RSA Eases Security Development

Tool leaves decisions about data-security designations to the pros, not developers; it's expected to reduce after-the-fact response costs
RSA Security Inc. has unveiled its BSafe Data Security Manager, which lets security professionals determine the sensitivity of company data and automatically builds the necessary protection capabilities into applications during the development process.

RSA Security already provides security-implementation capabilities with its BSafe Encryption, Signatures, and Privacy applications in the form of toolkits. But they leave the logic of implementing security measures up to application developers. The addition of Data Security Manager to the BSafe lineup means that security designations are centralized in fewer hands, and decisions are more consistent throughout an organization, rather than being left up to the discretion of development teams, says Chris Parkerson, RSA's senior product manager. It also means fewer applications need security corrections after development.

That should translate to fewer security exposures making their way into production systems. According to a Gartner report, removing 50% of security vulnerabilities in the development process reduces software configuration and incident-response costs by 75%.

Security often is built into applications ad hoc, and the result can be expensive when a problem is found, says Gartner analyst Ray Wagner. A policy-based approach that imposes data-security standards lets organizations more easily control and audit application security, he says.

Using BSafe Data Security Manager, software architects or security managers rate data being used by an application during its design. The product provides a drop-down menu that adds the security mechanisms needed to protect this data

BSafe Data Security Manager will be available Sept. 30 with a developer license priced at $50,000 and an enterprise-deployment license at $250,000. Data Security Manager reflects RSA Security's shift from supplying primarily original equipment manufacturers to directly supplying businesses with security technology, Parkerson says.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing