Building on a Foundation for Growth: Integrating DLP with Message Security Infrastructure

Transcription

1 Building on a Foundation for Growth: Integrating DLP with Message Security Infrastructure An ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) White Paper Prepared for RSA, The Security Division of EMC April 2010 IT MANAGEMENT RESEARCH,

2 Table of Contents Executive Summary...1 Information Risk Management: Optimizing a Strategic Approach...1 A Prime Opportunity: Integrating DLP with Messaging Infrastructure...2 A Distinctive Advantage in Building a Strategy...3 The Benefits of Integration...3 Realizing the Value...4 A Critical Factor...4 EMA Perspective...5 About RSA, The Security Division of EMC...6 About Cisco Systems...6

3 Executive Summary The messaging gateway has become a key point of control for an information risk management strategy. It is the focus of message filtration and security, which makes it a natural point on which to build the foundation of a Data Loss Prevention (DLP) strategy as well. The integration of DLP with the message filtration and security gateway can be a powerful first step toward a more comprehensive approach. When gateway DLP technology is compatible with an enterprise DLP solution, organizations are able to build a strategy as it grows. This helps avoid boiling the ocean in an initial DLP deployment. DLP that begins at the gateway can be expanded as needed to incorporate endpoints, data center resources, Web channels, or other areas of concern. This gives organizations a coherent, progressive, and low-risk approach to building maturity in a comprehensive DLP strategy. DLP and messaging security gateways have much in common. They protect sensitive information resources and automate the consistent application of policy. While messaging gateways protect what moves into the organization, DLP technologies can control what moves out. Together, these tools can command a strategic position for providing bidirectional control and policy enforcement for , still the most common collaboration medium in today s business environment. When integrated on the same platform, redundancies in policy control tools can be reduced or eliminated, improving efficiency and reducing operational costs. This paper describes the advantages of integrating DLP with message security gateways. RSA Security and Cisco IronPort are highlighted as examples of industry leaders that recognized the potential of this synergy. Together, RSA and Cisco and have integrated an industry-leading DLP solution with an industry-leading security solution that offers two distinctive benefits: It gives organizations a simple and easily deployable low-cost solution for data loss prevention at the messaging gateway. It also provides a strong foothold for growing a more mature approach to information risk management. Information Risk Management: Optimizing a Strategic Approach Information is the lifeblood of today s business. Its proper handling and control can have a direct impact on everything from strategic priorities in both public and private sectors to the privacy of large numbers of individuals. The viability of the business itself may depend on protecting the confidentiality of critical information assets such as intellectual property. The value of sensitive information has made it a primary target for hackers and malware writers. Its responsible care has become a top concern for privacy control and a global priority for regulatory compliance. For all these reasons, information risk management has become a high priority for organizations worldwide. Matching the urgency of the need is the scale and scope of the challenge. With respect to scale, sensitive information can be The breadth of the information risk management challenge means that enterprises must take a systematic approach to making the best use of the most effective tactics.

4 Information risk management presents a strategic opportunity to capitalize on efficiencies among the tools of control, when they can work more effectively together found everywhere in today s enterprise. It is created and shared by and among customers, business partners, and other stakeholders. These widely circulating data can have a substantial impact on the business if mishandled. This raises the urgency of the need for effective control. Further expanding the scope of the challenge are the multiple aspects of control that must be applied. Tools and tactics must recognize a broad range of sensitive data, from personal information to intellectual property. Compliance with both internal and external policy requirements must be assured, and loss of sensitive information must be prevented if at all possible. A wide and dynamic array of risks must be recognized and resolved. How can businesses meet this wide range of requirements? The breadth of the challenge means that enterprises must take a systematic approach to making the best use of the most effective tactics. But this also presents a strategic opportunity to capitalize on efficiencies among the tools of control, when they can work more effectively together. Given the current economic climate, technologies that leverage the right synergies to amplify the value of an investment are key to success. Taking an approach that builds maturity through progressive expansion can reduce risks as well as costs, as enterprises gain expertise and better understand their requirements. A Prime Opportunity: Integrating DLP with Messaging Infrastructure Few opportunities reflect this level of synergy more than the alignment of Data Loss Prevention (DLP) technology with message security infrastructure. As the backbone of business communications, messaging systems already handle a large volume of the information of greatest concern to security, policy, and control priorities. It is for this very reason that message security technologies already are positioned at key points of control over information that not only enters and leaves the organization, but that circulates within the organization as well. Great alignment exists between messaging security systems such as security and anti-spam gateways and the technologies of Data Loss Prevention. Both serve to protect the organization and its people from messaging risks. Their specialized roles within the organization make them highly complementary. Message security gateways focus on threats that target and other messaging systems to exploit security vulnerabilities. Examples include spam messages that often carry malware or other security threats, in addition to congesting messaging systems with unwanted content. DLP systems, meanwhile, address a wide range of policy concerns with emphasis on recognition of sensitive information, ideally regardless of format. Messaging gateways historically have focused on concerns that are inbound to the organization, while DLP traditionally is thought of as focusing on outbound control. Today, however, both technologies must work in cadence to address bidirectional messaging concerns to guard against risks both inside and outside the organization. The messaging gateway remains a prime point of monitoring and enforcement for both.

5 Figure 1: Enterprise Data Loss Prevention (DLP) offers centralized management of policy applied consistently throughout information infrastructure, in the data center, on the Web, and at the endpoint. Its integration with the message security gateway capitalizes on natural synergies between control of what enters the enterprise, and what leaves it or circulates internally. The same integration also allows centralized incident management for security policy violations. A Distinctive Advantage in Building a Strategy When DLP is readily integrated with message gateways, its initial adoption becomes much simpler and more cost effective. Not only is this a natural point for integration, it also directly addresses data loss through messaging one of the top concerns of many organizations. When DLP is integrated with message security appliances, no additional hardware is needed to add it to gateway functionality. This reduces costly redundancies not only in hardware but in infrastructure support, improving efficiency while consolidating policy management and control. Such an approach also enables organizations to begin addressing data loss prevention requirements at a natural starting point, without the need to embrace a comprehensive DLP solution at a single stroke. This enables customers to grow a DLP strategy, with message filtration as a natural starting point. When DLP enabled on the message security gateway is compatible with a more comprehensive enterprise DLP solution, expansion can proceed as best fits the enterprise. From there, enterpriseready DLP can be expanded to endpoints, data center content management and storage systems, Web applications, or other resources. The approach also offers consistency in policy management. Comprehensive DLP solutions offer the ability to deploy a consistent classification framework and policies across an organization s infrastructure. When enterprise-compatible DLP technologies are integrated with the message security gateway, they extend this consistency to message security management, even when the gateway platform and the DLP technology are procured and deployed from different vendors. This consistency provides more predictable accuracy rates when looking for sensitive information, regardless of where DLP technology is applied in the data center, at the endpoint, in the distributed network, or at the message security gateway. The Benefits of Integration A progressive approach that begins at the gateway is ideal for allowing organizations to learn and understand the benefits of DLP, and how best to manage it. The introduction of new technology is always a learning process, but in the current economic climate, few organizations can afford to take excessive risks. When enterprise-compatible DLP begins at the message security gateway, organizations have an opportunity to understand how DLP supports information risk management. They are able to learn how to apply control more successfully, giving greatest benefit to the organization with the

6 least adverse impact. They also can learn how people and process factors will affect information risk strategy. Above all, organizations are able to grow their investment as they mature their strategy, for more effective management in the long run. Such an approach also permits organizations to reduce or eliminate redundancies or outright inconsistencies in the way policy and control is defined, managed, and enforced. For example, different product types may offer different classification schemas for recognizing and characterizing information, policy, and enforcement parameters. True integration can reduce or eliminate these inconsistencies, providing not only more comprehensive coverage, but control that is defined and deployed more consistently. It also unifies the management of the message security gateway and DLP under a single pane of glass, with the management of both centralized on a common console. Integration also allows expanded enforcement capability beyond that of either technology in isolation. For example, messages requiring privacy enforcement may be able to leverage the automated application of encryption at the gateway. This helps assure more consistent privacy control while reducing burdens of encryption management on support personnel and end users alike. Realizing the Value Organizations that move substantial volumes of information through messaging gateways will benefit particularly from the approach, since such gateways are a natural control point for security and policy enforcement. They also help optimize the investment in control systems, since the gateway control point may be the central focus of the bulk of information movement within the enterprise and beyond. This has particular appeal for enterprises in financial services, government, health care, and law. One crucial factor must not be overlooked, however: In order to fully realize the benefits of integration, DLP at the message security gateway must lend itself to expansion beyond . Those that handle sensitive or patentable intellectual property shared among partners also should see the value of such an approach. For example, businesses as diverse as aerospace, automotive, and pharmaceutical companies must circulate concepts in development as well as finalized information assets regularly among suppliers, partners, regulators, clinicians, and testing organizations, all in the course of bringing products successfully to market. Techniques to assure consistency in the enforcement of control over these interactions, as well as to simplify control, therefore are highly valued. All these examples are cases in which information must be protected from a range of risks against which few isolated defenses provide comprehensive control. The assurance of privacy and the enforcement of both internal and external regulatory policies indicate the need for a solution such as DLP. The integration of messaging security with DLP at the gateway thus provides a natural point of assurance for these common priorities, in a way that improves the efficiency of both. A Critical Factor One crucial factor must not be overlooked, however: In order to fully realize the benefits of integration, DLP at the message security gateway must lend itself to expansion beyond . This means it must be compatible with enterprise-wide DLP in order to take advantage of the growth opportunity the approach affords. This compatibility also is necessary in order to leverage enterprise-wide consis-

7 tency in policy definition and control. A gateway solution that both stands on its own and is enterprisecompatible offers the potential to centrally define policy once, and extend it everywhere including the gateway, endpoints, Web, and data center. Organizations must consider these future-proofing aspects if they are to move ahead. EMA Perspective The breadth of the information risk management challenge means that it simply is not optional particularly in today s climate to miss opportunities to optimize the investment in control systems. In order to make the most of limited resources, synergies between tools and techniques that make the most of the risk management investment must be sought out actively and built upon aggressively. When it comes to assuring control over a wide range of risk and compliance priorities in messaging systems, few opportunities offer the efficiencies of Data Loss Prevention integrated directly with message security infrastructure. The message security and filtration gateway platform clearly offers extensibility. DLP is directly complementary in enforcing policy control at this point in messaging infrastructure. When DLP can be enabled without additional investment in hardware, the enterprise wins in multiple ways. This approach also offers a level of realism too often rare in information risk management, by allowing organizations to grow their strategy as their approach matures. By beginning with DLP at a natural point of control, organizations can understand initial requirements and refine the approach as experience builds. When the organization is ready to expand to endpoints, the data center, or elsewhere an enterprise-compatible gateway DLP solution preserves the valuable experience gained in policy definition and control. This, however, places a high premium on the enterprise readiness of selected vendors, and the ability of the gateway solution to expand as requirements grow. By partnering in such integration, RSA, the Security Division of EMC, and Cisco represent an alignment of leaders in more than just market strength. RSA s DLP technology is recognized for its innovative content recognition capability that includes technologies such as linguistic analysis to identify sensitive data, backed by the long experience of RSA in domains such as encryption and policy enforcement. With the acquisition of IronPort, Cisco, long dominant in the network, gained a leader in messaging filtration and security that integrates directly with network infrastructure. Together, this partnership expands the potential of both. This gives RSA Data Loss Prevention access to Cisco s resources in network infrastructure, while expanding values complementary to Cisco capabilities in message security and filtration. The capabilities delivered through this integration speak to the ability to expand. The DLP capability integrated with Cisco IronPort message security infrastructure in this partnership is part of RSA s DLP Suite. This suite is a comprehensive Data Loss Prevention solution with a common information classification and policy framework that helps assure control over data at rest and in use. Thus, classification and policy definition applied at the Cisco IronPort gateway can be applied later with the same consistency throughout the enterprise for endpoints and the data center. One of the most significant areas of potential for this partnership lies in Web technologies, where not only messaging but content control itself becomes an important factor for managing security and policy risks. This should have particular appeal for organizations that recognize a clear trend in threats

8 to sensitive information. On both the server and client sides, Web technologies are subject to exploitation as never before. RSA and Cisco already offer the ability to integrate DLP and message filtration functionalities through interoperability with the open Internet Content Adaptation Protocol (ICAP). This enables the RSA DLP Network server and the IronPort Web security gateway to extend DLP to Web environments as well. Looking ahead, this partnership has the potential to extend into Cisco s strategy to offer IronPort message control as a hosted service. This would expand the reach of integrated DLP and message filtration even farther. Such a solution would have appeal to organizations that recognize the potential of hosted message filtration services to ease burdens of administration and management. The ability of Cisco and RSA to deliver a service that integrates with on-premise IronPort appliances would further extend the range of options available to customers of both hosted and appliance-based technologies. These opportunities would expand the flexibility of control over information that must be kept within the enterprise. In every area of management, EMA advocates taking a systematic approach to building a more effective strategy. Rarely has this been more important to the business than at present. Enterprises must make the most of their total investment. At the same time, they must recognize the real dimensions of the information risk management challenge. By starting at a natural point of integration of DLP and message security infrastructure, customers of RSA and Cisco IronPort can embark on an information risk management strategy purpose-built to foster maturity and minimize risks of adoption, with expansion clearly enabled. By partnering in such an approach, RSA and Cisco have demonstrated a commitment to a systematic strategy that customers will value, helping them to start simply and grow sanely toward the assurance of some of their most important business risk concerns. About RSA, The Security Division of EMC RSA, The Security Division of EMC, is a premier provider of security solutions for business acceleration, helping the world s leading organizations succeed by solving their most complex and sensitive security challenges. RSA s information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle no matter where it moves, who accesses it or how it is used. RSA offers industry-leading solutions in identity assurance and access control, data loss prevention, encryption and key management, compliance and security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit and About Cisco Systems Cisco (NASDAQ: CSCO) is a worldwide leader in networking that transforms how people connect, communicate, and collaborate. Information about Cisco can be found at For ongoing news, please go to

9 About Enterprise Management Associates, Inc. Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst firm that specializes in going beyond the surface to provide deep insight across the full spectrum of IT management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help its clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise IT professionals and IT vendors at or follow EMA on Twitter. This report in whole or in part may not be duplicated, reproduced, stored in a retrieval system or retransmitted without prior written permission of Enterprise Management Associates, Inc. All opinions and estimates herein constitute our judgement as of this date and are subject to change without notice. Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. EMA and Enterprise Management Associates are trademarks of Enterprise Management Associates, Inc. in the United States and other countries. EMA, ENTERPRISE MANAGEMENT ASSOCIATES, and the mobius symbol are registered trademarks or common-law trademarks of Enterprise Management Associates, Inc. Corporate Headquarters: 5777 Central Avenue, Suite 105 Boulder, CO Phone: Fax: