EMC Outlines Comprehensive, Information-Centric Strategy For Securing Business Information

New Security Assessment Services, Digital Rights Management Software Help Customers Protect Critical Data

Hopkinton, Mass.-Tuesday, April 25, 2006, In response to growing customer concern over the security of their data, EMC Corporation, the world leader in information management and storage, today unveiled a comprehensive, information-centric approach to helping organizations secure their critical information. As part of its growing portfolio of security-enhanced products and services, the company also announced the EMC Assessment Service for Storage Security and the availability of digital rights management software through its recent acquisition of Authentica, Inc.

The need to secure data is clear: With more than 55 million customer records compromised in just over a year in the U.S. alone, and more than a million others lost on backup tapesi, assuring data confidentiality and integrity has become a major challenge for businesses. In addition to avoiding the financial implications of a data-loss event, organizations are challenged by information-specific compliance requirements imposed by industry and government regulations.

“Despite significant investments in security personnel, processes and technology, few companies feel their information is truly secure,” said Dennis Hoffman, EMC’s Vice President of Information Security. “The evolving threat environment has made it abundantly clear that the information many companies consider to be their most important asset is increasingly becoming a significant liability. And simply erecting physical security perimeters such as firewalls and antivirus gateways, ignores the fact that information lives, and moves, throughout its life.”

EMC’s Information-Centric Approach to Security

Hoffman added, “EMC’s information-centric security strategy is built upon the recognition that information security is becoming an information management problem. Companies need to understand their information and implement a risk-based approach to securing it that comprises both the information itself as well as the infrastructure that handles it. With unrivaled capability and experience in helping companies manage their information and protect it from loss due to disaster or operational failure, EMC is also ideally positioned to help companies protect their information from theft or accidental loss.”

EMC’s information-centric security strategy implements an integrated, four-part solution that secures information throughout its lifecycle. The strategy helps customers assess the security of their information, secure their information infrastructure, directly protect their sensitive information and manage security information and events to assure effectiveness and ease the burden of compliance. These capabilities are offered today through a combination of systems, software, services and solutions from EMC and from partners. These offerings will be aggressively extended and augmented going forward.

“The Enterprise Strategy Group believes that the stakes are too high to rely on status-quo security and that storage professionals must approach data security as a closed-loop lifecycle,” said Jon Oltsik, Senior Analyst, Information Security, Enterprise Strategy Group. “Today, EMC has raised the bar for storage security by outlining a comprehensive, disciplined approach to securing an organization’s critical data with a new, information-centric model to protect confidential information. Given EMC’s leadership position, this effort should ripple across the entire storage industry.”

Two new offers add to EMC’s existing portfolio of information-centric security solutions

Assessing the current state of information security is the first step to securing sensitive data. EMC professional services extend IT infrastructure security beyond the perimeter to include a wide range of storage deployments. The new EMC Assessment Service for Storage Security, based on the National Security Agency’s Information Assurance Methodology (NSA - IAM), evaluates the security posture of a customer’s Storage Area Network, Network Attached Storage and Content Addressed storage deployments in accordance with approved practices. As part of the new service offering, EMC technology solutions personnel analyze storage platforms, networks, management systems, access controls, applications and various other elements of the IT infrastructure to uncover potential security risks and propose remediation for critical components. Completion of the service enhances compliance with regulatory mandates and internal policy, and it extends IT infrastructure security beyond the perimeter to include all aspects of the storage environment.

In February of 2006, EMC completed the acquisition of Authentica, a leader in enterprise digital rights management technology. Authentica’s technology provides a logical extension of EMC’s highly secure Documentum Enterprise Content Management platform. Its patented approach to digital rights management enables users to dynamically control access and use of unstructured data and content, regardless of its location (both inside and outside the enterprise).

“Information is the lifeblood of our business,” said Christopher Kruse, President and CEO of CaseCentral. “The technology we now have from Authentica allows us to protect that information and ensure that it doesn’t go where it’s not supposed to, preventing damaging data leaks and keeping us in compliance with regulations for sensitive data.”

These new offers augment EMC’s robust and growing product and service portfolio, which boasts a lineup of inherently secure hardware, software and services. A sampling of EMC’s secure offerings includes:

* EMC Documentum Trusted Content Services – adds a level of security to the built-in security and access control supplied by EMC Documentum Content Server and features repository encryption, electronic signatures, mandatory access control, digital shredding and other security features.
* EMC Certified Data Erasure Services – provides certified disk data sanitization to U.S. government DOD standards.
* EMC NetWorker and EMC Retrospect – data back up software products that offer the ability to encrypt back up data with advanced encryption standard (AES) 128-bit and AES 256-bit encryption on disk or tapes.
* EMC Centera - content addressing and write once read many (WORM) design assures the integrity and authenticity of data stored on and retrieved from the Centera platform. Multiple partners rely on Centera to provide integrated security information management solutions. EMC Celerra networked attached storage also provides WORM capabilities.
* Partnerships to provide encryption appliances to protect data-at-rest and in-flight.

Availability

The EMC Assessment Service for Storage Security and EMC Documentum Digital Rights Management software are available immediately. For more information on these offers and EMC’s information-centric security strategy, please visit www.emc.com/security.

About EMC

EMC Corporation (NYSE: EMC) is the world leader in products, services and solutions for information management and storage that help organizations extract the maximum value from their information, at the lowest total cost, across every point in the information lifecycle. Information about EMC’s products and services can be found at www.EMC.com
For more on EMC news, events, and recent media coverage visit the news section of EMC.com. Note to editors: For further information about this release contact EMC Public Relations at pr@emc.com

EMC and Authentica are registered trademarks of EMC Corporation. All other trademarks are the property of their respective owners.

i Source: Privacy Rights Clearing House http://www.privacyrights.org/ar/chrondatabreaches.htm

Contact Information

Todd Cadley

Information Protection

EMC Corporation

Contact via E-mail