The company is uniquely positioned as an independent vendor of pure Enterprise Digital Rights Management products

MOUNTAIN VIEW, Calif. - July 11, 2011 - Based on its recent analysis of the enterprise digital rights management (EDRM) market, Frost & Sullivan recognizes Fasoo.com, Inc. with the 2011 Global Frost & Sullivan Award for Competitive Strategy Innovation of the Year. Fasoo.com (Fasoo) has successfully retained its leadership in the Asia-Pacific (APAC) markets and is seeing steady improvement in its global market position based on its unique technology, ongoing R&D improvements, comprehensive product capability and effective use of competitive intelligence.

In the global EDRM market Fasoo competes with Microsoft that has the strength of its Windows Server and Office products, which are mainstay applications for enterprises worldwide. Fasoo’s technology approach is driven by security and practical considerations. By overriding an application’s memory space, it provides a strong approach to document protection that integrates smoothly with the end-user experience even for third party applications, where EDRM vendors do not have access to the program code.

“This is a difficult approach for several reasons, including risk of performance impact and the requirement of keeping pace with application and document format updates,” said Frost & Sullivan Research Analyst Avni Rambhia. “Fasoo has developed the technical strength and deployment process to execute it well.”

Another unique Fasoo’s strength is its ability to scale operations across large enterprises, which are often a patchwork of identity management and client application systems across various enterprises. Fasoo has strong experience in securing information on an enterprise-wide level for large, globally distributed companies. For example, its flagship installation for Samsung spans more than 160,000 internal users and more than one million total users worldwide. No competitor has installations on this scale.

Today, enterprises are shifting from deploying EDRM on a need-basis to employing it uniformly for all enterprise employees. Fasoo’s strategy of combining a highly interoperable product with custom services as needed has positioned it well to organically fulfill this growing demand. In contrast, competitors have tended to focus on formats or deployment environments within their core competency, and to rely on systems integrators or value added resellers to develop and deliver an overall solution for the enterprise.

Fasoo dominates the APAC markets, notably Japan and Korea, and is now expanding into major markets such as China in the East, and North America and Europe in the West, through a combination of strategic partnerships and organic growth. Fasoo is the only major player in the EDRM market who has remained a pure EDRM vendor. While acquisition by large corporations offers competitors the strength of better sales resources and a more established customer base, Fasoo is countering this in two ways. In the North American and European markets, it is joining efforts with established channel partners such as IKON Office Solutions, a wholly owned subsidiary of Ricoh Americas Corporation, and Toshiba America Business Solutions, Inc to reach customers and win market share. Second, Fasoo is being proactively sought out as a partner by leading data loss prevention (DLP) vendors who are trying to break into the APAC region.

“Fasoo effectively articulates shortcomings in competing offerings, while highlighting its own strengths in the context of customer pain points, to craft compelling sales messaging and marketing communication,” said Rambhia. “Its blue ocean strategy is to position the company as a pure EDRM vendor with the technology that is agnostic to asset management, server software and DLP systems, but which interoperates with all market leading applications and platforms and is scalable to meet the needs of large enterprises with global footprints.”

In recognition of its innovative competitive strategies, Frost & Sullivan is proud to recognize Fasoo with the Global Frost & Sullivan Award for Competitive Strategy Innovation of the Year in the EDRM market. Each year, Frost & Sullivan presents this award to the company that has demonstrated uniqueness of strategy, leveraging competitive intelligence to improve market position.

Frost & Sullivan’s Best Practices Awards recognize companies in a variety of regional and global markets for demonstrating outstanding achievement and superior performance in areas such as leadership, technological innovation, customer service and strategic product development. Industry analysts compare market participants and measure performance through in-depth interviews, analysis and extensive secondary research in order to identify best practices in the industry.

Source: Frost & Sullivan

Today I’ll like you to head over to Simon Thorpe’s blog to read his latest blog post titled “Data loss, encryption & security in health care - is your medical data safe?”. It starts off by giving you an idea how bad the level of data breaches are in the health care sectors are especially in the US and UK.

Simon goes on to discuss protecting health care records using persistent security in the form of Enterprise Rights Management, also called Information Rights Management. Persistent security secures records while it is moving over the network, when it being used and when it is stored on any form of storage media.

Simon, I am sorry to say I do not expect data security to get any better over the life of the current parliament as the government has embarked on spending cuts which is most likely to impact data security. Read my post on the UK government spending cuts.

Access Simon’s blog post titled “Data loss, encryption & security in health care - is your medical data safe?” here.

Last month Gartner released another research paper titled “Getting Your Organization Ready to Deploy Enterprise Digital Rights Management”, authored by Eric Quellet who has written many papers on Enterprise Rights Management at Gartner. This paper is based on 4 key findings, 3 of which I think are very significant namely;

• The overcomplication of deployments by attempting to accomplish to many goals.
• A lack of proper preplanning and predeployment activities to successfully leverage Enterprise Rights Management.
• Sometimes Enterprise Rights Management is not the right solution required to protect sensitive documents.

Read More

I was reading a recent article where an employee of the Manchester Police lost a USB drive. The Daily Star that reported the breach wrote that a high-ranking source in the department said whoever lost the drive was in for “a right rollicking”. Meaning some punishment of some sort will be awarded to the person responsible.

But who should be blamed for a data breach, employee or employer? Whenever there is a data breach, it is the person that looses the data who is made the scapegoat. There are many information security endpoint tools that can help users keep confidential data safe from prying eyes. I believe organisations should take a serious look at their internal processes whenever there is a data breach, and ask what can be done to reduce human error or a deliberate effort to steal data. We are all humans and things get lost and forgotten, the question is what needs to be done to make the confidential data inaccessible to unauthorised persons?

Read More

Yesterday, 2nd September 2010 John Stringer, the DLP product manager at Sophos did a guest post on Graham Cluley’s blog. The aim of the post was to explore how Sophos’ Data Loss Protection (DLP) technology can help companies tackling Information Rights Management. I wanted to comment on that post, but found comments were not allowed. The disadvantage of having a blog that does not allow comments, especially if you sell products and services is the perception of a closed or insular company that wants to tightly control everything that is being said. I owe it to my audience to be able to comment on my posts, especially if they don’t agree with what I have written. Moreover, if I sell products and services it is a great opportunity to get feedback from my customers. I am disappointed that comments were not allowed this blog. However, this does not take away what Graham has achieved through his work.

Read More

Last week I did a review on a Gartner paper released in May 2010 titled “Enterprise Digital Rights Management”, following on from this, Gartner released another paper in June 2010 titled “Key Selection Criteria for Enterprise Digital Rights Management Solutions”. This paper before its release was much anticipated by myself and many other professionals who work with Enterprise Rights Management. So does this paper help potential clients know what to consider when it comes to selecting an Enterprise Rights Management solution? Well read on and let’s find out.

This paper was authored by Eric Quellet and Ray Wagner, and they start out by stating that the success of Enterprise Rights Management deployments depends heavily on features, functionality and livability of the solution with end users. Every requirement is different, and organisations should choose their Enterprise Rights Management solution based on what their requirements are and not on what the Enterprise Rights Management solution has to offer. Sometimes an Enterprise Rights Management solution is not what is required, as such a thorough analysis should be carried out as to whether it is the right solution.

Read More

There are occasions when information that has been protected by Information Rights Management is no longer required, this could mean information can be put out into the public domain to encourage further innovation, to address past issues, adopt lessons learnt or to abide by some regulatory or legislation requirement about making information accessible to everyone.

This key factor should be considered when information or data owners should consider when choosing an Information Rights Management solution. I have seen many occasions where there has been a very high emphasis on protecting data with information rights management, but no question has been asked how to remove the protection so that it becomes accessible to all.

For example in the United States the Freedom of Information Act that was signed into law in 1966 allows for the full or partial disclosure of previously unreleased information and documents controlled by the United States Government. In the United Kingdom the Freedom of Information Act 2000 is an Act of the Parliament that introduces a public “right to know” in relation to public bodies in which members of the public can demand for information not in the public domain.  The full provisions of the act came into force on 1 January 2005. In the private sector there have been occasions where businesses have released trade secrets into public domain to encourage further innovation.

Transparency means that for full disclosure protection has to be completely removed from all documents previously protected with information rights management, but partial disclosure means that information protection has to be organised in a logical order to take into account the need to release part of that information into the public domain without compromising information that still needs to be protected.

A lack of strategy to address putting information previously addressed as confidential into the public domain could prove to be more of a headache than implementing Information Rights Management if not adequately addressed during the planning stage. Whatever information rights management solution you decide to go with you need to be assured that you can easily remove the rights protection on any data as easily as you can put it on.

This post on the Oracle Information Rights Management blog emphasizes the need for Enterprise Rights Management. Is there any reason why the secret service should not use this tool to protect highly confidential documents? I cannot see any reason why, especially with the possibility that 3% of the total secret service agents could become rogue agents trying to benefit financially from their insights into secret operations.

Read full post here….

This month the ISACA Singapore Chapter is organizing a dinner talk and networking session on Wednesday, July 21. Amitpal Singh Dhillon, one of our security experts in Singapore, is presenting on the topic of “Information Rights Management - How secure are your confidential documents?”. Those who are CISA certified will attain 2 hours towards ongoing certification with this talk.

Details of the event are (sign up here);

• Time: 6:00pm - 9:00pm (Registration: 6:00pm; Dinner 6:30pm - 7:15pm; Presentation 7:15pm - 9.00pm)
• Venue: National Library Board Building, Level 5, Imagination Room, 100 Victoria Street, Singapore 188064
• Cost: S$30.00 (ISACA/IIA Members), S$45.00 (Non-Members), S$15.00 (Students) / Refer Student Registration below
• CPE: 2 Hours
• Dinner: Buffet Dinner Included (no pork no lard)
• Who Should Attend?: Information Security Managers, Analysts and Architects, IT Managers, IT Auditors, Academia and researchers involved with information systems security awareness, training, education, and professionalism.

The speaker, Amitpal Singh Dhillon is well versed in Information Rights Management and is an Identity Management Security Architect for Oracle in the Asia region. Prior to joining Oracle, Dhillon worked as an Information Systems Engineer on Corporate IdM initiatives at Applied Materials in the Silicon Valley. In addition, he has experienced the typical diversity of products from multiple vendors, including Microsoft, SUN and IBM whilst responsible for implementation of such solutions in an SAP environment. To attend the dinner sign up here. For more information on the event visit the ISACA Singapore Chapter website and look in the current events section.

I recently read a blog post titled “Security Turns off Millennials”. The post refers to a report commissioned by Cisco Systems, in which it claims that overly rigid security requirements and strict policy enforcement do turn off millennials in the workplace. We have always known that this generation are less concerned with sharing their private details publicly compared to the older generations, but I think this may be a wrong stereotype to place on the millenials.

As more of this generation enters the workplace you have a conflict of values no matter the age and size of the organisation. It therefore becomes imperative that organisations remain competitive by locking down their intellectual property. Access to such property should not only be locked down with tools like Enterprise Rights Management, but should have a comprehensive log of who accessed what information and when. This helps employees to become more careful in the way they use the information accessed.

Organisations that allow employee personal devices better have the security tools to manage the threats that come with such leverage. It could be an opportunity for organisations to train this generation the overall impact of a lack of proper IT security controls on a business, its competitiveness and jobs.

Case studies from organisations like Ford, HSBC, Heartland, etc that have suffered serious data breaches should be well documented and communicated to all staff on a regular basis as part of the ongoing IT security strategy. Businesses that take a serious view to IT security could help its employees secure data on their own personal machines by purchasing anti-virus and firewall licenses, and in the future enterprise rights management licenses.

Finally, the millennials are the social media generation, and organisations should endeavour to communicate their message through social media sites. Organisations that do this will be amazed to find out that the generation that is less concerned with IT security have the best ideas to reduce the IT threats in the workplace.

By Vishal Gupta

Data leakage, theft, hacking, compromise, accidental / intentional disclosure are here to stay and it is the responsibility of the employer / owner organization and the user to collectively ensure security while ‘at rest’ and when ‘in transit’.
Policies and procedures require users to ingrain best practices into their work culture but there is always the risk of human error or a slip-up even in highly mature workplaces or even if the users are highly trained and disciplined. An example is the incident of an army Major who had classified data on his computer and this was hacked. The full story can be read here - “Major’s comp hacked, info leak feared”

As the affected organization is the Army it is natural to assume there are strong controls in place and this is clearly this is a case of non-compliance on the part of the officer. Again, though controls are in place and the users are a disciplined and trained lot, this non-compliance has led to a security breach (a worst case scenario) and there is no rollback here. Classified data has been compromised and seems to be in the hands of enemies. There is no telling what will be the repercussion of this loss, and one cannot expect that the Army is going to be sharing any details of their investigation or findings.

While everything seems to be in place it is also obvious that the data would be much safer had it been protected by an Information Rights Management (IRM) system like Seclore. The Information Rights Management solution would have provided the organization with the means to withdraw the rights for all the classified documents on the machine for the user (machine owner) and thus render those documents un-accessible.

Data losses can happen anywhere and anyhow. People carry work home and assume it is safe but risks manifest themselves in different locations in different variants. It is necessary to be safe rather than sorry. A data breach, if not measurable in monetary terms, will cause intangible losses which (eventually) will finally lead to loss of confidence and trust from stakeholders.

This leads to the necessity that security controls extend beyond the enterprise perimeter and an Information Rights Management solution provides this capability. An Information Rights Management solution will allow the organization to establish controls based on document lifecycle policies that address classification, distribution controls and user rights with due consideration of business responsibilities and requirements. The system can be configured to apply these policies by default on the data being created. Alternatively policies can be applied manually and a user can create additional customized controls if needed.

In effect an Information Rights Management solution will provide the means for end-to-end control of data or documents throughout it’s lifecycle. The unique value brought about by this solution is that it allows the owner (individual or organization) to enforce data classification, monitor location of distributed data, actively log data access and retain control of access rights for the data irrespective of its location.

Implementing an Information Rights Management solution will allow Information Security managers to take the enterprise to a higher level of assurance as strong safeguards are embedded into the data assets at time of creation itself and remain so, until destruction or authorized removal.

Vishal is the CEO at Seclore Technology a major player in the Information Rights Management space. Vishal is also an Enterprise Rights Management Evangelist and can be contacted via the Seclore Technology website.

This article is a reblog from the Seclore Technology blog.

Fasoo Secure Exchange Server

Do you work with external partners and suppliers? Do you have to share confidential or sensitive information with these partners and suppliers, but worried about that information going beyond the permitted parties? This video from Fasoo explains how you can secure information that travels beyond your firewall, with the ability for you to monitor and control that information.

This video tells you about the capability of enterprise rights management, which is also known as information rights management and how it can help secure your sensitive documents.

This week saw the acquisition of the Enterprise Rights Management software vendor Liquid Machines by Check Point. This acquisition is a confirmation of further consolidation and integration needed to raise the profile of enterprise rights management software.

In a number of past blog posts I mentioned the superiority of Enterprise Rights Management over full disk encryption and file encryption, and Check Point’s acquisition confirms this because it already has its own file encryption tools. This is a recognition that the benefits of enterprise rights management around persistent security will always be the main advantage it has over any other encryption tool.

From Check Point’s perspective, this acquisition helps the company to leverage their suite of security tools, helping the company to draw from a wider selection of possible tools when recommending solutions to their clients.

I am hoping Check Point has not has not paid way above the market price as there are current pressures for enterprise rights management price tags to come down as price is another key factor to wider acceptance of this technology.

I believe that there will be further mergers and acquisitions in the enterprise rights management area over the next 12 months, but because of the downward pressure on product prices and implementation costs, return on investments will take longer than initially expected. Finally, this acquisition indicates that enterprise rights management is coming of age and will have its place in the enterprises’ overall information security strategy.

Over the years I have seen many software applications become resource intensive that they cause a drag on other resources. Anti-virus programs are normally guilty of falling into this category commonly called as bloatware. Bloatware is normally a result of poor and inefficient programming techniques.

I have observed a new class of software which is persistent on hugging your system resources, and no matter what you do to terminate the application it simply does not go away. This type of software I’ll call goatware, derived from the four legged hoofed animal called goat.

The goat is a very stubborn animal in nature because it has the tendency to return to a crime scene no matter how much you take steps to chase it away, hence goatware. Goatware leads to computer rage and frustration, such as the one seen on Youtube where the man smashes his computer because of the persistent nature of the problem. Although I am a keen supporter for Enterprise Rights Management, my concerns are that as this software evolves it might go down the route of becoming goatware where it hugs system resources like some encryption tools and antivirus software we all know.

The success and continuous acceptance of Enterprise rights management is predicated upon having little or no impact on system resources, as well as not impacting the way users perform their normal duties. So it is imperative that all enterprise rights management software do not hug system resources in a way that will bring about its demise before it becomes a main stream product.

Forrester has just released a market overview on Enterprise Rights Management by Brian Hill and Andrew Jaquith. This is a well written research document with the latest perspective on the Enterprise Rights Management market. Products from 8 key vendors are evaluated namely Adobe Systems, Covertix, EMC, GigaTrust, Liquid Machines, Microsoft, NextLabs and Oracle. Forrester believes that Enterprise Rights Management is among the most robust information protection technologies available to organisations today, yet it is regarded as optional.

This paper asserts that Enterprise rights management enquiries are not as high data loss prevention and is described as a “tweener technology” with very few enterprisewide deployments. The largest deployment I know is 50,000 seats at Samsung in Asia through the software vendor Fasoo, after which many other deployments I know of are 1,000 seats or less. Forrester also expressed that high costs are still a concern and a barrier to adopting this technology, but I can see this barrier being lowered with cost effective solutions now becoming available.

Forrester is optimistic about the future growth of enterprise rights management and describes strategies for deployment. The future for Enterprise rights management lies in further integration with other security tools like DLP and resource management tools like document management systems.

Although this market overview does not cover all the major enterprise rights management vendors; Brainloop, Fasoo and Seclore Technology are among the vendors missing from the list. I highly recommend that any organisation or department considering how to protect their information assets refer to this paper before a final decision is reached.

To obtain this document please go to the forrester website via the following link.