Microsoft said it plans to integrate RSA data-loss prevention technology into its products to enable security managers to monitor sensitive data and block unauthorized use. RSA is EMC's security division.
While calling the partnership "significant," Microsoft's JG Chirapurath didn't disclose much detail, except to say that Exchange and SharePoint are expected to be among the first Microsoft products to include this DLP capability.
In a move to bolster the partnership, RSA DLP Suite 6.5, to be out later this month, will be tightly integrated with Microsoft Active Directory Rights Management Services within Windows Server 2008. EMC and Microsoft anticipate this will enable security managers to implement data-loss prevention by tying controls to employee identity or group membership.
"Customers want to protect their intellectual property and that requires knowledge of identity," says Chirapurath, director of identity and security at Microsoft.
Both Microsoft and RSA claim DLP Suite 6.5, which includes end-point, network, and datacenter components, will be the foundation for the evolution of Microsoft's DLP strategy. "It's future-ready," claims Tom Corn, vice president of product management and marketing at RSA's data-security group, about Version 6.5.
"With Rights Management Services you can place access controls on documents based on the concept of user rights," Corn says. By bringing together DLP and rights management, he adds, managers will be able to set policies for sensitive information if it shows up on a SharePoint site, for example.
Active Directory RMS is part of Windows Server 2003 and 2008. The client-side tools extend to Windows XP and Vista, and Internet Explorer. RMS provides protection for data such as e-mail, Word documents, and Web pages using a set of policies that dictate who can access protected content and what they can do with it, such as printing and forwarding.
While Microsoft points to future editions of SharePoint and Exchange as candidates for the DLP technology it has licensed from RSA, that could be a ways in coming since the next version of SharePoint is not likely to be released until 2010 and a new version of Exchange could be even later.
Chirapurath declined to comment on how Microsoft might integrate DLP into the end point, such as through Internet Explorer, and he says no decision had been made regarding DLP with Windows 7 or Office.
Chirapurath says Microsoft would disclose its identity road map at a later date but did say that DLP integration could logically extend to Active Directory Federation Services and potentially to CardSpace as part of Microsoft's recently announced Geneva project.