RSA Security (NASDAQ:RSAS) today announced an initiative to provide companies with a more comprehensive approach to enterprise data protection (EDP).
RSA Security's EDP approach is designed to provide a robust framework for protecting an organization's sensitive data in any place where data reside: at the application-level; within databases; in files and operating systems; on laptops and mobile devices, and in storage.
In addition, this EDP framework addresses the management of associated encryption keys, access control and authentication - helping organizations mitigate risk and reduce costs, while protecting consumer, employee and partner information.
As the cornerstone of this initiative, RSA Security also announced a new RSA Key Manager Partner Program and a strategic partnership with Protegrity Corporation to deliver seamless interoperability between Protegrity Defiance Data Protection System (DPS) and Protegrity VPDisk, and RSA Key Manager software.
A New and Comprehensive Approach to Enterprise Data Protection
To date, EDP has focused on data in backup and storage systems. However, regional and vertical mandates - such as U.S. state breach notification laws (e.g., California Senate Bill 1386), the European Union's Data Privacy Directive, Japan's Personal Information Protection Act and the Payment Card Industry standard - are driving companies to take a more proactive stance on protecting data at rest. In addition, according to Gartner, Inc.: "Protecting customer data is much less expensive than dealing with a security breach in which records are exposed and potentially misused." Specifically, Gartner estimates that compromises involving more than 1 million accounts will be close to $50 per account. Smaller breaches carry significant costs, as well -- in 2002, Gartner estimated that the cost per account will be closer to $1,500 per account, not including market cap fluctuation, when about 5,000 accounts were compromised. (source: "Data Protection is Less Costly than Data Breaches," John Pescatore and Avivah Litan. September 16, 2005)
Organizations are seeking to avoid the financial and brand integrity costs associated with compromised data, while positioning themselves to take advantage of "safe harbors" which often protect companies from disclosure if appropriate steps have been taken to protect sensitive information. RSA Security's approach helps companies protect themselves through its EDP framework which includes the following components:
- Application protection: Institutes policies and procedures that enable software developers to effectively build security into enterprise applications
- Data protection: Helps ensure that data are encrypted everywhere it may reside, including databases, laptops/mobile devices, files/OSs and storage
- Encryption key management: Enables organizations to effectively and efficiently manage encryption keys generated by disparate enterprise applications to help guarantee the seamless flow of protected information
- Access control: Helps ensure that appropriate separation of duties is enforced among both general users and system administrators
- Strong authentication: Enables organizations to have more surety in the identity of their system administrators.
RSA Key Manager Partner Program
Core to RSA Security's EDP framework is the ability to manage encryption keys generated by disparate applications -- which also requires the integration of key management with data protection solutions. The RSA Key Manager Partner Program will allow organizations to certify the interoperability of data protection solutions with RSA Key Manager software, a stand-alone key lifecycle management offering. In addition, partners may also work with RSA Security in joint sales and marketing efforts.
This program furthers RSA Security's long-standing effort to ensure flexibility and choice, by allowing companies to leverage RSA Security's technology alongside offerings from other technology vendors. The program will also help maintain the free flow of information by centralizing ongoing administration of key management policies, encryption rules and access control policies, while going beyond enterprise encryption to tackle key management on a broader IT level.
Protegrity Corporation, a leading provider of data security management solutions, is the flagship partner in the new RSA Key Manager Partner program. Looking ahead, the companies anticipate delivering interoperability between RSA Key Manager software and:
- Protegrity Defiance DPS, a high-performance, enterprise-class software solution that helps secure sensitive data in databases, archives and storage
- Protegrity VPDisk, which is designed to provide a transparent and easy-to-administer solution for securing sensitive files, and makes strong encryption a natural storage format for structured and unstructured information, enabling file-by-file, directory-by-directory, and tree-by-tree encryption, with flexible key management and file sharing.
By forging this strategic partnership, joint customers will have peace of mind knowing their data are protected by Protegrity's solutions, and that they have access to a fully interoperable key management solution.
"Protegrity and RSA Security are natural partners to lead the industry in this EDP initiative. We are combining our strengths to the security advantage of our clients," said Gordon Rapkin, president and CEO at Protegrity. "We view the RSA Key Manager Partner Program as a major advance in enabling corporations to truly adopt and manage an enterprise-wide culture of security to protect customer, employee, and corporate data."
RSA Security's Enterprise Data Protection Solution
Complementing RSA Key Manager and the RSA Key Manager Partner Program are solutions which enhance the company's EDP framework:
- Application protection: RSA Data Security Manager is a middleware software solution offering policy-driven encryption with easy-to-use interfaces for software developers
- Access control: RSA ClearTrust access management software provides the necessary separation of duties among users to help meet regulatory requirements
- Authentication: RSA SecurID two-factor authentication technology provides the ability to determine, with certainty, the identity of individuals accessing vital corporate resources.
"As regulatory mandates bear down on companies across industries and regions, it has become clear that focusing only on encrypting data in storage and backup will not be sufficient in terms of protecting sensitive business information," said Rick Welch, senior vice president and general manager, Developer Solutions Division at RSA Security. "We are excited about our relationship with Protegrity, and believe that this partnership, and the RSA Key Manager Partner Program, will offer businesses a unique and robust framework for protecting enterprise data."