You may be in control of all within the perimeter of corporate security, but when data leaves that safe haven, information rights management is essential, argues security partner of Deloitte, Paul Boichat.
Controlling access to the most sensitive information and data in an organisation is an age-old problem with a trusted technical solution, but is it fit for purpose in today’s environment.
Click here to access the remaining article……..
Cara Garretson has written an interesting article in the State Tech Magazine on using Enterprise Rights Management tools to help government agencies protect their most sensitive documents.
Cara puts forward a solid case why agencies should adopt Enterprise Rights Management. I believe that 2011 would see the highest rate of adoption for Enterprise Rights Management, as WikiLeaks remains centre stage and many emerging nations turn a blind eye to intellectual-property theft.
To read Cara’s article in the State Tech Magazine click here.
If the survival of your organization revolves around patents and the protection of intellectual property then read what James Dyson, the founder of Dyson vacuum cleaners has to say about why businesses need to keep their eyes on the ball, when it comes to protecting their IP as well making sure the patents are watertight and properly registered.
Access the full article by clicking here
UK government bodies are more vulnerable to data breaches now than ever before. Last week saw the London borough of Ealing and Hounslow council fined £80,000 and £70,000 respectively by the Information Commissioner’s Office (“ICO”) following the loss of two laptops containing sensitive personal information.
I have been consulting with one of these councils for over a year now to consider the deployment of Enterprise Rights Management across the entire organisation but this has not yielded a positive result. The last time I spoke to one of the managers responsible for data security I was told that the council was deep in the middle of their ICT strategy and would not be in a position to review anything outside of that until at least late 2012.
With many jobs on the line in local government, there is a great risk that staff could leave with confidential information with the aim of starting their own businesses or selling the information to third parties. However, it is a shame to say that out of 36 local government authorities I have made contact with, not one seems to have a solid strategy to prevent this from happening.
Even those who eventually keep their jobs will be less motivated to put data protection at the top of their agenda, and as such leave the council vulnerable to all kinds of data breaches. This picture is reflective of all government establishments up and down the country, and if there is the potential for financial gain the more vulnerable the organisation becomes.
The very low uptake of tools like enterprise rights management and data loss prevention is a true reflection of where the government at both the national and local levels. It is unlikely that anyone would loose their jobs when a data breach happens, and as such unless the ICO enforces the adoption of data security tools, it will be hard to stem the data breaches.
The UK government cancelled a highly lucrative contract last week because the company that won the contract illegally gained access to confidential information that allegedly gave it competitive advantage over other businesses bidding for the same contract.
According to the BBC the cancellation of a deal which would have privatised the UK’s search and rescue helicopters raised “serious questions” because the private consortium Soteria that had been named as preferred bidder for the £6bn contract, which was due to run by 2012 had gained access to commercially sensitive information according to the Ministry of Defence.
There have been many occasions access to such sensitive information could lead to a competitive advantage, however, on this occasion it has resulted in a £6bn loss in revenue. This is an situation where going through a due and fair process is the best route to follow even if you loose the contract.
The military police are currently investigating how a former RAF officer now working with Soteria was able to gain access to commercially sensitive information and pass it on to his current employers.
It will be interesting to see how the whole story unfolds, but for now it is unlikely that the contract will be awarded to the private sector and will remain under the Royal Air Force operations.
This story reveals that information security is still not watertight at some of the UK’s most important and strategic organizations and a lot of work still needs to be done to make it highly secured when it comes to managing confidential information.
Over the last 10 years or so there has been a great debate over whether Information Rights Management is a better term over Enterprise Rights Management. However, the more I speak with customers that use Information Rights Management or Enterprise Rights Management, the more I am convinced that Information Rights Management is a better term for the following reasons below:-
Maybe you could have reasons why Information Rights Management is a better term and Enterprise Rights Management or vice versa, it will be great to hear from you. It could well be that keeping both terms is a good thing.
Fasoo.com, Inc., a leading enterprise rights management solution provider, will be launching its latest mobile enterprise rights management solution, Fasoo Mobile Gateway at the RSA Conference in San Francisco from February 15 - 17, 2011.
Fasoo Mobile Gateway extends enterprise digital rights management to mobile computing and enables organizations to apply rights management policies to documents downloaded onto smartphones and tablets. The documents protected by enterprise rights management can be accessed from iPhone, iPad, Android devices, etc. via the Fasoo Mobile Rights Management App. With consumer technologies continuing to infiltrate the workplace, the new mobile solution will enable businesses to better manage and protect sensitive information, much of which is accessed from these unprotected devices. In fact, more than 76 percent of consumers surveyed use their smartphones or tablets to access sensitive or business information, according to a recent global study by Juniper Networks.
Fasoo Mobile Gateway supports various native file formats — such as Microsoft Office, PDFs, etc — on mobile devices. These documents can be accessed from the Fasoo Mobile Rights Management App, without changing file formats. The solution also enables organizations to constantly protect files; control file access privileges of users, groups and/or environments; and track activities of users and files, in addition to changes in configuration.
“Businesses have traditionally struggled to extend protection of their documents outside of the organization. But with mobile devices becoming so ubiquitous, it’s critical for businesses to protect sensitive content — even beyond the walls of their organization,” said Dr. Kyugon Cho, Fasoo founder and CEO. “Fasoo’s new Mobile Rights Management solution effectively fulfills diversified security requirements for mobile devices without compromising mobility and flexibility.”
To learn more about Fasoo, visit www.fasoo.com. The Fasoo stand will be at booth #533 at this year’s RSA conference.
Source: March Communications
Over the weekend I read an article posted on Infosec Island titled “Putting an End to Data Breaches as We Know Them” by Robert Siciliano. Having read the article and the comments I came to the conclusion that even information or data security experts do not fully understand what enterprise rights management is.
So here is the underlying problem; if IT security experts do not understand the full capabilities of enterprise rights management, how can they effectively communicate the benefits or shortcomings to their employers or clients? For me the article on Infosec Island revolves around whether ZafeSoft is enterprise rights management or not.
Even though throughout the website the phrase ‘enterprise rights management’ or ‘information rights management’ is not used, the writer deemed it to be superior to “other” enterprise rights management solutions out there. On the other hand having read through the ZafeSoft website and the features of their products I came to the conclusion that ZafeSoft is enterprise rights management.
ProSTEP iViP is hosting a seminar targeted at engineering companies titled “Protecting Engineering Data with Enterprise Rights Management” in Stuttgart, Germany from February 9-10, 2011. With a rise in the theft of intellectual property in 2010, engineering companies need to invest in their future and the future of their employees by deploying Enterprise Rights Management. Companies like Intel have adopted Enterprise Rights Management, come and see the reason your company should.
Attend this seminar to have all your questions answered on protecting your IP and confidential data with Enterprise Rights Management. Call Yvonne van der Steeg on +49 (0) 6151-9287-446 or email her at yvonne.vandersteeg@prostep.com for a late registration as there may be a few places left.
For further information please visit the ProSTEP iViP website.
Intel recognises enterprise rights management as core to its future and the future of its employees according to its IT performance report for 2010 - 2011 titled “Delivering Competitive Advantage through IT” in which it said,
“We are implementing a secure integrated collaboration solution for our design engineers, with the goal of protecting Intel’s intellectual property while helping to accelerate silicon design. The new solution protects information at all times during creation, storage and transmission, using encrypted files and content repositories with enterprise rights management. This helps engineers be more productive by eliminating the need to secure data using manual methods. We began piloting the solution in 2010 in preparation for widespread deployment in 2011”.
Intel is surely leading the way for companies that depend highly on their intellectual property to survive, and if it is important for Intel to invest heavily in data security, it should serve as a wake up call for businesses especially technology businesses that have a liberal attitude towards the protection of its intellectual property.
Two weeks ago I read a press release about WatchDox about the latest round of funding for this online document security business. In his comments Moti Rafalin, the WatchDox CEO said “Legacy enterprise digital rights management and data loss prevention products are failing to address the problem, and enterprises are realizing documents need to be seamlessly protected and controlled wherever they go.”
So what does Rafalin mean by Legacy enterprise digital rights management and data loss prevention products? Considering that both document security tools are less than 10 years old, what makes them legacy? To understand what he meant by legacy I revisited the WatchDox website to try and understand what WatchDox does that other enterprise rights management solutions don’t do.
First of all I watched the video and everything demonstrated in this video is what most other vendors like Oracle, Fasoo, NextLabs, Covertix and CheckPoint to name a few also have the capability of doing also. So what does Rafalin actually mean by his criticism of WatchDox’s competitors?
On the web page titled “WatchDox vs. DRM, IRM or eDRM”, 4 key differentiators are mentioned between WatchDox and enterprise rights management, namely:-
Under ease of use the main claim is WatchDox’s no client installation; no passwords; no enterprise deployment; no IT; and no hassle. Like WatchDox other vendors like NextLabs and Covertix offer the same no client installation, while a majority of the other vendors offer the remaining features like no passwords and it does not have to be an enterprise deployment, and apart from the server software installation, no further IT involvement is required.
Under facilitating sharing and collaboration WatchDox mentions that traditional DRM solutions typically deal with the insider threat. I definitely know that this is not the case as Fasoo, NextLabs and Oracle have always had a view to providing security both inside and outside the corporate firewall.
Under extended control WatchDox claims that it allows tracking, updating, revoking and changing document permissions even after they had been sent. Again, these are standard features that other enterprise rights management vendors offer in their software.
Regarding cost, other vendors are providing cheaper solutions. Fasoo has a file server solution that costs $5,000 and is implementing a number of SaaS solutions through its partners to lower the entry barrier. Costs from other vendors are also falling in line with the current economic situation in order to remain competitive.
So is WatchDox an enterprise digital rights management solution? I am certain it is, but is it any different from other vendors out there? Yes it is on the basis that it only offers a web based solution. However, there are opportunities for non web based solutions which its competitors offer.
WatchDox is an innovator in the enterprise rights management space because as a business has found a way to lower the barriers to entry from a cost perspective and will continue to challenge the status quo, but is not any significantly different from any other enterprise rights management solution in the marketplace.
Brisbane, AU January 24, 2011 – Protecting documents and eBooks from copy and redistribution can be a daunting task when having to choose from a myriad of protective solutions that cannot thwart the simplest of bandits. But now authors can rest assured that their livelihood can be secured, by using an ArtistScope document solutions to control exactly who and how those documents can be accessed.
Copy protection and DRM have been around for years and most of it is superficial and easily circumvented, but not so with CopySafe technology which provides the most secure copy protection and the only solution that is safe from all copy including Printscreen and screen capture. Combined with ArtistScope’s DRM technology you can now have the most secure document protection imaginable, where even if your document falls into the hands of an unauthorized user, one who has not paid for the privilege, then they will not be able to open it.
But the big plus with the ArtistScope PDF solution and DRM is that as the author of the document, you can change a document’s properties at any time with immediate affect over all documents, even those that have already been downloaded. For example if you want to revoke a user’s privileges or change it so that the document can no longer be printed, then you can simply update that document’s settings at your Control Panel for immediate effect.
With ArtistScope DRM you can control who can open a document, who can print a document and even how many times a document can be opened or printed. And when an expiry date is set, it cannot be foiled in the usual manner by turning back a computer’s clock, because it can use an online timeserver. However you also have the choice of only using the computer’s clock to cater for documents that need to be accessed in the field without Internet access.
Almost any type of file can be converted to PDF and CopySafe PDF Protector can then encrypt it for the most secure copy protection with/without DRM applied. ArtistScope also provide a ready to use online service for DRM validation where you can simply upload your DRM documents and manage subscriptions straight away.
For the PDF Protection software and DRM Portal visit ArtistScope Copy Protection Software.
I was speaking to a senior executive last year who asked what could happen if I don’t use Enterprise Rights Management? My reply was many things, although I could not remember everything single point listed below from the top of my head, I was able to articulate the salient points about the potential risks. So here are some events that could happen if you don’t employ Enterprise Rights Management.
So is your business at risk? Find out what enterprise rights management can do to stem the flow of your confidential information and intellectual property to your competitors.
Yesterday the car manufacturer Renault filed a criminal complaint on an industrial espionage case in which it asserts that a foreign company sought to obtain secrets related to its electric car program.
The case involved 3 executives which have since been suspended. In an age where technology is advancing at a pace never seen in our lifetime, organizations will continue to jostle for dominance. In jostling for dominance like the 3 executives that have been suspended on suspicion to sell corporate intellectual property to a rival car manufacturer, there similar executives who will lay aside corporate ethics to pay for stolen confidential information.
You would think that becoming an executive means that you have earned the trust of your employer, considered to be a person of integrity and on the path to an accomplished career. Therefore considering the risk of being found out and ending a career due to industrial espionage, such an offer is completely out of the question. If you are that promising executive will you will blow the whistle on such an offer? What happens if your are offered say $750K or anything north of $1m for such information, will you say “NO”?
Sachar Paulus of Kuppinger Cole and I rarely agree on the future of Enterprise Rights Management. First of all he still continues to refer to ERM as Digital Rights Management despite that many closely associated with ERM have explained the difference to him. Secondly, he continues to refer to Apple when talking about ERM, unfortunately as great a company Apple is it does not have its own ERM solution.
In his latest post titled “Without standards for DRM and IRM Cloud Security will remain a daydream” Sachar said there is a need for standards on Enterprise Rights Management, again I commented on the post disagreeing with his view that creating a standard for ERM is the last thing that is needed for this security tool.
I come from an interoperability viewpoint and I strongly back the need for interoperability because it will enable ERM clients to switch from one vendor to another as and when they choose to, and I’ll soon expect them to demand this feature.
As far as ERM is concerned I could say that we are still at the primitive level of interoperability which enables the administrator of the document to run a utility that will remove the security on a document or set of documents. This can then be secured using another ERM solution. At this stage not all ERM vendors provide this solution.
Now creating a standard for Enterprise Rights Management is a different ball game altogether. Creating a standard means exposing the architecture of the ERM application, this makes it an target for security breach. All you need is someone to create an algorithm to crack ERM and all solutions out there become vulnerable.
Finally, I may be ranting on about nothing and someone out there disagrees with me. I’ll like to hear your viewpoint; Standards or Interoperability?