http://www.itworldcanada.com/a/Daily-News/5ca1db1c-74f2-47ef-b028-a4dd6f2ab12a.html
EMC data loss tool gets baked into MS platform
By: Rafael Ruffolo - ComputerWorld Canada (04 Dec 2008)
Both companies want to save IT managers the headaches of buying,
deploying and managing multiple tools to manage their sensitive data.
Will the partnership be a winning proposition? Analysts from Gartner
and Info-Tech weigh in.
EMC Corp.’s security division RSA will integrate its data security
software into Microsoft Corp.’s rights management technology.
The agreement, announced Thursday, will see RSA’s data loss prevention
classification technology built into the Microsoft platform. The
companies also announced that DLP 6.5 will be engineered into
Microsoft Active Directory Rights Management Services (RMS) within
Windows Server 2008 and released later this month.
RSA’s DLP suite keeps track of corporate information across the data
centre, controls what data leaves your network, and monitors sensitive
information found across endpoint devices such as laptops and
desktops. The tool uses a combination of encryption, content analysis,
and role-based access controls.
“When you think about a typical enterprise, on one end they want to
protect their intellectual property and prevent information leaks,” JG
Chirapurath, director of marketing for identity and security at
Microsoft, said. “On the other end, they want to collaborate securely
across multiple departments.”
That requires identity awareness within rights management, he added.
Tom Corn, vice-president of product management and market with RSA’s
Data Security Group, said that protecting information is an end-to-end
problem. Information moves as it works its way through databases,
storage systems, backup tapes, laptops, and other applications, he
said.
Read more
Visit IT World Canada's Security Knowledge Centre
“Today what we have is a collection of point products,” he said.
“There are DLP products, rights management products, encryption
products, and a whole range of controls.”
The longer-term vision for Microsoft and EMC is to allow organizations
to take the infrastructure they already have and solve these security
issues without deploying new software, he added.
Click here to find out more!
Corn also said that many security solutions on the market today lack
an identity awareness component.
The partnership, he said, brings identity and rights management
together in an easy-to-manage package – Microsoft’s tools become
content-aware, while RSA’s tools become identity aware.
“For example, an organization trying to protect personal health will
allow them to centrally define a policy for personal health
information, how it should be treated if it shows up on SharePoint
sites, laptops, databases, or on e-mail, and how to handle this,” he
said. “We could then add the concept of identity to that. All of it
can be defined in a central place and then pushed onto Microsoft or
non-Microsoft products.”
Candice Low, research analyst at Info-Tech Research Group, said
Microsoft’s partnership with EMC comes at an opportunistic time for
the software giant, with a growing number of data leakages and thefts
hitting the news recently. She said that Microsoft is sending a strong
message to IT leaders – that RSA is the best solution on the market
for DLP.
“This move benefits Microsoft, by adding top-tier protection
capabilities at a time when the market is demanding them, and benefits
RSA by streamlining their sales process into the thousands of
enterprises that rely on Microsoft management systems,” Low said. “[It
also] benefits Microsoft-centric enterprises by giving them improved
security at essentially no cost through an administrative interface
they already know.”
John Pescatore, a distinguished analyst covering security and privacy
at Gartner Inc., said the major news of the announcement is
Microsoft’s move to support the capability to have content-specific
security policies applied to Microsoft Office documents.
“Basically, integration of DLP and Windows rights management services
could allow the policy, around say a Word document, to change if the
content was modified to include sensitive information,” he said. “This
is something that has been available from third-party products but not
integrated directly into Office.”
Pescatore warned, however, that Microsoft often enters into these
types of partnerships and then usually abandons them a couple years in
to either use their own technology or to acquire similar technology.
“Since this is not an exclusive or long-term arrangement, the same
pattern is likely to happen here,” he said.