Intel recognises enterprise rights management as core to its future and the future of its employees according to its IT performance report for 2010 - 2011 titled “Delivering Competitive Advantage through IT” in which it said,

“We are implementing a secure integrated collaboration solution for our design engineers, with the goal of protecting Intel’s intellectual property while helping to accelerate silicon design. The new solution protects information at all times during creation, storage and transmission, using encrypted files and content repositories with enterprise rights management. This helps engineers be more productive by eliminating the need to secure data using manual methods. We began piloting the solution in 2010 in preparation for widespread deployment in 2011”.

Intel is surely leading the way for companies that depend highly on their intellectual property to survive, and if it is important for Intel to invest heavily in data security, it should serve as a wake up call for businesses especially technology businesses that have a liberal attitude towards the protection of its intellectual property.

Sachar Paulus of Kuppinger Cole and I rarely agree on the future of Enterprise Rights Management. First of all he still continues to refer to ERM as Digital Rights Management despite that many closely associated with ERM have explained the difference to him. Secondly, he continues to refer to Apple when talking about ERM, unfortunately as great a company Apple is it does not have its own ERM solution.

In his latest post titled “Without standards for DRM and IRM Cloud Security will remain a daydream” Sachar said there is a need for standards on Enterprise Rights Management, again I commented on the post disagreeing with his view that creating a standard for ERM is the last thing that is needed for this security tool.

I come from an interoperability viewpoint and I strongly back the need for interoperability because it will enable ERM clients to switch from one vendor to another as and when they choose to, and I’ll soon expect them to demand this feature.

As far as ERM is concerned I could say that we are still at the primitive level of interoperability which enables the administrator of the document to run a utility that will remove the security on a document or set of documents. This can then be secured using another ERM solution. At this stage not all ERM vendors provide this solution.

Now creating a standard for Enterprise Rights Management is a different ball game altogether. Creating a standard means exposing the architecture of the ERM application, this makes it an target for security breach. All you need is someone to create an algorithm to crack ERM and all solutions out there become vulnerable.

Finally, I may be ranting on about nothing and someone out there disagrees with me. I’ll like to hear your viewpoint; Standards or Interoperability?

In light of the recent fines imposed by the Information Commissioners’ Office I am yet to read any criticisms as to why it imposed the fines on the Hertfordshire County Council and Sheffield-based A4e. In fact what I am hearing is that the penalty did not go far enough.

According to eWeek Europe online, British consumers would be in favour of stronger regulations for organisations that expose the personal data of their customers, with four out of five supporting mandatory breach disclosure laws, according to a survey carried out by OnePoll and published on Thursday by LogRhythm.

Read More

Yesterday in Michigan, USA a former Ford employee admitted to a theft of $50 million worth of trade secrets and pleaded guilty. The problem with news like this one is the focus is always on the villain and how he or she carried out the crime.

The question that comes to mind for me is how on earth could Ford be so vulnerable to enable an employee steal so many documents in the first place? This should never happen in the first place, especially where you are dealing with something that represents the life blood of an organization.

Read More

After last week’s high-profile data breach at ACS:Law, BT wants to halt legal applications to obtain customer details of people alleged to have take part in illegal online file sharing. The telecoms company called for the moratorium and it is likely that other telecoms companies will follow the same route.

This really should not be a big issue since the solution to solve this problem has been around for a while. It is called Enterprise Rights Management and works on the principle of persistent security which means the data cannot be used beyond what has been specified by the data owner, whether the data is in use, at rest or in motion.

Read More

Last week I was reading the evening standard while on the train on my way home and my attention was drawn to the story on the recent data theft at Foxtons, the upmarket estate agent chain based around West London. What happened at this company is a classic case of a business not using technology to enforce protection on its intellectual property.

The preference for policy, procedure and discipline to enforce compliance, without using technology to guarantee information security is futile and is clearly not working. If I were a client of Foxton’s and I know that my data can be misused by any employee other than the intended purpose, I will be very worried considering the type of clients it has on its list are mainly high net worth individuals.

Read More

I was reading a short article on the Computer Weekly website about the recent data breach at ACS:Law. The article echoes what I have been saying for quite some time about the security of unstructured documents. Amichai Shulman, chief technology officer at Imperva commented that the recent data breach highlights a hidden security weakness in unstructured data.

Many organisations have spent millions on securing their databases (structured), leaving a big security hole in not addressing the security of unstructured data. What many organisations forget or miss is that all the data in the database is not very helpful to executives and managers if it cannot be interpreted in a way that makes sense.

Read More

Today I’ll like you to head over to Simon Thorpe’s blog to read his latest blog post titled “Data loss, encryption & security in health care - is your medical data safe?”. It starts off by giving you an idea how bad the level of data breaches are in the health care sectors are especially in the US and UK.

Simon goes on to discuss protecting health care records using persistent security in the form of Enterprise Rights Management, also called Information Rights Management. Persistent security secures records while it is moving over the network, when it being used and when it is stored on any form of storage media.

Simon, I am sorry to say I do not expect data security to get any better over the life of the current parliament as the government has embarked on spending cuts which is most likely to impact data security. Read my post on the UK government spending cuts.

Access Simon’s blog post titled “Data loss, encryption & security in health care - is your medical data safe?” here.

I found this interesting article on the computer weekly website on how to protect data that is circling outside the enterprise firewall on non-IT-controlled devices, written by Andrew Jaquith of Forrester Research. This article recognises that the enterprise security perimeter is quickly dissolving, therefore organisations should take the necessary steps to deploy the right tools that allow for persistent security.

I previously reviewed a research paper on enterprise rights management authored by Andrew on this blog, and I recommend that you also read this article, especially if data protection is one of the area of concerns for you and your organisation. Now head off to the computer weekly website and read the five patterns for securing data on devices you don’t own.

To access the article click here…..

I was reading a recent article where an employee of the Manchester Police lost a USB drive. The Daily Star that reported the breach wrote that a high-ranking source in the department said whoever lost the drive was in for “a right rollicking”. Meaning some punishment of some sort will be awarded to the person responsible.

But who should be blamed for a data breach, employee or employer? Whenever there is a data breach, it is the person that looses the data who is made the scapegoat. There are many information security endpoint tools that can help users keep confidential data safe from prying eyes. I believe organisations should take a serious look at their internal processes whenever there is a data breach, and ask what can be done to reduce human error or a deliberate effort to steal data. We are all humans and things get lost and forgotten, the question is what needs to be done to make the confidential data inaccessible to unauthorised persons?

Read More

The Office of Inadequate Security recently reported a major data breach at East Devon District Council where the personal data of almost 2,000 council workers was leaked. The incident happened when a former manager of the council sent the data in an excel file to a private email address.

The council says the incident was “unauthorised” and affects 1,891 staff, councillors, employees of Leisure East Devon and pensioners formerly employed at the council. This is a situation that could have been prevented using both Data Leak Prevention (DLP) and Enterprise Rights Management (ERM).

Read More

Enterprise Rights Management Video Promotion (30 seconds)

Watch this 30 second clip on why you are better of with Enterprise Rights Management than resulting to legal action to recover your stolen intellectual property.

Via: Credit Score - click on image to view a zoomed out image.