RSA Security Makes Enterprise Security Development Easier - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
6/6/2005
10:52 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

RSA Security Makes Enterprise Security Development Easier

New tool leaves decisions about data-security designations to security professionals, not developers.

Adding security features to applications under development is a laborious, complicated process. And the IT professionals most informed about security, the chief security officer and security staff, sometimes have the least to say about how it's done.

RSA Security Inc. is trying to change that with its new BSafe Data Security Manager, which allows the security staff to determine the sensitivity of company data and automatically builds the needed protection capabilities into applications during the development process.

Without such an automated system, the details of development steps--such as providing encryption and invoking digital certificates that identify a message sender--can be hard to master. "We hide all that complexity underneath a policy-based approach," says Chris Parkerson, RSA's senior product manager. The developer should be focused on good business logic, not security logic, he says.

RSA Security already provides security implementation capabilities with its BSafe Encryption, Signatures, and Privacy applications in the form of toolkits. But that left the logic of implementing security measures up to developers. Now those capabilities are built automatically as the developer uses designated security settings from security specialists or system architects and invokes the data protections needed.

The addition of Data Security Manager to the BSafe lineup means that security designations are centralized in fewer hands and security decisions are more consistent throughout an organization, rather than being left up to the discretion of development teams, Parkerson says. It also means fewer applications need security corrections after development.

That should mean fewer security exposures making their way into production systems. A Sept. 22 Gartner report, "Management Update: Keys To Achieving Secure Software Systems," says that removing 50% of security vulnerabilities in the development process reduces safe software configuration and incident response costs by 75%.

Gartner analyst Ray Wagner says security today is often built into applications in an ad hoc way, and the result can be expensive when a problem is found. A policy-based approach that imposes data-security standards allows organizations to more easily control and audit application security, he says.

Using BSafe Data Security Manager, software architects or security managers rate data being used by an application during the software design process, and BSafe Data Security Manager provides a dropdown menu that adds the security mechanisms needed to protect it.

BSafe Data Security Manager will be available Sept. 30 with a developer license priced at $50,000 and an enterprise deployment license at $250,000. Parkerson says Data Security Manager reflects RSA Security's shift from supplying primarily original equipment manufacturers to directly supplying businesses with security technology.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Get Your Enterprise Ready for 5G
Mary E. Shacklett, Mary E. Shacklett,  1/14/2020
Commentary
Modern App Dev: An Enterprise Guide
Cathleen Gagne, Managing Editor, InformationWeek,  1/5/2020
Slideshows
9 Ways to Improve IT and Operational Efficiencies in 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/2/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll