RSA Security Makes Enterprise Security Development Easier

New tool leaves decisions about data-security designations to security professionals, not developers.
Adding security features to applications under development is a laborious, complicated process. And the IT professionals most informed about security, the chief security officer and security staff, sometimes have the least to say about how it's done.

RSA Security Inc. is trying to change that with its new BSafe Data Security Manager, which allows the security staff to determine the sensitivity of company data and automatically builds the needed protection capabilities into applications during the development process.

Without such an automated system, the details of development steps--such as providing encryption and invoking digital certificates that identify a message sender--can be hard to master. "We hide all that complexity underneath a policy-based approach," says Chris Parkerson, RSA's senior product manager. The developer should be focused on good business logic, not security logic, he says.

RSA Security already provides security implementation capabilities with its BSafe Encryption, Signatures, and Privacy applications in the form of toolkits. But that left the logic of implementing security measures up to developers. Now those capabilities are built automatically as the developer uses designated security settings from security specialists or system architects and invokes the data protections needed.

The addition of Data Security Manager to the BSafe lineup means that security designations are centralized in fewer hands and security decisions are more consistent throughout an organization, rather than being left up to the discretion of development teams, Parkerson says. It also means fewer applications need security corrections after development.

That should mean fewer security exposures making their way into production systems. A Sept. 22 Gartner report, "Management Update: Keys To Achieving Secure Software Systems," says that removing 50% of security vulnerabilities in the development process reduces safe software configuration and incident response costs by 75%.

Gartner analyst Ray Wagner says security today is often built into applications in an ad hoc way, and the result can be expensive when a problem is found. A policy-based approach that imposes data-security standards allows organizations to more easily control and audit application security, he says.

Using BSafe Data Security Manager, software architects or security managers rate data being used by an application during the software design process, and BSafe Data Security Manager provides a dropdown menu that adds the security mechanisms needed to protect it.

BSafe Data Security Manager will be available Sept. 30 with a developer license priced at $50,000 and an enterprise deployment license at $250,000. Parkerson says Data Security Manager reflects RSA Security's shift from supplying primarily original equipment manufacturers to directly supplying businesses with security technology.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing