News Stay informed about the latest enterprise technology news and product updates.

Microsoft to embed data classification, strengthen ties with DLP

Microsoft will embed data classification technology into its platform under a deal that ties Active Directory Rights Management Services with RSA's data loss prevention suite.

Microsoft will be adding new data classification technology into its core products under a deal announced today by EMC's RSA security division that bridges Microsoft's infrastructure with RSA's data loss prevention (DLP) suite.

We think the future of much of our security technologies will be about deeper integration into core IT infrastructure.
Chris Young,
senior vice presidentRSA

Analysts say the partnership could help standardize data classification, make infrastructure more content aware, enable companies to more easily define access policies and eventually automate and streamline data identification and classification.

Under the agreement, Microsoft will embed the classification technology into its platform and future security products. RSA's DLP Suite 6.5, shipping later this month, will be the first visible sign of the partnership. The suite has been retooled to be integrated with Microsoft Active Directory Rights Management Services within Windows Server 2008.

By integrating into Microsoft's Rights Management Services, companies using RSA's DLP suite will find it easier to set policies to flag sensitive data before it leaves the company walls, said Rich Mogull, an independent consultant and founder of security consultancy Securosis LLC. Rights management allows users to set policies on specific data to either block it, send an alert email to end users or hand over a message containing sensitive data to an encryption product.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

"The RSA suite will be able to scan content, linking into the RMS infrastructure," Mogull said. "It's something every DLP vendor is going to be doing."

RSA acquired most of its DLP technology from Tablus in 2007.The technology helps companies identify and protect sensitive intellectual property. It also monitors email and other network traffic to enforce policies restricting the flow of content outside company walls. RSA integrated most of the Tablus technology into its encryption and information management offerings.

"We think the future of much of our security technologies will be about deeper integration into core IT infrastructure," said Chris Young, senior vice president at RSA.

The future of DLP:
RSA attendees see data classification, rights management projects stumble: Companies need to embark on data classification projects to gain more control over its movement and minimize data leakage, but it's difficult to find a company successfully carrying out a project.

Code Green enters consolidated DLP market
: Extensive vendor consolidation in the DLP market leaves Code Green competing against well established vendors and a handful of independents.

How to avoid DLP implementation pitfalls (Aug. 21, 2008)Data leak prevention tools effectively reduce the chances that an enterprise's sensitive data will end up where it shouldn't, but several pitfalls can severely curtail a DLP tool's effectiveness.

Is DLP coming of age? Reconnex hopes to ease path: Firms have grappled with DLP, but after a hard experience, ING's Andre Gold tells why it may be ready for prime time. Meanwhile, Reconnex says its new product can ease the path.

Panel: Firms can't manage DLP with products alone: Data protection is about fixing broken business practices rather than bolting on DLP products, three security officers said during an RSA Conference 2008 panel discussion.

The partnership could help improve DLP adoption, but it will likely take years for Microsoft to embed data classification technology into its core products, Mogull said.

The goal of DLP is to stop sensitive information from leaving corporate networks, but data classification has been a sticking point. Many firms try to get a jump-start on data classification projects, but often get bogged down. Experts say that many companies are not well equipped to deal effectively with data classification. DLP tools have also been notoriously sluggish to use, but they have been getting better, said Jon Oltsik, a senior analyst at the Enterprise Strategy Group Inc.

"Microsoft benefits by establishing standards so they can make Windows the point of integration," Oltsik said of the partnership. "It brings DLP into more of the mainstream of document management, file management and security because now you can leverage surrounding tools and infrastructure with DLP."

Young said the RSA DLP suite has three major components: a classification engine, which helps configure the type of information that needs to be classified and acted upon, a content awareness capability to spot data at rest or in motion that needs to be flagged for some form of rights management, and an enterprise management console to allow companies to set policies.

Microsoft would announce when the classification engine is embedded in different pieces of its platform, Young said. The partnership is not exclusive and analysts say Microsoft could announce similar arrangements with other DLP vendors. Once Microsoft embeds data classification, customers will have the ability to manage DLP within Sharepoint, externally with a third-party technology or with RSA's enterprise management console, Young said.

Oltsik also said the deal also should improve enterprise rights management by making it easier for companies to assign rules to newly discovered data. But he said, yet to be answered is whether standards around metadata tagging will be developed as a result of the deal and whether standards emerge in the way devices share information about usage policy.

"What we've been missing is an ability to get granular with usage rules and that's one of the things that this is after," he said.

Dig Deeper on Data security strategies and governance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.