CA Technologies has put forward product plans for linking its data loss prevention (DLP) technology with its identity access and management to dynamically restrict individuals from accessing information deemed off limits, in this case, data held in Microsoft SharePoint.
CA's existing SiteMinder product, used for authentication and access management, has been integrated with CA's DLP, called DataMinder, which has a discovery capability known as DataMinder Classification, used to dynamically scan, locate and classify sensitive data held by an organisation.
SiteMinder 12.5, expected out next month, will be able to make use of each individual's identity information to decide with help from the DataMinder Classification function whether the individual should be able to gain access to data stored in Microsoft SharePoint 2010.
"This takes into account what the user can actually do with information," says Michelle Waugh, senior director of security product marketing at CA. "As someone's role changes, what access rights they have get updated correctly." SiteMinder 12.5 with the DataMinder Classification will come with "60 policies out of the box" that organisations can use, says Waugh. Custom policies can also be devised.
Microsoft SharePoint is the focus of CA's first step at linking DLP and access management in this way because it's widely used for collaborative document sharing and thus a good candidate for what CA is calling "content-aware identity and access management." Waugh says CA anticipates applying similar security controls for other applications.
It won't be necessary to acquire CA's entire DLP product for this to work; the CA DataMinder Classification component will reside on a separate server on a network accessible to SiteMinder 12.5. When an individual using SharePoint tries to get to files that have been deemed unnecessary to their role in the organisation, they will be blocked from them.