Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Microsoft, RSA Partner To Integrate DLP, Identity Management

Broad adoption of data classification technology could be "game changer" for both DLP and Microsoft

In a move that analysts describe as "game changing" for data loss prevention (DLP) technology, Microsoft today announced plans to integrate RSA's DLP technology into its product line.

DLP, a technology that was practically unknown two years ago, has skyrocketed into enterprise security plans and road maps during the past 18 months. The technology -- which helps discover and apply security policies to sensitive data and content defined by the enterprise -- is rapidly becoming synonymous with the prevention of insider attacks and data leaks, a set of threats that is becoming increasingly serious as the economy declines. RSA, the security division of EMC, unveiled a set of products and strategies for implementing DLP across the enterprise in April. The strategy was immediately adopted by Cisco Systems, which has been integrating RSA's DLP technology in its product line since early spring.

Today, Microsoft also announced plans to adopt the RSA product line and strategy. "The resulting collaboration is designed to enable organizations to centrally define information security policy, automatically identify and classify sensitive data virtually anywhere in the infrastructure, and use a range of controls to protect data at the endpoints, network, and data center," the partners said.

The first move of the partnership in the near term: RSA's DLP Suite 6.5 will be engineered to integrate tightly with Microsoft Active Directory Rights Management Services (RMS) within Windows Server 2008. The integration will allow customers to automatically apply RMS-based information access and usage policies based on the sensitivity of information, the partners said. In addition, the integration of RSA's DLP data classification technology with Active Directory will help enable customers to efficiently implement DLP controls tied to employee identity or group membership, they said.

The integration of RSA's DLP technology with Microsoft's identity management technology is at the heart of the partnership, according to company officials and analysts, who were briefed on the announcement.

"What's exciting to me about this announcement is that we're bringing the worlds of identity management and security together," says Douglas Leland, general manager of Microsoft's Identity and Security Business Group, which was formed through a merger of the two formerly separate business groups five months ago.

The idea, Leland says, is to use DLP to discover and classify sensitive data, and then to use identity management to set policy as to who should be able to access it. Eventually, enterprises will be able to use RMS and Active Directory not only to define categories of users who are authorized to access specific servers or applications, but also which users are authorized to access the company's most sensitive data.

"This will put [enterprises] in a better position to keep control of their most sensitive data because the protection travels with the data," Leland says.

The integration may also help companies achieve regulatory compliance more swiftly, says Chris Young, senior vice president of products at RSA. "A lot of customers are telling us that they have too many point solutions, and that makes it difficult to prove compliance," he says. "In a lot of other cases, enterprises have implemented a lot of controls, but they don't have the proper context -- they are not content-aware or identity-aware. With this announcement, we're helping customers build policies that are data-centric, not infrastructure-centric."

The merger of identity management and DLP, combined with the broad support of an industry giant like Microsoft, is "game changing" for DLP, says Rich Mogull, founder and principal analyst at Securosis, a security consulting firm. But in order to merge the two technologies, enterprises will need to have well-defined policies for roles and groups, he says.

"If you don't have your identity management clearly defined by roles, the DLP part is not going to work as well as it should," Mogull says.

Andrew Braunberg, an IT security analyst at Current Analysis, says the addition of DLP classification technology to Microsoft's line could help propel the software giant to the forefront of the identity management market. "I suspect that this will feed nicely into the CardSpace/Geneva activities that Microsoft is working on for user-centric and claims-based identity and federation," he said. But Microsoft will first need to answer some questions about how the technologies will work together, such as how RMS encryption will be applied to DLP-discovered data, he said.

Mogull warned that it may take time for RSA's DLP classification technology to be fully integrated across the Microsoft product lines. "They have a very wide platform of products, and making this happen will require them to coordinate across product teams and get all the different groups to make this a priority," he observed. "But even if they could just get it into RMS, SQL Server, Exchange, and SharePoint, they'd have a big chunk of user environments covered."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-14
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.
PUBLISHED: 2021-06-14
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, an...
PUBLISHED: 2021-06-14
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
PUBLISHED: 2021-06-14
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids ...
PUBLISHED: 2021-06-14
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the...