Year 2007 saw the maximum number of security breaches, in spite of massive spends by enterprises on securing information. Another interesting survey question revealed that chief information security officers (CISOs) fear internal breaches a lot more than attacks by external sources. Hence, it is no surprise that enterprises have made information security the numer uno priority in their IT expenditure for 2008. Identifying the rising demand for enterprise security, the engineers at the India center of RSA Security strive day after day to build effective security solutions.

With more people using the Internet for day-to-day activities like banking, healthcare, insurance and booking tickets, critical private information is under an unprecedented threat. Information has been exploding like never before and securing it is getting cumbersome day–by-day. “The need of the hour is to have information centric focus – what and how much information is accessed by partners, customers, and employees need to be monitored,” explains Niranjan Maka, Sr. Director - India Development Center, RSA Security (the Security Division of EMC). Keeping this in mind, the company has offerings around Securing Enterprise Data, Securing Employee Access, Secure Partner Access, and Secure Customer Access such that information accessed by a user depends on his access rights.

It is in this context of information centric focus that RSA talks about the need for looking at storage and security in a cohesive fashion. The EMC-RSA merger in 2006 allowed RSA to combine its security solutions with the EMC storage lines, giving it an edge to compete with the larger vendors in the changing threatscape.

While the engineers at the India center are working towards new solutions, they are also closely watching the changing landscape in India and exploring opportunities for RSA to have a play in this emerging market. One such opportunity is federation, which is quite prevalent in developed markets. To make use of the market scope in federation, RSA developed the Federated Identity Manager (FIM).

“A federated identity is a single user identity that can be used to access a group of websites bound by the ties of federation,” explains Maka. Without federated identity, users are forced to manage different credentials for every site they use. This collection of IDs and passwords becomes difficult to manage and control over time, offering inroads for identity theft. Federated identity management builds on a trust relationship established between an organization and a person. For example, a user purchasing books via an online bookseller can use the same electronic identity to buy music CDs from another online store without having to establish credentials again. The federated identity offers businesses, governments, employees, and consumers a more convenient and secure way of accessing distributed domains without losing control over sensitive identity information. However, federation as a concept has not taken off in India yet, and spreading awareness of such a system could be a big opportunity for RSA in India.