Redmond, Washington — As violation of valuable data continues to hit the headlines, Microsoft has tapped RSA, the security division of Hopkinton, Mass.-based EMC, to help protect its enterprise customers from sensitive information leaks. The companies this week said they would incorporate their data protection products in an effort to further deepening of their long-standing relationship.
By agreeing to a deal in which the RSA Data Loss Prevention (DLP) software will be preinstalled or bundled with Microsoft’s security offerings, the two companies are betting that enterprises will want to leverage Windows 2008 to more tightly control and protect sensitive information.
Microsoft’s collaboration with RSA’s (DLP) technology that will be utilized in Microsoft’s Rights Management technology found in Windows Server 2008, which helps guard digital information from unauthorized users and security threats from both inside and outside a firewall. Microsoft customers will be able to manage security polices from one location.
“EMC’s RSA security division and Microsoft are offering enterprises a better way to protect sensitive information and share it in a secure manner,” said Tom Corn, vice president of data-security products at RSA. “RSA and Microsoft’s built-in versus bolt-on approach will help enterprises reduce the cost and complexity of securing information in corporate environments.”
EMC purchased RSA in 2006 to serve as its security branch.
Accordingly, Microsoft will introduce the data-classification engine of RSA’s (DLP) Suite into existing and future products. It also stated that it would tightly incorporate RSA’s DLP Suite 6.5 with Windows Server 2008’s Active Directory Rights Management Services (RMS) — which allocates user rights to help control their access to content like intranet sites, e-mails and documents.
The move could bring unexpected result for the DLP industry, forcing vendors, who traditionally offer closed solutions of their own, to integrate Microsoft and other third party vendors’ technology into their products, Gartner analyst Paul E. Proctor said in an e-mail to InternetNews.com.
With EMC’s technology, Microsoft’s customers will be able to administer security policies from one central location rather than having to tediously monitor several pieces of software.
“Customers must combine together segregated point policies and controls that have to be independently deployed and managed at different points across the IT infrastructure,” Corn said. “The Microsoft and RSA approach to securing data is an end-to-end solution based on content, context and identity.”
Corn added that this is different than what is available today.
“Microsoft is employing DLP software to secure PCI, PII, and IP data for 30,000 file shares and 120,000 SharePoint sites,” Corn said. “Microsoft chose RSA as its DLP vendor and then partner because of RSA’s strengths in the area of classification, policies and scalability.”
Also, the combined Microsoft-RSA products are intended at helping enterprises further leverage their existing technology infrastructure. That could appeal to enterprises eager to avoid ponying up for additional hardware — something they are all very keen to avoid in this recession.
“We are making sure the investments customers make today carry forward into the future,” JG Chirapurath, the director of Microsoft’s Identity and Security Business Group, said in a statement. “We will use infrastructure customers already own, like Active Directory and SharePoint.”
By working together, Microsoft and RSA are also hoping to better align themselves to cash in on a huge market. According to RSA’s Corn, the information protection market is $1.5 billion, while the DLP market is $250 million today.
DLP lags at present, but its technologies help businesses better control their information, according to Gartner.
Microsoft anticipates that the deal will strengthen the data protection angle of its security operations without making life more difficult for IT staff. Data loss prevention services are often used by businesses to mitigate of the risk of data loss and leaks.
“We know customers face a lot of challenges trying to strike the right balance between securing information but also giving the right people access and use of it — both inside and outside the company,” wrote David Hastie senior product manager for Microsoft’s identity and security group.
“Currently, it is often too difficult and expensive to protect data using multiple solutions and policies that have to be stitched together.”
“Traditional access control technologies only provide the ability to restrict access to sensitive information — they do not offer a layer of control once access has been provided,” Proctor and fellow Gartner analyst Eric Ouellet wrote in a recent report on the industry. “DLP, however, can restrict the use, as determined by policy, of sensitive information after access has been granted.”
Within the DLP and information protection markets, enterprises are demanding product suites. This resulted in a flurry of acquisitions between 2006 and 2007.
McAfee bought Onigma, Websense bought Port Authority, RSA bought Tablus, Raytheon bought Oakley Networks, Trend Micro bought Provilla and Symantec bought Vontu in November 2007 for $350 million. McAfee’s purchase of Reconnex in August for $46 million aimed to further anchor its DLP offerings, Gartner said.
“DLP is springing up as an important information security control, with capabilities beyond those traditionally affiliated with monitoring,” Proctor and Ouellet wrote.
EMC’s Corn would not disclose the financial terms associated with the deal.