Building on a long-standing, multifaceted alliance, EMC and Microsoft Corp. today announced they have expanded their technology partnership to help companies better protect sensitive information and share it in a more secure manner. The companies will be working together with a built-in “systems” approach that helps protect information throughout the infrastructure based on content, context and identity.
The partnership will take advantage of resources and technology from Microsoft and RSA, The Security Division of EMC. Microsoft will build the RSA® Data Loss Prevention (DLP) classification technology into the Microsoft platform and future information protection products.
The resulting collaboration is designed to enable organizations to centrally define information security policy, automatically identify and classify sensitive data virtually anywhere in the infrastructure, and use a range of controls to protect data at the endpoints, network and data center. In addition, in the near term RSA’s DLP Suite 6.5 will be engineered to integrate tightly with Microsoft Active Directory Rights Management Services (RMS) within Windows Server 2008.
Enterprises face growing risks of data leaks and an increase in compliance and corporate governance requirements. Companies recognize the importance of allowing employees, partners, customers and vendors to use business information within and across company boundaries. But this creates security challenges, as information moves across the infrastructure and is transformed throughout its life cycle. Current information protection solutions are complex and costly. They require separate tools and lack visibility into the sensitivity of the data, the context of identity and centralized policy management.
“Companies continue to struggle to protect sensitive data across the enterprise,” said Christopher Young, senior vice president of products at RSA. “Point solutions require that multiple policies and technologies be stitched together and independently managed, which is costly and complex. By building technology solutions such as RSA DLP classification into the infrastructure, Microsoft and RSA are providing a new approach that balances the need to help ensure protection with accessibility.”
RSA and Microsoft’s new approach helps address customer needs through an end-to-end solution with fewer point tools to buy, deploy and manage. By building DLP classification technology into Microsoft products, the infrastructure becomes content-aware. The solution is designed to allow customers to centrally manage and apply their information security policies, based on user identity, to wherever information lives or is used.
Microsoft is an RSA DLP Suite customer, using the solution to enhance the security of data about payment, customers and intellectual property in thousands of its own file shares and Microsoft Office SharePoint sites. The company chose to work with EMC’s RSA Security Division based on the accuracy and scalability of the RSA DLP classification technology, and the wide array of its out-of-the-box policies.
“Our expanded partnership with EMC’s RSA Security Division is centered on dramatically lowering the cost and complexity of information protection while allowing customers to take full advantage of perhaps their greatest asset: their information. The approach is about built-in solutions, versus bolted-on,” said Douglas Leland, general manager of the Identity and Security Business Group at Microsoft. “This collaboration is also a key example of the Microsoft commitment to helping customers secure their environments, boost productivity and reduce IT costs through solutions that incorporate both identity and security technologies.”
The first deliverable from the expanded partnership is a tight integration between RSA’s DLP Suite and Microsoft rights management technology. Scheduled to ship later this month, version 6.5 of RSA’s DLP Suite will include support for Microsoft Active Directory RMS, part of Windows Server 2008. The integration will allow customers to automatically apply RMS-based information access and usage policies, based on the sensitivity of information. In addition, the RSA solution’s integration with Active Directory will help enable customers to efficiently implement data loss prevention controls tied to employee identity or group membership.
“Embedding information classification and protection capabilities throughout the infrastructure is an ideal way for an organization to prevent sensitive information leaks,” said Eric Ouellet, analyst at Gartner. “The automatic application of rights management policies based on content awareness, context and who is involved is a strong merger of two existing approaches for protecting an organization’s sensitive information that together equal much more than the sum of their parts.”
More information about RMS is available at http://www.microsoft.com/ida. Information about RSA DLP Suite is available at http://www.rsa.com/dlp. EMC offers a complete range of information security strategy, design and implementation services to help customers protect critical information, manage risk and integrate these solutions into their environments.