The agreement, announced Thursday, will see RSA’s data loss prevention classification technology built into the Microsoft platform. The companies also announced that DLP 6.5 will be engineered into Microsoft Active Directory Rights Management Services (RMS) within Windows Server 2008 and released later this month.
RSA’s DLP suite keeps track of corporate information across the data centre, controls what data leaves your network, and monitors sensitive information found across endpoint devices such as laptops and desktops. The tool uses a combination of encryption, content analysis, and role-based access controls.
“When you think about a typical enterprise, on one end they want to protect their intellectual property and prevent information leaks,” JG Chirapurath, director of marketing for identity and security at Microsoft, said. “On the other end, they want to collaborate securely across multiple departments.”
That requires identity awareness within rights management, he added.
Tom Corn, vice-president of product management and market with RSA’s Data Security Group, said that protecting information is an end-to-end problem. Information moves as it works its way through databases, storage systems, backup tapes, laptops, and other applications, he said.
“Today what we have is a collection of point products,” he said. “There are DLP products, rights management products, encryption products, and a whole range of controls.”
The longer-term vision for Microsoft and EMC is to allow organizations to take the infrastructure they already have and solve these security issues without deploying new software, he added.
Corn also said that many security solutions on the market today lack an identity awareness component.
The partnership, he said, brings identity and rights management together in an easy-to-manage package – Microsoft’s tools become content-aware, while RSA’s tools become identity aware.
“For example, an organization trying to protect personal health will allow them to centrally define a policy for personal health information, how it should be treated if it shows up on SharePoint sites, laptops, databases, or on e-mail, and how to handle this,” he said. “We could then add the concept of identity to that. All of it can be defined in a central place and then pushed onto Microsoft or non-Microsoft products.”
Candice Low, research analyst at Info-Tech Research Group, said Microsoft’s partnership with EMC comes at an opportunistic time for the software giant, with a growing number of data leakages and thefts hitting the news recently. She said that Microsoft is sending a strong message to IT leaders – that RSA is the best solution on the market for DLP.
“This move benefits Microsoft, by adding top-tier protection capabilities at a time when the market is demanding them, and benefits RSA by streamlining their sales process into the thousands of enterprises that rely on Microsoft management systems,” Low said. “[It also] benefits Microsoft-centric enterprises by giving them improved security at essentially no cost through an administrative interface they already know.”
John Pescatore, a distinguished analyst covering security and privacy at Gartner Inc., said the major news of the announcement is Microsoft’s move to support the capability to have content-specific security policies applied to Microsoft Office documents.
“Basically, integration of DLP and Windows rights management services could allow the policy, around say a Word document, to change if the content was modified to include sensitive information,” he said. “This is something that has been available from third-party products but not integrated directly into Office.”
Pescatore warned, however, that Microsoft often enters into these types of partnerships and then usually abandons them a couple years in to either use their own technology or to acquire similar technology.
“Since this is not an exclusive or long-term arrangement, the same pattern is likely to happen here,” he said.