RSA looking at India as development base 

RSA Security, Headquartered in Bedford, Massachusetts, a leading software company providing security software solution to enterprises in building secure e-security through its RSA SecureID authentication, RSA ClearTrust web access management, RSA BSAFE encryption and RSA Keon digital certificate management, opened their licensed office in Mumbai in Feb 2002.

According to company sources its presence in India has grown manifold. Previously the products were ordered from its Singapore set up where all the licensing of its product used to happen. It has sold over one billion licenses world over and has over 20 years of experience in providing security software solutions to enterprises.

In a rendezvous with the Technical Consultant for India dealing with Development Solutions, Janardhan Iyer elucidated on the uniqueness of their product and the expectations from the Indian market. 

NK: Why is it becoming essential for software companies to build secure applications?

JI: Always there has been the requirement for security to be available in an infrastructure where an application is running. As a first kind of defense, companies have been using firewalls and antivirus, which actually do not protect the information, but maybe restrict the access to particular ports, which run on a system. But the data security products are built on five building blocks, which is authenticating the user. This is a major requirement for the financial software providers, with the throwing open of online transactions happening all around the world. In such a scenario confidentiality of messages entering the network is required. Another requirement is the integrity of the messages, i.e. the messages should be tamper proof. Thirdly, messages should be non-refutable, i.e. a person sending a message cannot deny it at a later time. There is a level of authorization so that the level of access that a person is supposed to have is granted to that person and no more or no less is granted. These are the five building blocks on which a security solution has to be built Our products sell in the Enterprise Segment as shrink-wraps, i.e., which come as product itself. On the Developer Side, we have tool kits, which will enable other software developers to create products, which are secure. We ship the libraries and also the sample codes to the development outfits. These libraries can be embedded into any application that somebody is developing. When they take it to the market it is a secure application and provides all those building blocks that we talked about earlier. 

PKI is one thing, which requires all these to be there. It is an infrastructure where secure transactions can be carried out. The technology that drives PKI is based on Public Key Infrastructure, which is an invention of RSA. PKI evolves around various standards. There is the PKC (Public Key Cryptography) standard, which RSA writes and it also mandates how to enable a PKI. Three scientists, whose names give the name to our company - Rivest, Shamir and Adleman, invented PKCS way back in 1977. 

NK: How ISVs (Independent Software Vendors) can simplify and reduce the time it takes to build and support PKI security standards in software applications?

JI: Reduction in turn around time in production development is the major pushing factor in using our tool kit. The expertise is required to write cryptographic software. It is very specialized and based on mathematics number theory, it's a deep science.

An application developer need not bother about these sophisticated numbers. What we give them is a wrapper, which they can use directly to call into their application and what they roll out is security enabled. Here they need not invest their time to build these cryptographic routines/ security protocols/ PKI tools by themselves. It cuts their development time by more than 30 percent on an average basis. 

NK: What is your expectation from India?

JI: India is a market where a lot of software developments are done. By partnering with people as a development base we plan to have a bigger presence in India as well as the global market, by shipping the products from here to worldwide. 

NK: Can you elaborate on your channel program?

JI: Channel program is for the Enterprise Solution where we have partners and these partners will work with our customers to deploy our Enterprise Solution in their organization. Typically take the case of a financial institution or an insurance company who want to run our certified or authentication server. Our partners will work with them for the implementation of the product in their site. 

Nisha Kurian

(CNS)