Security Manager's Journal: Information rights management: Magic bullet or dud?
Our manager seeks a way to protect information on a network whose perimeter is blurring in the age of SaaS
Computerworld - Like many companies, mine has determined that the best way to expand our IT and business capabilities in these rough economic times is to move increasingly toward software as a service (SaaS) and cloud services. As a result, the perimeter of our network continues to blur. That makes the job of protecting confidential documents on the network increasingly difficult.
For the last year or so, I've been looking at data leak prevention (DLP) technologies to keep track of my company's confidential files. Network-based DLP works by monitoring the network perimeter (typically Internet egress points) for data containing certain keywords, watermarks, fingerprints or other identifiable characteristics. When one or more of these characteristics crosses a network threshold where a monitoring device has been placed, the system can generate an alert or actively block the traffic. This is a good way to stop people from sending internal documents to external e-mail addresses, for example, or uploading them to one of those pesky, ubiquitous file-sharing sites.
But what happens when the documents themselves move into a cloud? Where's the perimeter? We already have a lot of confidential data being generated, stored and used at third-party sites, and it looks like there's going to be a lot of expansion in that direction -- for my company, it's just too expensive to build all the services we need. Getting up and running quickly by using a specialized SaaS or cloud service really does make good business sense. But protecting our data when it's outside our boundaries is a lot harder. Technologies like DLP that rely on listening devices placed at strategic points on the network don't translate easily into a highly distributed environment.
So why not build the protections right into the documents themselves instead of trying to rely on protecting all the places where the documents might go? That's the idea behind information rights management (IRM). Essentially the same as the digital rights management (DRM) technologies used by the music and movie industries to restrict unauthorized use of digital entertainment content, IRM is tailored to documents created in standard desktop publishing and word processing applications. The client-side technology is already built into the office productivity software everyone uses, so once a document is protected, there's no special software needed to open it. The software already knows how to check for permissions such as open (am I allowed to open this file?), copy (can I select text and copy it?) and print (can I print it?). So, in theory, it should be pretty easy to deploy. And if we make the person who creates the document responsible for defining those permissions, we should be able to get the whole thing up and running fairly quickly.
More by J.F. Rice
- Security Manager's Journal: A rush to XP's end of life
- Security Manager's Journal: Security flaw shakes faith in Apple mobile devices
- Security Manager's Journal: Cyberattacks just got personal
- Security Manager's Journal: Target breach unleashes fresh scams
- Security Manager's Journal: Giving thanks for SIEM
- Security Manager's Journal: Hashing out secure applications
- Security Manager's Journal: Why the shutdown is like the cloud
- Security Manager's Journal: Thinking about passwords
- Security Manager's Journal: Android panic
- Security Manager's Journal: Auto-forwarded emails could be a huge problem
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts