Swiss bank UBS lost out on a major revenue stream when it was discovered that an employee leaked details about the impending GM IPO. This leak meant that GM is required by law to disclose the e-mail in a filing with the U.S. Securities and Exchange Commission.

Up till November 3 UBS was listed as a proposed underwriter in GM’s IPO, however it was dropped without reason. The person who leaked the email, the details of email content and how wide the email was distributed is unknown, but GM said the e-mail went to various institutional investors.

GM has claimed the e-mail does not reflect its views, while GM’s disclosure limits the company’s liability. It’s also unlikely that UBS or the employee would face any repercussions from the SEC but that revenue dent is already made.

It is known that up to 80% of all data breaches do not become public knowledge, and here is a typical case. If it was’nt for the disclosure in the IPO filing the public would be non the wiser. There must be at least 10 major data breaches happening everyday that are impacting revenue, jobs and investor confidence. Data leaks through emails is a big challenge to information security but progress seems to be very slow in this area.

Enterprise rights management have solutions that prevent employees from sending emails to wrong recipients, this solution with data leak prevention or context sensitive DRM can prevent scenarios like the one that happened to UBS. It is estimated that UBS lost £6.2m in revenue as a result of being dropped by GM.

The first enterprise rights management seminar was hosted in London, last week hosted by Documentti and sponsored by Fasoo.com. During the event Jason Sohn the International Business Development Manager at Fasoo identified the key reason why enterprise rights management has been rapidly adopted in Asia more than any other parts of the world.

He said it is not uncommon for an employee to leave one company and turn up in another company in another with the intellectual property of their former employer. Once your Intellectual property is out there you really don’t have any control over who gains access to it. This means your corporate strategy for the next 5 or 10 years could be undone in a few keystrokes.

Read More

Enterprise Rights Management over the years has made great inroads into the protection of computer aided design files. 95% of CAD files represent intellectual property of businesses around the world, however the dark-side to CAD is that in electronic format can be emailed or transferred to another party without the knowledge of the owner of the content.

Today many designs are sent to countries like China, Indonesia and India for manufacturing with confidential disclosure contracts binding on the manufacturer, but what happens if a rogue employee gets hold of the designs and sells it on to other businesses? As an owner of intellectual property like computer aided designs you owe it to the survival of your business to make sure you can monitor where your IP is and be in control of it no matter where it may be located.

Read More

Simon Thorpe of Oracle IRM has just written a post on what follows on from data classification in his quick guide series. For each use case Simon walks through the important decisions made and resulting context design to help you understand how enterprise rights management is used in the real world. This is a must read article with great insights.

To access this interesting post click here

On November 11, 2010 Fasoo.com one of the leading enterprise rights management vendors and Documentti Inc, a UK based partner to Fasoo and the company I work for as a partner will be hosting an enterprise rights management seminar. Keynote speech will be given by Steve Gold, the technical editor of InfoSecurity Magazine. Come and learn why you need to protect your sensitive documents and confidential information. You will also get insights into how enterprise rights management strategically sits within your overall information security strategy.

To register for the seminar click here. We have made every effort to make your stay at the seminar convenient, there will be WIFI access to enable you stay in touch and lunch will be served (please let us know during registration if you have any special dietary requirements). The Grange City Hotel has fantastic access to all means of transport within central London. Click here to see directions to the hotel.

All enquiries about the seminar should be sent to the London Seminar Enquiry

This article by Robert MacMillan is a very interesting read on unstructured data, enterprise rights management and data leakage prevention.

Robert a proponent that IT Administrators are expected to manage permissions to data without knowledge of the business context of the information makes a strong argument for endpoint security tools like enterprise rights management and data leakage prevention within the enterprise to control access to unstructured documents.

You can access this article by clicking here

After last week’s high-profile data breach at ACS:Law, BT wants to halt legal applications to obtain customer details of people alleged to have take part in illegal online file sharing. The telecoms company called for the moratorium and it is likely that other telecoms companies will follow the same route.

This really should not be a big issue since the solution to solve this problem has been around for a while. It is called Enterprise Rights Management and works on the principle of persistent security which means the data cannot be used beyond what has been specified by the data owner, whether the data is in use, at rest or in motion.

Read More

By Ron Arden

I was reading an interesting article in SC Magazine about how a transportation strike in London may be a cause for data loss in the workplace.  The article quotes Mark Darvill, director at AEP Networks, saying about the strike that “… will drive employees to take vast amounts of confidential data out of the office leading to ‘briefcases around the capital becoming data loss ticking timebombs’.”

I never really thought about a strike, or bad weather, or even a holiday being a potential security breach.  Many of us take information home on our laptops to work during the evenings or weekends.  Much of it is not confidential, but there is probably a percentage that is.  It may depend on the industry you are in.  If you are in financial services or healthcare, you probably have access to more confidential information on customers or patients than someone in the transportation business. 

Most businesses and government agencies have procedures for handling confidential and private information as long as you are inside the company or agency.  If you have to work on something at home, there is usually a VPN to connect you to the company network.  That’s good for email and databases, but a lot of us tend to copy things locally when we work on them.  Even if they’re stored in a document management system, when you check them out, they are on your laptop.

Of course one answer to this is to never let anyone copy these documents onto laptops or other portable devices.  That might sound good, but it’s not practical.  There is a tradeoff of productivity versus security.  If there’s a snowstorm and I can’t get to my place of business, I still need to work, so I need access to documents.  If I have to go on an airplane, the same is true.  If I can’t, nothing gets done.

So how can you make sure that a tube strike doesn’t open your company up to a potential data breach? 

First make sure that any communications between workers at home and the business is through a secure connection, like a VPN.  If you have web based access to information, either using SaaS or an on-premise application, make sure it’s using https. 

Next, make sure that any documents going home are encrypted using an Enterprise Digital Rights Management system to control their access.  Even if they get into the wild, you can shut down their access, so they are useless to anyone other than the intended recipient.

Last is to make sure all anti-virus and malware software is current and functioning on laptops, desktops and servers.  This way a worker at home can’t accidentally upload a virus or malware into the corporate network.

This way you can let employees be productive when a strike hits your city or town, without worrying about giving away the keys to the castle.

Ron Arden is the Vice President, Strategy & Marketing at eDocument Sciences LLC a document solutions and enterprise rights management solutions company based in Amherst, New York. This post was originally posted on the eDocument Sciences blog.

Photo credit Annie Mole

Last week I was reading the evening standard while on the train on my way home and my attention was drawn to the story on the recent data theft at Foxtons, the upmarket estate agent chain based around West London. What happened at this company is a classic case of a business not using technology to enforce protection on its intellectual property.

The preference for policy, procedure and discipline to enforce compliance, without using technology to guarantee information security is futile and is clearly not working. If I were a client of Foxton’s and I know that my data can be misused by any employee other than the intended purpose, I will be very worried considering the type of clients it has on its list are mainly high net worth individuals.

Read More

I was reading a short article on the Computer Weekly website about the recent data breach at ACS:Law. The article echoes what I have been saying for quite some time about the security of unstructured documents. Amichai Shulman, chief technology officer at Imperva commented that the recent data breach highlights a hidden security weakness in unstructured data.

Many organisations have spent millions on securing their databases (structured), leaving a big security hole in not addressing the security of unstructured data. What many organisations forget or miss is that all the data in the database is not very helpful to executives and managers if it cannot be interpreted in a way that makes sense.

Read More

Your organisation has just made a decision to lay off staff who are in possession of strategy documents that could result in those  documents remaining in their possession after the layoff. What do you do? What happens when a member of staff with access to sensitive information resigns?

Do you think the confidential agreement signed with that employee is enough to ensure that he or she does not use the information contrary to what has been agreed in the confidential agreement?

As a general rule all organisations should classify all their documents with the aim of identifying the ones that need persistent protection i.e. no matter where the documents are located or how they are being used the organisation has complete control over those documents and can determine when rights to those documents are withdrawn.

Read More

There is a new enterprise rights management web resource called enterprisedrm.net and has been put together to enable you access information on Enterprise Rights Management. This web resource is a vendor neutral portal that contains articles, references to white papers, blogs and the latest news on enterprise rights management marketplace.

The aim of the site is to educate executives, CIOs, security strategists, and information managers the role enterprise rights management has in their overall corporate security strategy.

There is also a discussion forum where anything enterprise rights management can be discussed. Expect to see a lot of useful information on data leakage prevention as there an increasing convergence between both endpoint data security tools.

If you have an interest in enterprise rights management and/or data leakage prevention we would like to hear from you on how we can improve this resource for you and others.

If there is any resource that you would like to add to the site, please send it in to info@enterprisedrm.net and we would add it to the site. The site is a work in progress so expect to see many changes to it.

We are also flexible in that we could also reference white papers, research papers and new items directing them to your website, all you have to do is write an introduction.

We look forward to your contribution to this resource with the aim of educating the marketplace about the importance of persistent security and the role enterprise rights management and data leakage prevention play to achieve that security.

Oracle information rights managment has just released a white paper which I believe defines the future of data leakage prevention and information rights management, also called enterprise rights management.

This paper is an excellent paper and a must read for senior executives, strategists, CIOs and information management and security managers. The introduction to the white paper is summarized below, while this white paper can be accessed by clicking here.

Introduction to the white paper
Organizations face the ongoing challenge of protecting their most sensitive information from being leaked. Two of the most popular solutions used to address this problem are Data Leakage Prevention and Enterprise Rights Management.

This datasheet explains how these technologies are highly complementary
and advises how they can most effectively be used together to provide a complete data leakage solution.

It also describes the integrations today between Oracle Information Rights Management and the DLP products from Symantec, McAfee, InfoWatch and Sophos.

An IT manager with the NHS faces the possibility of going to jail after it was discovered he illegally accessed the records of friends, relatives and colleagues. During his tenure as an IT manager he accessed 431 records.

John Fitzsimmons, director of performance, governance and informatics for NHS Hull, said Trever’s actions were a serious breach of trust. He welcomed the fact a successful criminal prosecution has been brought and that a custodial sentence is being considered.

Even though Mr Fitzsimmons claims it sends out a powerful message to NHS staff and the healthcare community about the importance of data protection, the approach the NHS is taking here is the wrong approach, as staff could find ways to mask their IDs or use ghost IDs to access medical records.

Read More

For the 3rd year running we will be at Oracle Open World! Andy Peet, Oracle IRM product manager and I will be at the whole Open World event in San Francisco. We will be presenting Oracle IRM on Wednesday, details below. We will also be in the demoGrounds area of Open World showing off the latest features of our 11g release. Feel free to come by and say hi!

Session ID: S317363

Session Title: Client-Side Security as a Middleware Service

Date/Location: Wednesday, September 22, 1:00PM | Moscone South, Rm 310

Session Abstract: Information rights management technology is often used to protect highly sensitive information in constrained workflows. Although the technology could clearly provide value in a much wider range of use cases, organizations often face the challenge of training numerous staff members to start classifying their information and to make correct classification decisions. In this session, see how integrating IRM into an enterprise as an identity management service can complement an existing application stack. This can extend the enforcement of information classification policy out to the multitude of devices used to access sensitive information both online and offline around the globe, without the need to change most end user workflows.

Duration: 60 minutes

Speaker(s)/Company: Andy Peet, Oracle, Product Manager & Simon Thorpe, Product Expert.

Source: Oracle IRM Blog