Security company RSA has announced new product plans combining key management, identity assurance and data leak prevention tools.
The company, which was acquired by storage vendor EMC in 2006, announced the product plans as part of its annual user conference in San Francisco.
The new product, the RSA Data Security System, promises to discover and secure data across the organisation by policy. RSA's Data Loss Prevention (DLP) Suite can find sensitive data, classify who can work with it and enforce encryption or prevent the data being copied or emailed. RSA Key Manager for the data centre manages keys for encryption on tape, disk, virtual tape, databases and file systems to enable enforced encryption for sensitive information.
Preventing unauthorised users from accessing sensitive systems and data means identifying users. The Data Security System includes credential management and contextual authorization for what RSA is calling identity assurance. A new version of RSA Authentication Manager adds more authentication methods, including codes delivered by SMS and Vista support for the SecurID software Token for Windows.
The Data Security System integrates with Microsoft and Oracle databases and storage systems from HP and IBM as well as EMC. Cisco plans to integrate data classification from RSA's DLP Suite into its Cisco Security Agent to make it easier to track and block unauthorized transmission of data, and a new version of RSA's DLP Enterprise Manager will allow security admins to manage DLP policy for integrated Cisco and RSA products.
The new suite is an attempt to integrate point products, says product manager Mohan Atreya. "The system should orchestrate things. Today we have some basic handoff between products. In the future we will connect more and more dots and eventually we will get to seamless orchestration. Discovery, classification and remediation we have already done; the next step is hard enforcement."
Tracking down where you're out of compliance is important agrees analyst Nick Selby of the 451 Group, but blocking emails or stopping files being copied isn't enough. "Almost every single data leakage is well intentioned people trying to do their job, running into a problem and finding their way around a security system that's stopping them."
Businesses should to add new tools to support what users need to achieve, like automatically encrypting emails rather than blocking them, says Dennis Hoffman, vice president for data security at RSA. He believes DLP can help you improve business processes by finding problems. "There are other activities in the organization around data classification - e-discovery, storage management and archiving. Classification is not something security people should be doing in a vacuum. The enforcement side, the discovery side of things serve as a common foundation for information management more broadly. IT has an opportunity to align these more closely and to be the catalyst to bring these pieces together."
That echoes the theme of RSA president Art Coviello's opening keynote at the RSA conference. He told security professionals to spend more time supporting innovation by evaluating risk and developing plans to reduce risk while implementing new ideas. "Build repeatable processes and this will free you up to implement another recommendation. Use automation and optimisation to get your foundation right, then you can spend less time blocking and tackling, and more time on higher level thinking. If you're doing your job, you won't sound like a security person at all."
