At the EMC European Momentum conference the company's executive vice president Dave DeWalt admitted that the firm's security is less than perfect.
In his Keynote speech to 1200 delegates DeWalt first explained that EMC had "over 10,000 attacks on their web site every month" and so they had got in a company to test their security. DeWalt was surprised when "less than 24 hours later I had pictures of my desktop and applications."
It's unlikely that he was referring to actual photographs, it's more likely that the security company provided him with screenshots of his desktop and applications, and hence had cracked their internal network security.
While it's routine for big companies to get in specialists to investigate their security on a regular basis, most of those companies are not the owners of security specialists RSA.
Back in July EMC paid around $2.1 billion dollars for RSA and at the time EMC CEO Joe Tucci said "Businesses can't secure what they don't manage, and when it comes to securing information, that means simply two things - managing the data and managing access to the data,"
He added "Bringing RSA into the fold provides EMC with industry-leading identity and access management technologies and best-in-class encryption and key management software to help EMC deliver information lifecycle management securely."
EMC prides itself on its speed assimilating companies; it has bought 10 this year. - But from this admission it's obvious that they've not quite managed to integrate RSA into their company's security systems.While a lack of security on EMC's internal network doesn't indicate that any of EMC's own products are lacking in security, it does pose some questions. Why doesn't a company that boasts a research and development spend of $4 billion over the last three years spend more on protecting their own network? And how long is it going to be before RSA is included in their products?
