Microsoft and RSA team up to set new standards for DLP

by Steve Ragan - Dec 4 2008, 17:01

RSA and Microsoft plan to strengthen their existing working relationship, the two companies announced today, by merging RSA’s DLP technology into Microsoft’s existing platform. While seen as a great move for DLP in the future, the consensus is that there is nothing amazing in the short term about this news.

The resulting collaboration, Microsoft said, is designed to enable IT with the ability to define information security policy. The new DLP will allow businesses to identify and classify sensitive data virtually anywhere in the infrastructure, automatically. In addition, in the near term, RSA’s DLP Suite 6.5 will be engineered to integrate tightly with Microsoft Active Directory Rights Management Services (RMS) within Windows Server 2008.

Rich Mogull, founder of Securosis, observed that it was, “…an extremely significant development in the long term future of DLP. Actually, it’s a nail in the coffin of the term “DLP” and moves us clearly and directly to what we call “CMP“- Content Monitoring and Protection,” on his company blog.

“It moves us closer and closer to the DLP engine being available everywhere (and somewhat commoditized), and the real value in being in the central policy management, analysis, workflow, and incident management system. DLP/CMP vendors don’t go away- but their focus changes as the agent technology is built more broadly into the IT infrastructure. This definitely won’t be limited to just Microsoft.”

Mogull presented a perfect example at the end of his thoughts, one that sums up where the new DLP is heading.

“Now just imagine a world where you run a query on a SQL database and any sensitive results are appropriately protected as you place them into an Excel spreadsheet. You then drop that spreadsheet into a PowerPoint presentation and email it to the sales team. It’s still quietly protected, and when one sales guy tries to email it to his Gmail account, it’s blocked. When he transfers it to a USB device, it’s encrypted using a company key so he can’t put it on his home computer. If he accidentally sends it to someone in the call center, they can’t read it. In the final PDF, he can’t cut out the table and put it in another document.”

DLP has taken off in 2008; the growth is in part because companies have seen the value of protecting the second most critical asset of the business, information.

The other reasons for the growth can be attributed to the impressive growth in news surrounding data loss leading to information exposure and hundreds of millions of dollars spent recovering from data breaches.

“Companies continue to struggle to protect sensitive data across the enterprise,” said Christopher Young, senior vice president of products at RSA. “Point solutions require that multiple policies and technologies be stitched together and independently managed, which is costly and complex. By building technology solutions such as RSA DLP classification into the infrastructure, Microsoft and RSA are providing a new approach that balances the need to help ensure protection with accessibility.”

While Microsoft said that Server 2008 will take advantage first, there are plans for the entire Microsoft platform to use the new DLP/SMP technology. However, they would not confirm any timelines. There are still some things to work out, so you can be sure to hear more news about this in 2009.

Around the Web