Microsoft and EMC are joining forces in the name of security.
The vendors have announced plans to work together to build security
into the IT infrastructure, starting with EMC’s data loss prevention
(DLP) content classification technology. The immediate plan is to
integrate RSA DLP Suite 6.5 – which will ship later this month - with
Microsoft Active Directory Rights Management Services (RMS) within
Windows Server 2008. In the long-term, though, the classification
technology will be built into Microsoft products and platforms.
The integration will allow customers to automatically apply
RMS-based information access and use policies based on the sensitivity
of information, as well as better tie data loss prevention strategies
to identity or group membership.
Katie Curtin-Mestre, director of product marketing for the Data
Security Group within EMC's RSA security division, said customers will
be able to implement data loss prevention controls tied to employee
identity or group membership. For example, a company could apply a
DLP policy related to protecting personally identifiable information
targeted at the HR department and a DLP policy to protect source code
for engineering, she said.
“Building RSA's DLP classification technology into Microsoft
products and platforms will enable a truly built-in holistic
solution to define security policies centrally, push policies across
the infrastructure, classify and identify sensitive data that
is exposed…and enable advanced workflow for remediation of data
security incidents,” she said.
Analysts are already calling the idea a "game changer." Read more about it here.
By ultimately building DLP classification technology into Microsoft
products, the infrastructure becomes content-aware. Enterprises can
centrally manage information security policy and apply those policies
throughout their infrastructure based on user identity, regardless of
where the information resides or is used. That, security analyst Rich
Mogull said, is the more interesting part of the deal.
“Now we might have an engine, an agent, that is built into the
Microsoft infrastructure for content analysis [and] can be plugged
into,” said Mogull, founder of the consulting firm Securosis.
A partnership between Microsoft and EMC, which through RSA is a
major player in the strong authentication and single sign-on markets,
also provides an interesting opportunity for the companies in the
authentication space as well.
“Microsoft doesn’t have the capability to support, at the
workstation…native, third-party authentication mechanisms like one-time
password devices,” said Burton Group analyst Mark Diodati. “Well, RSA
makes one-time password devices…they have a significant market share of
the enterprise strong authentication market, and here you have the No.
1 strong authentication product being larger incompatible for Windows
workstation authentication. It’s been a problem for a lot of
enterprises for a long time.”
IT Security & Network Security News & Reviews News & Reviews 
