RSA Security Makes Enterprise Security Development Easier - InformationWeek
Software // Enterprise Applications
10:52 PM
Connect Directly
IT Leader's Guide to the Cybersecurity Landscape
May 11, 2017
Thanks to a never-ending stream of major and well-publicized data breaches, security has become on ...Read More>>

RSA Security Makes Enterprise Security Development Easier

New tool leaves decisions about data-security designations to security professionals, not developers.

Adding security features to applications under development is a laborious, complicated process. And the IT professionals most informed about security, the chief security officer and security staff, sometimes have the least to say about how it's done.

RSA Security Inc. is trying to change that with its new BSafe Data Security Manager, which allows the security staff to determine the sensitivity of company data and automatically builds the needed protection capabilities into applications during the development process.

Without such an automated system, the details of development steps--such as providing encryption and invoking digital certificates that identify a message sender--can be hard to master. "We hide all that complexity underneath a policy-based approach," says Chris Parkerson, RSA's senior product manager. The developer should be focused on good business logic, not security logic, he says.

RSA Security already provides security implementation capabilities with its BSafe Encryption, Signatures, and Privacy applications in the form of toolkits. But that left the logic of implementing security measures up to developers. Now those capabilities are built automatically as the developer uses designated security settings from security specialists or system architects and invokes the data protections needed.

The addition of Data Security Manager to the BSafe lineup means that security designations are centralized in fewer hands and security decisions are more consistent throughout an organization, rather than being left up to the discretion of development teams, Parkerson says. It also means fewer applications need security corrections after development.

That should mean fewer security exposures making their way into production systems. A Sept. 22 Gartner report, "Management Update: Keys To Achieving Secure Software Systems," says that removing 50% of security vulnerabilities in the development process reduces safe software configuration and incident response costs by 75%.

Gartner analyst Ray Wagner says security today is often built into applications in an ad hoc way, and the result can be expensive when a problem is found. A policy-based approach that imposes data-security standards allows organizations to more easily control and audit application security, he says.

Using BSafe Data Security Manager, software architects or security managers rate data being used by an application during the software design process, and BSafe Data Security Manager provides a dropdown menu that adds the security mechanisms needed to protect it.

BSafe Data Security Manager will be available Sept. 30 with a developer license priced at $50,000 and an enterprise deployment license at $250,000. Parkerson says Data Security Manager reflects RSA Security's shift from supplying primarily original equipment manufacturers to directly supplying businesses with security technology.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Success = Storage & Data Center Performance
Balancing legacy infrastructure with emerging technologies requires laying a solid foundation that delivers flexibility, scalability, and efficiency. Learn what the most pressing issues are, how to incorporate advances like software-defined storage, and strategies for streamlining the data center.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll