RSA, the security division of EMC, announced recently its intent to acquire Tablus Inc., a provider of data loss prevention solutions based in San Mateo, California. Tablus is privately-held; further details of the transaction are not being disclosed.
The Tablus solution will add data discovery and classification, monitoring, and data loss prevention capabilities to RSA's data security portfolio, helping enable the company to better meet the market's need for information-centric security by finding and identifying sensitive data; preventing that data from leaking outside the organization; and simplifying the management of data security through policy-driven controls.
Data discovery and classification is a critical first step toward securing data in most organizations, as IT departments grapple with an explosion of digital information to store, manage, and protect. This challenge is complicated by the fact that sensitive data exists in three different forms (database records; messages, such as email; and loose files) and in three different contexts (at-rest on datacenter storage; in-motion through the network; or in-use on laptops, mobile devices, and portable storage).
Comprehensive data discovery and classification must directly address this complexity. To that end, RSA will combine Tablus products with the EMC Infoscape intelligent information management solution to create a common platform that is engineered to enable organizations to discover, classify and take policy-based action on all of their data. Specifically, Tablus's expertise in quickly and accurately locating and protecting valuable intellectual property, sensitive personal information, and security-related content will be combined with Infoscape's solutions for managing data according to specific governance requirements regarding retention and archiving, as well as preparation for litigation support through e-discovery.
An understanding of the information landscape gives organizations the ability to establish and enforce data security policy and prevent data loss. This enforcement can take many forms, from data erasure, bulk encryption and digital rights management to simple movement and quarantine. These various enforcement mechanisms need to be applied at different points in the IT system: at the point of storage, at the point of creation or at other times in the network.
In recognition of this reality, RSA plans to integrate the Tablus offering with its existing data control assets in the fields of encryption, key management, and information rights management, and partner openly with industry leaders to enable policy-driven enforcement of data security where it makes the most sense.
The ability to establish, enforce and audit data security policy is central to this vision. Specifically, enabling policy-driven data security controls throughout the infrastructure that are fully and mutually interoperable would address not only the data security problem, but also the associated cost of operation.
Together with RSA's data security assets, EMC Infoscape and strategic partners, the core technology and intellectual property of Tablus will allow organizations to build robust policy around sensitive data, and distribute the enforcement of that policy as needed when that data is copied, moved or accessed.
Very few vendors have appreciated the interaction across data classification, document life cycle management, archiving, storage optimization, data loss prevention, privacy, auditing and security. All these entities must work in concert to help the organization accomplish its business goals, safeguard its sensitive information and intellectual property, optimize its governance, and reduce its legal vulnerability and expenses. By combining the information rights management capabilities embodied in the Tablus product line into the security division it's clear to us that EMC recognizes the totality of the electronically stored information universe.
RSA's acquisition signals a new stage in the evolution of the data loss prevention market place. Up to this point the DLP space has been the province of smaller firms each trying to eke out a small piece of a nascent but growing market. IBM's Princeton Software was a signal by IBM of its intentions and now that we have seen EMC make its move, we expect to see others like Symantec follow suit, perhaps stimulating a minor scramble to acquire respectable technology early in the market's development.
The key to success in the market, however, is not necessarily technology, but services and linkages to the various service providers in the litigation support market and the SIs who serve the large end users. It remains to be seen if hardware-oriented firms like EMC and its RSA division are able to bridge the gap for their customers.
Copyright © 2007, The Sageza Group