A new managed service to support data loss prevention (DLP) is now being piloted by a Waltham, Mass.-based security vendor Verdasys, which plans to extend the offering to the channel later this year.
Verdasys is specifically targeting the enterprise and midmarket with a cloud-based managed service intended to protect sensitive data while at the same time supporting secure collaboration and compliance requirements.
The offering is currently being marketed as the "Verdasys Managed Service for Information Protection (MSIP)," and it's currently being piloted by a handful of customers, according to marketing vice president Bill Munroe.
"Our customers don't want to have to be security experts anymore," he said. "They don't want to spend the money necessary to keep up with the ever-changing threat landscape. It just becomes too expensive. They don't want to have to purchase 17 different security products from eight different vendors and then try to figure out how to make it all work together. Not only is it expensive to purchase, it's expensive to maintain and can take five or six months to bring online. Then, they end up working with a business partner who does not take IT security very seriously, and everything that they have invested serves no purpose because of vulnerabilities elsewhere."
The service is deployed, configured and administered by Verdasys personnel through the company's secure cloud, which is hosted by Rackspace, as well as a number of other providers across the globe. Promised benefits include enhanced IP and trade secret protection, insider threat management, advanced data risk analysis and policy enforcement, PII/PCI and PHI compliance, advanced cyber defense and management of export control restrictions. Supported platforms include Linux, Mac OS and Windows.
"It's a giant risk assessment for the first five or six days while we are collecting all the data," said Munroe. "Agents that are installed on laptops, desktops, servers and sometimes even networking gear send metadata about what is happening back into the cloud. Because it is metadata that is being sent into the cloud, we can alleviate some of the cloud security concerns. We start with the risk view and show them where the risks are, and then we help them to build control models as to which types of employees should have access to what types of data, the training that each of these classifications will require anywhere specific types of data can be moved. Over time we monitor the results and assess what adjustments might need to be made."
Metadata is encrypted, hashed and digitally signed before being transferred to Verdasys' hosting facilities via FIPS 140-2 certified messaging protocol.
NEXT: Channel Differentiation
Verdasys' Munroe is enthusiastic about the forthcoming channel opportunity, which he says will offer partners a chance to differentiate themselves, as well as further leverage the managed services space.
"The need to differentiate can largely be answered by becoming even more specialized in defending against threats and being able to offer services that integrate a stack of security products with which the partner is familiar, fully trained and can make available through the cloud," he said. "It's easy to stand up a firewall or shut off USB sticks, but it's a lot harder to say, 'I want to enable the use of USB sticks, but I also want to mitigate the risk of losing data. So, I need to understand the data types that move to USB sticks. Who is moving them to USB sticks, and what policies do we need to put into place so that the use of USB sticks is properly controlled?' It's all about policy-based access and policy-based usage, and there's a lack of experts in that area. That's an area where channel partners can truly differentiate."
The service is offered at three levels. The introductory level involves monitoring only and is currently priced on a sliding scale starting at $6 per device per year. The second level adds a layer of user prompts controls, which warns them about potential risky behavior. That service-level begins at $10 per device per year. An optional encryption capability is also available at $14 per device per year.
Munroe added that discussions with a small number of potential channel partners has already begun, and that widespread deployment through the channel is expected later this year.
PUBLISHED JAN. 24, 2013