RSA and Zscaler concocting cloud authentication cure
RSA forms a partnership with Zscaler to bring better authentication for app use outside the enterprise.


EMC's security division has hooked up with Silicon Valley start-up Zscaler to create a product to make managing identity management outside of corporate networks simpler and more effective.
RSA said the cloud-based service would see its authentication technologies combined with Zscaler's agent-less, hardware-less security service to watch over external use of applications.
Zscaler's product works by pushing access and policy controls to company devices from datacentres that the vendor runs in 150 countries.
All Zscaler customers need to do is point traffic towards those datacentres. That traffic will also be scanned for potential threats.
The combined product will use that Zscaler technology - its ability to monitor users behaviour when accessing apps as well as check for vulnerabilities - with RSA's established authentication services.
We still haven't gotten rid of permiter-based thinking. We do not have a construct or a model for defence in depth. We need that badly.
During a prebrief at the RSA 2012 conference in San Francisco, RSA showed how the authentication rules would change depending on where the worker was.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
For mobile device users, it will mean they are first authenticated at the ZScaler Secure Web Gateway.
So if the employee had hooked up to a new device and was attempting to access an app like Salesforce.com, the Zscaler technology would detect that before pushing them to RSA authentication for further questioning. If the worker passed the questions, they would get to access Salesforce.com.
The product will seek to protect against hackers who choose to compromise user accounts and devices, rather than going after business servers.
Intriguingly, the companies will jointly market and sell the solution.
A proof of concept has been designed, but there was no word on when the product was expected to land.
During the press briefing yesterday evening, RSA chairman Art Coviello said the industry had to react to changes in the security landscape and the Zscaler partnership was one way in which EMC's security arm was doing that.
"There has been a confluence of events that has put our industry in a very, very challenging position... IT infrastructure has changed and the nature of the cyber criminals has changed," Coviello said.
"We still haven't gotten rid of permiter-based thinking. We do not have a construct or a model for defence in depth. We need that badly.
"With these changes in the environment and all these things that have gone on... not only do organisations have to manage what they can't directly control, but security companies have to secure what they can't directly control.
"We have our work cut out for us but we have that capability. This industry has been incredible at innovating... but we have to recognise the seriousness of the problem we are dealing with."
Locking down mobiles
RSA also talked up its collaboration with other vendors working in the mobile app and remote working space.
It has secured various deals with the likes of Citrix, Juniper Networks and VMware to embedRSA authentication technology into software such as Receiver, the Junos Pulse VPN and VMware View.
RSA has also formed tighter partnerships with other companies who are attacking the BYOD trend from the apps side, including Good Technology.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
GitHub CEO Thomas Dohmke thinks there’s still a place for junior developers in the age of AI
News GitHub CEO Thomas Dohmke believes junior developers still play a crucial role in the hierarchy of software development teams, and AI won't change that any time soon.
-
Scania admits leak of data after extortion attempt
News Hacker stole 34,000 files from a third-party managed website, trucking company says
-
RSAC in focus: Key takeaways for CISOs
The RSAC Conference 2025 spotlighted pivotal advancements in agentic AI, identity security, and collaborative defense strategies, shaping the evolving mandate for CISOs.
-
RSAC in focus: Quantum computing and security
Experts at RSAC 2025 emphasize the need for urgent action to secure data against future cryptographic risks posed by quantum computing
-
RSAC in focus: How AI is improving cybersecurity
AI is revolutionizing cybersecurity by enhancing threat detection, automating defenses, and letting IT professionals tackle evolving digital challenges.
-
RSAC in focus: Collaboration in cybersecurity
Experts at RSA Conference 2025 emphasised that collaboration across sectors and shared intelligence are pivotal to addressing the evolving challenges of cybersecurity.
-
RSAC in focus: Considerations and possibilities for the remainder of 2025
As 2025 unfolds, RSAC explores the pivotal considerations and emerging possibilities shaping the cybersecurity landscape
-
RSAC Conference 2025: The front line of cyber innovation
ITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
RSAC Conference 2025: AI and quantum complicate security
Organizations are grappling with the complications of adopting AI for security