EMC DLP and Microsoft DRM convergence headlines

7 views
Skip to first unread message

winston...@gmail.com

unread,
Jan 2, 2009, 11:54:17 AM1/2/09
to Content Monitoring
http://www.itworldcanada.com/a/Daily-News/5ca1db1c-74f2-47ef-b028-a4dd6f2ab12a.html

EMC data loss tool gets baked into MS platform
By: Rafael Ruffolo - ComputerWorld Canada (04 Dec 2008)

Both companies want to save IT managers the headaches of buying,
deploying and managing multiple tools to manage their sensitive data.
Will the partnership be a winning proposition? Analysts from Gartner
and Info-Tech weigh in.

EMC Corp.’s security division RSA will integrate its data security
software into Microsoft Corp.’s rights management technology.

The agreement, announced Thursday, will see RSA’s data loss prevention
classification technology built into the Microsoft platform. The
companies also announced that DLP 6.5 will be engineered into
Microsoft Active Directory Rights Management Services (RMS) within
Windows Server 2008 and released later this month.

RSA’s DLP suite keeps track of corporate information across the data
centre, controls what data leaves your network, and monitors sensitive
information found across endpoint devices such as laptops and
desktops. The tool uses a combination of encryption, content analysis,
and role-based access controls.

“When you think about a typical enterprise, on one end they want to
protect their intellectual property and prevent information leaks,” JG
Chirapurath, director of marketing for identity and security at
Microsoft, said. “On the other end, they want to collaborate securely
across multiple departments.”

That requires identity awareness within rights management, he added.

Tom Corn, vice-president of product management and market with RSA’s
Data Security Group, said that protecting information is an end-to-end
problem. Information moves as it works its way through databases,
storage systems, backup tapes, laptops, and other applications, he
said.
Read more

Visit IT World Canada's Security Knowledge Centre

“Today what we have is a collection of point products,” he said.
“There are DLP products, rights management products, encryption
products, and a whole range of controls.”

The longer-term vision for Microsoft and EMC is to allow organizations
to take the infrastructure they already have and solve these security
issues without deploying new software, he added.
Click here to find out more!

Corn also said that many security solutions on the market today lack
an identity awareness component.

The partnership, he said, brings identity and rights management
together in an easy-to-manage package – Microsoft’s tools become
content-aware, while RSA’s tools become identity aware.

“For example, an organization trying to protect personal health will
allow them to centrally define a policy for personal health
information, how it should be treated if it shows up on SharePoint
sites, laptops, databases, or on e-mail, and how to handle this,” he
said. “We could then add the concept of identity to that. All of it
can be defined in a central place and then pushed onto Microsoft or
non-Microsoft products.”

Candice Low, research analyst at Info-Tech Research Group, said
Microsoft’s partnership with EMC comes at an opportunistic time for
the software giant, with a growing number of data leakages and thefts
hitting the news recently. She said that Microsoft is sending a strong
message to IT leaders – that RSA is the best solution on the market
for DLP.

“This move benefits Microsoft, by adding top-tier protection
capabilities at a time when the market is demanding them, and benefits
RSA by streamlining their sales process into the thousands of
enterprises that rely on Microsoft management systems,” Low said. “[It
also] benefits Microsoft-centric enterprises by giving them improved
security at essentially no cost through an administrative interface
they already know.”

John Pescatore, a distinguished analyst covering security and privacy
at Gartner Inc., said the major news of the announcement is
Microsoft’s move to support the capability to have content-specific
security policies applied to Microsoft Office documents.

“Basically, integration of DLP and Windows rights management services
could allow the policy, around say a Word document, to change if the
content was modified to include sensitive information,” he said. “This
is something that has been available from third-party products but not
integrated directly into Office.”

Pescatore warned, however, that Microsoft often enters into these
types of partnerships and then usually abandons them a couple years in
to either use their own technology or to acquire similar technology.

“Since this is not an exclusive or long-term arrangement, the same
pattern is likely to happen here,” he said.

winston...@gmail.com

unread,
Jan 2, 2009, 2:24:09 PM1/2/09
to Content Monitoring
More on this same topic:
http://att.com.com/8301-1009_3-9992494-83.html?tag=mncol;title#comments

With information technology, you can look at problems and solutions in
lots of different ways. For end users and academics, this can lead to
a lot of experimentation, skunk works projects, and trial-and-error.
But that is not the case when it comes to technology vendors. Start-
ups also see lots of ways to solve problems, but they are bound by
business plans, directors, and funding to pick their battles and build
focused solutions. Some make the right choice and get lucky, some
don't.

As an example, I offer two different solution types for data security:
Data Loss Prevention (DLP) and Enterprise Rights Management (ERM).
These two segments are focused on protecting confidential and private
data but each took a bit of a different approach. At a high level, DLP
solutions sort of assume that you don't know where your confidential
data is or what people are doing with it so you need some way to
prevent bad things from happening. Alternatively, ERM assumes that you
do know where the data is and what people should be doing with it so
you need automated tools for policy enforcement.
ERM, as an adjunct to DLP or as a standalone security suite, will
ultimately benefit users and investors alike.

These two related product segments have had vastly different fortunes.
DLP became the toast of the town with a number of visible
acquisitions. Port Authority was scooped up by Websense, EMC grabbed
Tablus, and Symantec purchased Vontu. Others like Orchestria and
Vericept continue to do well as independent companies. ERM players
didn't fair quite as well, however. Companies like Authentica and
Sealed Media were purchased at discounted prices while others simply
shut their doors.

DLP initially proved to be a better financial bet, but ultimately
there are a few ironies in this victory:

Ironic point No. 1: DLP vendors are now adding ERM-like functionality
like data usage policy enforcement into their products. I guess this
means that as users get a better understanding about their data and
how people use it, they realize that they need better ways to control
these activities.

Ironic point No. 2: ERM vendors like Adobe Systems, Liquid Machines,
and Microsoft that were able to ride out the market storm are now in
high demand. Users finally recognize the value here.

Like comedy, timing is everything when it comes to technology start-
ups. Believe me, I learned this lesson first-hand. The DLP guys found
a goldmine while ERM companies faded away. What's old is new again,
however. ERM, as an adjunct to DLP or as a standalone security suite,
will ultimately benefit users and investors alike.

On Jan 2, 11:54 am, winston.ogi...@gmail.com wrote:
> http://www.itworldcanada.com/a/Daily-News/5ca1db1c-74f2-47ef-b028-a4d...
Reply all
Reply to author
Forward
0 new messages