RSA Security already provides security-implementation capabilities with its BSafe Encryption, Signatures, and Privacy applications in the form of toolkits. But they leave the logic of implementing security measures up to application developers. The addition of Data Security Manager to the BSafe lineup means that security designations are centralized in fewer hands, and decisions are more consistent throughout an organization, rather than being left up to the discretion of development teams, says Chris Parkerson, RSA's senior product manager. It also means fewer applications need security corrections after development.
That should translate to fewer security exposures making their way into production systems. According to a Gartner report, removing 50% of security vulnerabilities in the development process reduces software configuration and incident-response costs by 75%.
Security often is built into applications ad hoc, and the result can be expensive when a problem is found, says Gartner analyst Ray Wagner. A policy-based approach that imposes data-security standards lets organizations more easily control and audit application security, he says.
Using BSafe Data Security Manager, software architects or security managers rate data being used by an application during its design. The product provides a drop-down menu that adds the security mechanisms needed to protect this data
BSafe Data Security Manager will be available Sept. 30 with a developer license priced at $50,000 and an enterprise-deployment license at $250,000. Data Security Manager reflects RSA Security's shift from supplying primarily original equipment manufacturers to directly supplying businesses with security technology, Parkerson says.