackers who choose to compromise user accounts and devices, rather than going after business servers.

Intriguingly, the companies will jointly market and sell the solution.

A proof of concept has been designed, but there was no word on when the product was expected to land.

During the press briefing yesterday evening, RSA chairman Art Coviello said the industry had to react to changes in the security landscape and the Zscaler partnership was one way in which EMC's security arm was doing that.

"There has been a confluence of events that has put our industry in a very, very challenging position... IT infrastructure has changed and the nature of the cyber criminals has changed," Coviello said.

"We still haven't gotten rid of permiter-based thinking. We do not have a construct or a model for defence in depth. We need that badly.

"With these changes in the environment and all these things that have gone on... not only do organisations have to manage what they can't directly control, but security companies have to secure what they can't directly control.

"We have our work cut out for us but we have that capability. This industry has been incredible at innovating... but we have to recognise the seriousness of the problem we are dealing with."

Locking down mobiles

RSA also talked up its collaboration with other vendors working in the mobile app and remote working space.

It has secured various deals with the likes of Citrix, Juniper Networks and VMware to embedRSA authentication technology into software such as Receiver, the Junos Pulse VPN and VMware View.

RSA has also formed tighter partnerships with other companies who are attacking the BYOD trend from the apps side, including Good Technology.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.