RealTime IT News

RSA Bets on Compliance

Seems like almost everyone's selling compliance these days. Enterprise search firms are betting that compliance features will bring in the cash. So are security vendors.

RSA, EMC's (NYSE: EMC) security subsidiary, today announced a new version of its data loss prevention software, RSA DLP 7.0. "Compliance is so important in today's market due to the increase in regulations focused on data protection, the fines associated with data breaches, and the negative impact to a company's brand and reputation," said Katie Curtin-Mestre, RSA director of product marketing

Most DLP solutions carry similar price tags, but can have very different long term costs, Curtin-Mestre added. False positives can waste precious IT management time and the hardware requirements differ.

"Customers are focused on TCO (total cost of ownership) given the need to reduce their cap-ex and op-ex budgets," she said.

With IT organizations operating on tight budgets, automation is key. For example, she said, a key differentiator RSA DLP has had for some time is the inclusion of temporary agents on laptops. These software agents scan the laptop and then automatically uninstall themselves, leaving zero footprint behind.

For today's announcement, the key point with regard to cost reduction is grid scanning. The new version of RSA DLP delivers a grid that is automatically load balanced without human intervention. The goal is to require less new equipment by allowing the software to use spare processing cycles on existing hardware.

The company is adding new features, too numerous to list here, but one stands out. DLP 7.0 includes an "un-send" feature to e-mail that's similar to the optional undo send feature added to Gmail last month. But there's one key difference -- it's specifically designed to prevent the accidental transfer of sensitive information and it doesn't require a quick five second un-send decision like GMail's does.

While not in the standard consumer Gmail offering, the Google Apps Premier Edition suite lets administrators set security and business rules for Gmail related to specific content and file attachments in accordance with compliance requirements.

Automating security policies

"When an end user sends an e-mail containing sensitive data, he or she is given the option to send the e-mail or cancel it," said Curtin-Mestre. "This automates the process of handling security incidents and also helps to educate end users on security policies."

Of course, there's more compliance. The company is adding to a massive list of compliance templates. "RSA has made the most extensive investment in the industry," said Curtin-Mestre, referring to the 100 templates the company has already built. "We have extended our leadership in this area with 22 new policy templates."

Topics covered by the templates include industry and government regulations (such as PCI, HIPAA, SOX, CAB 1298), intellectual policy protection, confidential information protection, and even acceptable use (controlling such topics as illegal drugs, obscenities, and violence).

Finally, the company is offering integration between its RSA DLP suite and its RSA enVision Platform, which handles Security Information Management (SIM) . The integration is designed to simplify security and compliance reporting for customers who have both products.

Expect to hear a lot more from RSA this week and next as the RSA Conference 2009 gets underway, running April 20 - 24 in San Franscisco.

"RSA will be issuing a number of releases related to our product strategy and vision at the conference. This is the first of them," said Curtin-Mestre.

The RSA DLP Suite is priced based on the number of users and starts at approximately $50,000. RSA enVision starts at $35,000 for small centralized deployments and scales up to massive global deployments, said Curtin-Mestre.