Microsoft, EMC partner on data-loss prevention

Microsoft Thursday said it plans to integrate RSA data-loss prevention technology into its products to enable security managers to monitor sensitive data and block unauthorized use. RSA is EMC's security division.

While calling the partnership "significant," Microsoft's JG Chirapurath didn't disclose much detail, except to say that Exchange and SharePoint are expected to be among the first Microsoft products to include this DLP capability. (Compare DLP products.)

In a move to bolster the partnership, RSA DLP Suite 6.5, to be out later this month, will be tightly integrated with Microsoft Active Directory Rights Management Services within Windows Server 2008. EMC and Microsoft anticipate this will enable security managers to implement data-loss prevention by tying controls to employee identity or group membership.

"Customers want to protect their intellectual property and that requires knowledge of identity," says Chirapurath, director of identity and security at Microsoft.

Both Microsoft and RSA claim DLP Suite 6.5, which includes endpoint, network and data center components, will be the foundation for the evolution of Microsoft's DLP strategy. "It's future-ready," claims Tom Corn, vice president of product management and marketing at RSA's data-security group, about Version 6.5.

"With Rights Management Services you can place access controls on documents based on the concept of user rights," Corn says. By bringing together DLP and rights management, he adds, managers will be able to set policies for sensitive information if it shows up on a SharePoint site, for example.

Active Directory RMS is part of Windows Server 2003 and 2008. The client-side tools extend to Windows XP and Vista, and Internet Explorer. RMS provides protection for data such as e-mail, Word documents and Web pages using a set of policies that dictate who can access protected content and what they can do with it, such as printing and forwarding.

While Microsoft points to future editions of SharePoint and Exchange as candidates for the DLP technology it has licensed from RSA, that could be a ways in coming since the next version of SharePoint is not likely to be released until 2010 and a new version of Exchange could be even later.

Chirapurath declined to comment on how Microsoft might integrate DLP into the endpoint, such as through Internet Explorer, and he says no decision had been made regarding DLP with Windows 7 or Office.

Chirapurath says Microsoft would disclose its identity road map at a later date but did say that DLP integration could logically extend to Active Directory Federation Services and potentially to CardSpace as part of Microsoft's recently announced Geneva project.

Microsoft itself uses RSA DLP internally to protect its data associated with payment, customers and intellectual property in thousands of its own file shares and Microsoft Office SharePoint sites. This internal usage is said to be one reason Microsoft decided to work with RSA by licensing its DLP technology.