Microsoft, RSA Team Up on Data Security

As data breaches continue to hit the headlines, Microsoft and RSA today said they would integrate data protection products in a deepening of their long-standing relationship.

As a result, Microsoft (NASDAQ: MSFT) will embed the data-classification engine of RSA’s Data Loss Prevention (DLP) Suite into existing and future products. It also said it would tightly integrate RSA’s DLP Suite 6.5 with Windows Server 2008’s Active Directory Rights Management Services (RMS) — which
assigns user rights to help control their access to content like intranet sites, e-mails and documents.

“The goal is to give companies a far better way to protect sensitive data and share it securely,” said Tom Corn, vice president of products in the Data Security Group at RSA, the security arm of storage vendor EMC, (NYSE: EMC). “We’re not just integrating these technologies, but building them into the infrastructure.”

The move could shake up the DLP industry, forcing vendors, who traditionally offer closed solutions of their own, to integrate Microsoft and other third party vendors’ technology into their products, Gartner analyst Paul E. Proctor told in an e-mail.

The product created by integrating RSA’s DLP Suite 6.5 and Microsoft’s Active Directory RMS will be shipped later this month, Microsoft said. Running on Windows 2008, it will enable enterprises to automatically apply RMS-based information access and usage policies to content based on its sensitivity.

It will also enable users to implement data loss prevention controls tied to employees’ identity or group membership.

“You can define policies centrally about the information you want to protect, have your infrastructure be content-aware, have it understand when it’s handling sensitive information according to those policies, and know who’s touching that information,” RSA’s Corn told

The bitter with the sweet

While mobile devices are not currently covered by content-aware DLP agents, eventually they will be, Gartner’s Proctor said. That will be important, because the number of mobile users in enterprises is growing.

The joint Microsoft-RSA products also are aimed at helping enterprises further leverage their existing technology infrastructure. That could appeal to enterprises eager to avoid ponying up for additional hardware — something they are all very keen to avoid in this recession.

“We’re making sure the investments customers make today carry forward into the future,” JG Chirapurath, the director of Microsoft’s Identity and Security Business Group, told “We’ll use infrastructure customers already own, like Active Directory and SharePoint.”

Active Directory is used in many enterprises for access control, authentication and policy enforcement. SharePoint, meanwhile, has penetrated corporations rapidly as a collaboration and document management platform.

While implementing the pair’s DLP solution may avoid a large additional investment, it may not necessarily be a cakewalk. Network slowdowns could be one unfortunate result, Proctor said.

“DLP can introduce latency if it is not architected and used in the right places on the network,” he said.

Profits ahead

By working together, Microsoft and RSA are also aiming to better position themselves to cash in on a huge market. According to RSA’s Corn, the information protection market is $1.5 billion, while the DLP market is $250 million today.

DLP lags at present, but its technologies help businesses better control their information, according to Gartner.

“Traditional access control technologies only provide the ability to restrict access to sensitive information — they do not offer a layer of control once access has been provided,” Proctor and fellow Gartner analyst Eric Ouellet wrote in a recent report on the industry. “DLP, however, can restrict the use, as determined by policy, of sensitive information after access has been granted.”

Within the DLP and information protection markets, enterprises are demanding product suites. This resulted in a flurry of acquisitions between 2006 and 2007.

McAfee bought Onigma, Websense bought Port Authority, RSA bought Tablus, Raytheon bought Oakley Networks, Trend Micro bought Provilla and Symantec bought Vontu in November 2007 for $350 million. McAfee’s purchase of Reconnex in August for $46 million aimed to further anchor its DLP offerings, Gartner said.

“DLP is emerging as an important information security control, with capabilities beyond those traditionally affiliated with monitoring,” Proctor and Ouellet wrote.

News Around the Web