RSA announces Data Security System
New approach to security management based on information risk management gives IT more opportunity to add value to the business.
Security company RSA has announced new product plans combining key management, identity assurance and data leak prevention tools.
The company, which was acquired by storage vendor EMC in 2006, announced the product plans as part of its annual user conference in San Francisco.
The new product, the RSA Data Security System, promises to discover and secure data across the organisation by policy. RSA's Data Loss Prevention (DLP) Suite can find sensitive data, classify who can work with it and enforce encryption or prevent the data being copied or emailed. RSA Key Manager for the data centre manages keys for encryption on tape, disk, virtual tape, databases and file systems to enable enforced encryption for sensitive information.
Preventing unauthorised users from accessing sensitive systems and data means identifying users. The Data Security System includes credential management and contextual authorization for what RSA is calling identity assurance. A new version of RSA Authentication Manager adds more authentication methods, including codes delivered by SMS and Vista support for the SecurID software Token for Windows.
The Data Security System integrates with Microsoft and Oracle databases and storage systems from HP and IBM as well as EMC. Cisco plans to integrate data classification from RSA's DLP Suite into its Cisco Security Agent to make it easier to track and block unauthorized transmission of data, and a new version of RSA's DLP Enterprise Manager will allow security admins to manage DLP policy for integrated Cisco and RSA products.
The new suite is an attempt to integrate point products, says product manager Mohan Atreya. "The system should orchestrate things. Today we have some basic handoff between products. In the future we will connect more and more dots and eventually we will get to seamless orchestration. Discovery, classification and remediation we have already done; the next step is hard enforcement."
Tracking down where you're out of compliance is important agrees analyst Nick Selby of the 451 Group, but blocking emails or stopping files being copied isn't enough. "Almost every single data leakage is well intentioned people trying to do their job, running into a problem and finding their way around a security system that's stopping them."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Businesses should to add new tools to support what users need to achieve, like automatically encrypting emails rather than blocking them, says Dennis Hoffman, vice president for data security at RSA. He believes DLP can help you improve business processes by finding problems. "There are other activities in the organization around data classification - e-discovery, storage management and archiving. Classification is not something security people should be doing in a vacuum. The enforcement side, the discovery side of things serve as a common foundation for information management more broadly. IT has an opportunity to align these more closely and to be the catalyst to bring these pieces together."
That echoes the theme of RSA president Art Coviello's opening keynote at the RSA conference. He told security professionals to spend more time supporting innovation by evaluating risk and developing plans to reduce risk while implementing new ideas. "Build repeatable processes and this will free you up to implement another recommendation. Use automation and optimisation to get your foundation right, then you can spend less time blocking and tackling, and more time on higher level thinking. If you're doing your job, you won't sound like a security person at all."
Mary is a freelance business technology journalist who has written for the likes of ITPro, CIO, ZDNet, TechRepublic, The New Stack, The Register, and many other online titles, as well as national publications like the Guardian and Financial Times. She has also held editor positions at AOL’s online technology channel, PC Plus, IT Expert, and Program Now. In her career spanning more than three decades, the Oxford University-educated journalist has seen and covered the development of the technology industry through many of its most significant stages.
Mary has experience in almost all areas of technology but specialises in all things Microsoft and has written two books on Windows 8. She also has extensive expertise in consumer hardware and cloud services - mobile phones to mainframes. Aside from reporting on the latest technology news and trends, and developing whitepapers for a range of industry clients, Mary also writes short technology mysteries and publishes them through Amazon.