In unveiling a new
technology sharing and development alliance, Microsoft and RSA—the
security division of storage giant EMC—took the first step toward
creating the next-generation of data loss prevention technology in
which the protection of sensitive digital assets will eventually reside
in the fabric of the IT infrastructure.
Microsoft will integrate RSA’s data loss prevention technology with
its Rights Management Service—a component of Windows Server 2003 and
2008—and identity management technologies and platforms, primarily
The basic idea behind the Microsoft-RSA DLP strategy is moving data
security from a series of point products that protect specific types of
information on specific platforms to a ubiquitous risk mitigation
strategy that’s transparent to end users. The alliance could result in
a new class of DLP technologies for solution providers to provide
business-technology consumers as a feature set in Microsoft’s vast
software portfolio or as value-added security layers through RSA’s
“By building all of these technologies into the infrastructure,
we’re offering our customers a built-in solution and not a bolt-on
solution,” says Tom Corn, vice president of product management and
marketing at RSA’s Data Security Group. “As part of that natural cycle
of helping [end users] use their infrastructure better, we’re
integrating the technology into the infrastructure.”
Most of the existing DLP applications act in similar fashion to
anti-virus technology, in that they scan traffic for patterns indicative
of sensitive data. They often track data sets such as credit card and
Social Security numbers, easily identifiable database fields, telephone
numbers, addresses and financial figures.
While none of the existing technologies are foolproof, SecurityCurve
analyst Diana Kelley says current DLP products provide at least some
level of protection. However, she says the Microsoft-RSA alliance could
change the DLP paradigm in both the infrastructure implementation and
base the data classification and inspection on identity.
“Security needs to be identity-centric to keep information from
leaking,” says JG Chirapurath, director of Identity and Security at
Conceptually, the integration of RSA DLP technology with Microsoft
applications and identity management tools will enable users to locate
data wherever it resides or moves in the IT infrastructure. And it will
classify and protect data transparently to the users.
The Microsoft-RSA vision for evolving the technology calls for
classifying data by its content type, such as health care and finance.
That’s a significant difference from conventional DLP approaches,
Kelley says, since it can then create an identity for the data that is,
in theory, easier to monitor and control.
Corn explained, this methodology will enable business to associate
the data with users, location, use of the information and how data is
“When you look at this problem and look at how customers are looking
for the solution, it’s one of the most important improvements in this
technology landscape,” says Chirapurath.
Eventually, this DLP technology will become ubiquitous through the
Microsoft software universe. After integration with Windows Server’s
RMS, other data intensive applications that could soon get the
technology include Exchange (e-mail) and SharePoint (collaboration).
Additionally, RSA will be creating other DLP technologies and
products that are built upon the Microsoft platform but addresses
broader infrastructure needs. “The notion of having something that
answer the realities of the heterogeneous worlds, it gives us the
ability to solve those problems, too,” Core said.
For now, though, the alliance’s first product is getting RSA’s DLP
engine talking with Microsoft’s Rights Management Service. While a
limited implementation, Kelley says it’s the most logical and right
step to take.