Security industry moves forward on data security

While no one can predict what will happen to the economy over the next 12 to 18 months, you can bet your bottom dollar that threats to confidential data will increase substantially in that time frame. Why? Malicious code threats are growing exponentially while the cyberunderground becomes ever more sophisticated.

Fortunately, industry players are starting to team up to lower the cost, complexity, and integration effort needed for data-centric security. Last week, EMC's RSA and Microsoft got together to announce that the software giant will integrate RSA's Data Loss Prevention (DLP) into the Windows infrastructure in order to discover and classify data (Word documents, Excel spreadsheets, and so on). Microsoft will also tightly integrate DLP with its Enterprise Rights Management (ERM) Server. Not to be outdone, security bigwig McAfee on Monday announced that it will integrate its DLP data discovery and policy management solutions with a leading ERM solution from Liquid Machines.

Why the activity?

1. DLP solutions need to become more mainstream
While every company that conducts business over the Web needs DLP capabilities, software solutions require customization, sophisticated skills, and lots of dough. Microsoft's data classification integration into Windows should help alleviate this by providing baked-in DLP basics.

2. DLP and ERM are complementary
DLP technology assumes you don't know where sensitive data is so you want to find it, classify it, and keep it confidential. ERM, on the other hand, assumes you know exactly where the data lives and you want granular protection at the user and file level. These announcements demonstrate that the debate between DLP and ERM was misguided--large organizations need both solutions to safeguard known and unknown sensitive data across the network.

3. Entitlement management is the next challenge
While we figured out how to centralize user authentication pretty well, we still leave entitlement management (i.e., user privileges) to each individual application. This method doesn't scale, is full of security vulnerabilities, and is nearly impossible to audit. Liquid Machines, McAfee, Microsoft, and RSA get this as do others like Cisco Systems (through its Securent acquisition) and Rohati. Clearly, these vendors are positioning themselves for this next moneymaking opportunity.

So what's next? While other DLP vendors will form their own cozy relationships, my hope is that the industry comes together in a group hug and defines some meta data standards for classification, policy definition, and enforcement. I know this isn't likely but it would sure go a long way to help us all protect our sensitive data.

[skswave]

Data Loss Prevention also needs to know the identity of the platform. The TPM (Trusted Platform Module) plays a key roll by providing a definitive identity of the platform and potentially it's state. For example, the CFO can take the database of employee personal data home but only on a laptop that has Full Disk Encryption and is company managed. As usual, the challenge in security is the integration of these tools not by a single vendor but through the use of industry standards.

Steven Sprague
CEO
Wave Systems Corp.

[telluride]

The challenge with Enterprise Rights Management is that traditional solutions are either 1) too weak for protecting sensitive information (only provide application-level protections that are easy to bypass/reverse-engineer), or 2) overly proprietary and restrictive (only work with a select minority of file types, user applications, operating systems, etc).

What is needed are more sophisticated solutions, such as those being developed by <a href="http://www.pikewerks.com">Pikewerks Corporation</a> that provide significant protection and control over data at rest, in transit, and during processing. These solutions need to operate at the Operating System or Hypervisor-level, and support multiple platforms (Windows, Linux, Mac OS X) in order to provide general-purpose data security without requiring costly re-engineering of existing software applications and file formats.

Hello,

regarding the strength of ERM products and the protection against reverse engineering. I can't speak for the other ERM products on the market, but certainly our product at Avoco Secure has built in anti-tampering and reverse engineering features, as this is a vital and basic part of an ERM product, without which it is pretty useless as a security product. ERM does, indeed, protect data, at rest, in transit and in use and is in fact built to do just that, by working persistently and by encapsulating the security policy itself as part of the data object. However, I do agree that multi-platform support is a must and this is true now more than ever as we are moving into more distributed platform working environment.

[test_tester9]

this is interesting