Microsoft To Build RSA Technology into Platform to Protect Data

• By Dian Schaffhauser
• 12/11/08

Microsoft announced it will be integrating technology from EMC's security division, RSA, into future products. Microsoft will build the RSA Data Loss Prevention (DLP) classification technology into its platform and future information protection products to enable organizations to define information security polices centrally, automatically identify and classify sensitive data virtually anywhere in the infrastructure, and use a range of controls to protect data at the endpoints, network, and data center. In addition, in the near term RSA's DLP Suite 6.5 will be engineered to integrate with Microsoft Active Directory Rights Management Services (RMS) within Windows Server 2008.

"Companies continue to struggle to protect sensitive data across the enterprise," said Christopher Young, senior VP of products at RSA. "Point solutions require that multiple policies and technologies be stitched together and independently managed, which is costly and complex. By building technology solutions such as RSA DLP classification into the infrastructure, Microsoft and RSA are providing a new approach that balances the need to help ensure protection with accessibility."

Microsoft is an RSA DLP Suite customer, using the software to enhance the security of data about payment, customers, and intellectual property in thousands of its own file shares and Microsoft Office SharePoint sites.

The first deliverable from the expanded partnership is integration between RSA's DLP Suite and Microsoft rights management technology. Scheduled to ship later in December, version 6.5 of RSA's DLP Suite will include support for Microsoft Active Directory RMS, part of Windows Server 2008. The integration will allow customers to automatically apply RMS-based information access and usage policies, based on the sensitivity of information. In addition, the integration of RSA technology with Active Directory will help customers implement data loss prevention controls tied to employee identity or group membership.

"Embedding information classification and protection capabilities throughout the infrastructure is an ideal way for an organization to prevent sensitive information leaks," said Eric Ouellet, analyst at Gartner. "The automatic application of rights management policies based on content awareness, context,, and who is involved is a strong merger of two existing approaches for protecting an organization's sensitive information that together equal much more than the sum of their parts."