Security Manager's Journal: Information rights management: Magic bullet or dud?
Our manager seeks a way to protect information on a network whose perimeter is blurring in the age of SaaS
Computerworld - Like many companies, mine has determined that the best way to expand our IT and business capabilities in these rough economic times is to move increasingly toward software as a service (SaaS) and cloud services. As a result, the perimeter of our network continues to blur. That makes the job of protecting confidential documents on the network increasingly difficult.
For the last year or so, I've been looking at data leak prevention (DLP) technologies to keep track of my company's confidential files. Network-based DLP works by monitoring the network perimeter (typically Internet egress points) for data containing certain keywords, watermarks, fingerprints or other identifiable characteristics. When one or more of these characteristics crosses a network threshold where a monitoring device has been placed, the system can generate an alert or actively block the traffic. This is a good way to stop people from sending internal documents to external e-mail addresses, for example, or uploading them to one of those pesky, ubiquitous file-sharing sites.
But what happens when the documents themselves move into a cloud? Where's the perimeter? We already have a lot of confidential data being generated, stored and used at third-party sites, and it looks like there's going to be a lot of expansion in that direction -- for my company, it's just too expensive to build all the services we need. Getting up and running quickly by using a specialized SaaS or cloud service really does make good business sense. But protecting our data when it's outside our boundaries is a lot harder. Technologies like DLP that rely on listening devices placed at strategic points on the network don't translate easily into a highly distributed environment.
So why not build the protections right into the documents themselves instead of trying to rely on protecting all the places where the documents might go? That's the idea behind information rights management (IRM). Essentially the same as the digital rights management (DRM) technologies used by the music and movie industries to restrict unauthorized use of digital entertainment content, IRM is tailored to documents created in standard desktop publishing and word processing applications. The client-side technology is already built into the office productivity software everyone uses, so once a document is protected, there's no special software needed to open it. The software already knows how to check for permissions such as open (am I allowed to open this file?), copy (can I select text and copy it?) and print (can I print it?). So, in theory, it should be pretty easy to deploy. And if we make the person who creates the document responsible for defining those permissions, we should be able to get the whole thing up and running fairly quickly.
More by J.F. Rice
- Security Manager's Journal: Security flaw shakes faith in Apple mobile devices
- Security Manager's Journal: Cyberattacks just got personal
- Security Manager's Journal: Target breach unleashes fresh scams
- Security Manager's Journal: Giving thanks for SIEM
- Security Manager's Journal: Hashing out secure applications
- Security Manager's Journal: Why the shutdown is like the cloud
- Security Manager's Journal: Thinking about passwords
- Security Manager's Journal: Android panic
- Security Manager's Journal: Auto-forwarded emails could be a huge problem
- Security Manager's Journal: Our network infrastructure has fallen far out of date
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- Firewall Buyers Guide Operate as the core of your network security infrastructure
- Getting Started With a Zero Trust Approach to Network Security The Traditional Approach to Network Security is Failing. View Now>>
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts