RealTime IT News

Vendors See More DLP with ID Management

When California Senator Dianne Feinstein (D-Calif.) re-introduced legislation on data breaches and individual privacy last week, enterprises were already trying to get ahead of the bills.

For example, enterprises are increasingly tying data loss prevention (DLP) functions into their identity and role management products. Take Computer Associates (NASDAQ: CA), which just announced last week that it acquired data loss prevention (DLP) vendor Orchestria to beef up its security products.

If the pace of data breaches reported each year keeps rising, expect to see integrated solutions like this become increasingly important. The Identity Theft Resource Center counted 656 reported breaches in the past year, 47 percent more than the 446 reported in 2007. The ITRC is a non-profit corporation that battles identity theft nationwide.

Last year, Microsoft and RSA announced they would integrate their products to provide DLP to users.

"Governance and compliance are tied in closely with DLP and identity and access management," Bill Mann, senior vice president of security management at CA, told InternetNews.com. "It's critical for organizations to identify who has access to data by identity and role," Mann said.

Indeed it is; 50 percent of 179 companies surveyed by research firm Enterprise Strategy Group said internal breaches were directly responsible for the loss of confidential data over the past 12 months. Another 11 percent blamed a combination of internal breaches and external attacks for data loss.

Saving time and money

"Organizations have spent a considerable amount of time creating roles and rules for identity policy access and control," Diana Kelley, founder of security advisors SecurityCurve, told InternetNews.com by e-mail.

"Often, one entity, such as an account manager, requires access to, or needs to create, a sensitive piece of data such as a bank account, to which other entities should not have access; so tying identity or role awareness to data protection is useful for the business."

CA expects the Orchestria acquisition will be completed by the end of the month. It will tie Orchestria's DLP product into its own identity and access management offerings, and also sell the product standalone.

"CA is trying to develop and enforce policies that apply an understanding of both the data being acted on and the identity of the actor," Jonathan Penn, a vice president at research firm Forrester, told InternetNews.com by e-mail.

"No other major identity and access management (IAM) vendor has yet ventured into the DLP area or has the tools within its own portfolio to do this, and no DLP player has a deep understanding or control over identity."