Data Loss Prevention Tools: How Microsoft, RSA Will Work Together

Microsoft and RSA, The Security Division of EMC, said Thursday they will partner on data loss protection products and will eventually see an actual build in of RSA technology into Microsoft platforms.

The resulting products will enable organizations to centrally define information security policy, automatically identify and classify sensitive data anywhere in the infrastructure, and use a range of controls to protect data at the endpoints, network, and data center, according to a joint statement from RSA and Microsoft.

The plan has two phases, according to officials with both companies. RSA this month will ship its DLP Suite version 6.5, which will integrate tightly with Microsoft Active Directory Rights Management Services within Windows Server 2008. The longer-term phase, which several analysts said was the more noteworthy, will see Microsoft build RSA’s DLP classification engine into Microsoft core platforms and future information-protection products. No date was given on the availability of those solutions.

“Companies continue to struggle to protect sensitive data across the enterprise,” said Chris Young, senior vice president of RSA. “Point solutions require that multiple policies and technologies be stitched together and independently managed, which is costly and complex. ”

The DLP market, which has grown 82 percent year over year, according to Gartner Inc., has seen a number of acquisitions and consolidations in the last year. Security vendors Symantec and McAfee both purchased DLP product makers. EMC acquired Tablus in 2007. The product involved in Thursday’s announcement is the Tablus product rebranded according to Rich Mogull, an analyst with Securosis.

“What is coming out immediately is interesting but not overly exciting,” said Mogull. “It gets more interesting down the road as Microsoft embeds the DLP technology into their product line in different areas. Users will have, at least, basic content-awareness capabilities built into the infrastructure. One of the challenges with DLP is that to really protect data, we want to be able to protect it as best we can, in as many places as we can. The more that ability to analyze that content is built into more places, the easier it is for us to plug in, to take comprehensive look at data protection.”

“They are moving toward something that could be revolutionary because Microsoft owns so many of the platforms that are used by organizations today,” said Diane Kelly of Security Curve. “A lot of companies are struggling with what they do with enterprise rights management. They are trying to marry it to their content management, to their DLP prevention solutions. By embedding into Microsoft solutions, it could be a game changer.”