RSA is engaged in discussions with major telcos in the Asia-Pacific region to explore partnerships in cybersecurity and possibly a malware monitoring center in Singapore.
Speaking to ZDNet ahead of the company's annual RSA Conference held this week in San Francisco, Vincent Goh, RSA's Asia-Pacific and Japan vice president, said its business in the region had evolved over the past six to seven years when the bulk of its business were from its tokens and identity management products. Today, its revenue was equally distributed cross tokens, ASOC (advanced security center), GRC (governance, risk, compliance), and identity management.
Noting that it indicated the vendor's diversified portfolio, Goh said enterprises were starting to realize the traditional way of addressing security concerns using logs was inadequate, since its effectiveness also depended on deep packet inspection for better visibility. If these controls were unable to identify a malware, the latter would not be shut out of the network.
He pointed to the vendor's ASOC offering, which centered on security analytics that provided critical information about data entering and leaving corporate networks, and provided the supporting tool to allow logs to function more effectively.
Asked if RSA had plans to sign deals with telcos in the region to offer such monitoring services, similar to the one inked between FireEye and Singtel last year, Goh said it was exploring its options and hoped to announce something later this year.
Singtel and FireEye in October 2014 inked an alliance to jointly build cybersecurity monitoring facilities in Singapore and Sydney, co-investing up to US$50 million over five years to fund the infrastructure and manpower for two Advanced Security Operation Centres.
Goh said RSA was speaking with "a lot of major telcos" as well as services integrators across the Asia-Pacific region and looking at the market segments these service providers targeted to ensure both companies' focus areas were aligned.
He pointed to Singapore, Japan, Australia, and India as potential markets where RSA would want to ink such agreements. It was also exploring plans to invest in "some form of malware monitoring center" to provide 24 by 7 coverage, Goh said, adding that if this were to actualize, the facility would likely be located in Singapore.
RSA in January last year set up two SOCs with Singapore's Temasek Polytechnic, where the education institution would house the security operations centers on campus to monitor online traffic and security. The sites also served as a learning environment for its students. It signed a similar agreement with Republic Polytechnic in January 2015.
Asked what were some challenges Asian countries faced with regard to cybersecurity, Goh said while there certainly was room for more cooperation and sharing of information, the varying degrees of maturity between nations in terms of knowledge about cybercrime was an issue that was difficult to resolve.
At the RSA Conference Asia-Pacific in Singapore last year, the company's executive chairman Art Coviello had called for Asian countries to set aside their differences and worked together to fight cybercrime. He also outlined four principles as foundation for new digital norms, which included renouncing the use of cyberweapons and cooperating internationally in the investigation and prosecution of cybercriminals.
"The region is very diversified [so] I don't there's an answer that fits all. We operate in 13 countries and 55 cities, and each has its own set of regulations," Goh explained, noting that some countries had stronger legislations around intellectual property rights such as Japan, while others only recently introduced data privacy bills.
RSA launches authentication suite that taps users' mobile device
At this week's RSA Conference, the security vendor unveiled its Via suite of products touted to provide a unified authentication and identity access management across various platforms and devices.
It encompasses a cloud-based service, Via Access, which allows users to choose their authentication method such as the fingerprint reader on their mobile phone, to access their company's network and corporate data. Organizations will be able to manage the level of access and privacy of individual profiles via Via Governance and Via Lifecycle, which are part of the product suite.
Goh said: "We now see identity as the new perimeter. If you look at some of the major breaches recently, the primary entry point had been human. And you're dealing with more apps running on the cloud and more identities to manage. End-users will connect to the internet to use social media and productivity tools, whether we like it or not. When companies don't have the proper tools to manage that, their employees will work their way around it, resulting in shadow IT."
He noted that the current way of protecting end-users were no longer effective, in which users had to manage multiple user IDs and passwords to access various apps and services such as Dropbox, Evernote, and Salesforce.com.
Users have to manage all these parts on their own, and often end up using the same password for all their accounts or having multiple passwords that they would then forget, he said. With Via, RSA had tapped its traditional strength in authentication, and coupled that with new technologies in cloud and mobile, he added.
Enterprises can subscribe to the product as a cloud service, integrate cloud-based applications their employees to which need access, and allow their users to choose a form of authentication on their mobile device to log into Via. Once they have signed into the RSA service, they can access the applications their user profile have been set up to access, Goh said.
"It increases authentication on the cloud and utilizes the technology that's already available on the user's device," he said, suggesting that future support could enable facial recognition via the phone's camera or voice recognition.
Via Access will be available from June 2015, while Via Lifecycle and Via Governance are currently available. The Via product line also includes the vendor's SecureID and Adaptive Authentication.