The recent Wikileaks revelation has revealed that protecting confidential data is not about whole disc encryption or simple file encryption, but persistent security such that only those who are entitled to access the documents can do so, and no one else.

Above all, you can track and trace the usage of those sensitive documents no matter where they are located. I truly believe the US government documented comments and conversations that are all now in the public domain, could have been prevented if this type of security was employed.

Organizations should really take a look at what Enterprise Rights Management has to offer and how it can protect the reputation of an establishment be it in the public or private sector, but with the likes of Wikileaks and the insatiable appetite for curiousity it is now becoming an essential tool for information security.

Read More

Employers warned over data security as High Court data theft disputes rise by 313% and first Data Protection Act fines are issued.

Read the entire article on the Telegraph website: http://www.telegraph.co.uk/finance/businessclub/8157244/Companies-warned-as-data-theft-disputes-surge.html

In light of the recent fines imposed by the Information Commissioners’ Office I am yet to read any criticisms as to why it imposed the fines on the Hertfordshire County Council and Sheffield-based A4e. In fact what I am hearing is that the penalty did not go far enough.

According to eWeek Europe online, British consumers would be in favour of stronger regulations for organisations that expose the personal data of their customers, with four out of five supporting mandatory breach disclosure laws, according to a survey carried out by OnePoll and published on Thursday by LogRhythm.

Read More

Yesterday in Michigan, USA a former Ford employee admitted to a theft of $50 million worth of trade secrets and pleaded guilty. The problem with news like this one is the focus is always on the villain and how he or she carried out the crime.

The question that comes to mind for me is how on earth could Ford be so vulnerable to enable an employee steal so many documents in the first place? This should never happen in the first place, especially where you are dealing with something that represents the life blood of an organization.

Read More

Control and Audit document use with LockLizard PDF DRM Software

If you are looking to control who is using your PDF documents, and how they are being used, then look no further than LockLizard Safeguard Enterprise PDF Security.

Safeguard Enterprise PDF Security, is LockLizard’s latest Digital Rights Management (DRM) software product providing PDF DRM protection to the large publisher or corporate enterprise.

Apart from preventing intellectual property theft by controlling document use, Safeguard Enterprise PDF Security enables publishers to track how authorized users are using their documents (when they are viewed, when and how many times they are printed, etc.).

Safeguard Enterprise PDF Security prevents PDF copying, sharing, modifying and screenshots, controls document expiry, stops printing (or lets you control the number of prints allowed) and enforces dynamic watermarks.  Individual user details can be displayed on documents when they are viewed and/or printed to deter casual copying by digital cameras or photocopies. If publishers feel their documents are being misused then they can instantly revoke access to them.

Safeguard Enterprise PDF Security entry level pricing is just $4995 for a subscription license, with perpetual and own server licenses available. More information can be found at http://www.locklizard.com/pdf_drm_security.htm

Swiss bank UBS lost out on a major revenue stream when it was discovered that an employee leaked details about the impending GM IPO. This leak meant that GM is required by law to disclose the e-mail in a filing with the U.S. Securities and Exchange Commission.

Up till November 3 UBS was listed as a proposed underwriter in GM’s IPO, however it was dropped without reason. The person who leaked the email, the details of email content and how wide the email was distributed is unknown, but GM said the e-mail went to various institutional investors.

GM has claimed the e-mail does not reflect its views, while GM’s disclosure limits the company’s liability. It’s also unlikely that UBS or the employee would face any repercussions from the SEC but that revenue dent is already made.

It is known that up to 80% of all data breaches do not become public knowledge, and here is a typical case. If it was’nt for the disclosure in the IPO filing the public would be non the wiser. There must be at least 10 major data breaches happening everyday that are impacting revenue, jobs and investor confidence. Data leaks through emails is a big challenge to information security but progress seems to be very slow in this area.

Enterprise rights management have solutions that prevent employees from sending emails to wrong recipients, this solution with data leak prevention or context sensitive DRM can prevent scenarios like the one that happened to UBS. It is estimated that UBS lost £6.2m in revenue as a result of being dropped by GM.

The first enterprise rights management seminar was hosted in London, last week hosted by Documentti and sponsored by Fasoo.com. During the event Jason Sohn the International Business Development Manager at Fasoo identified the key reason why enterprise rights management has been rapidly adopted in Asia more than any other parts of the world.

He said it is not uncommon for an employee to leave one company and turn up in another company in another with the intellectual property of their former employer. Once your Intellectual property is out there you really don’t have any control over who gains access to it. This means your corporate strategy for the next 5 or 10 years could be undone in a few keystrokes.

Read More

Simon Thorpe of Oracle IRM has just written a post on what follows on from data classification in his quick guide series. For each use case Simon walks through the important decisions made and resulting context design to help you understand how enterprise rights management is used in the real world. This is a must read article with great insights.

To access this interesting post click here

On November 11, 2010 Fasoo.com one of the leading enterprise rights management vendors and Documentti Inc, a UK based partner to Fasoo and the company I work for as a partner will be hosting an enterprise rights management seminar. Keynote speech will be given by Steve Gold, the technical editor of InfoSecurity Magazine. Come and learn why you need to protect your sensitive documents and confidential information. You will also get insights into how enterprise rights management strategically sits within your overall information security strategy.

To register for the seminar click here. We have made every effort to make your stay at the seminar convenient, there will be WIFI access to enable you stay in touch and lunch will be served (please let us know during registration if you have any special dietary requirements). The Grange City Hotel has fantastic access to all means of transport within central London. Click here to see directions to the hotel.

All enquiries about the seminar should be sent to the London Seminar Enquiry

This article by Robert MacMillan is a very interesting read on unstructured data, enterprise rights management and data leakage prevention.

Robert a proponent that IT Administrators are expected to manage permissions to data without knowledge of the business context of the information makes a strong argument for endpoint security tools like enterprise rights management and data leakage prevention within the enterprise to control access to unstructured documents.

You can access this article by clicking here

After last week’s high-profile data breach at ACS:Law, BT wants to halt legal applications to obtain customer details of people alleged to have take part in illegal online file sharing. The telecoms company called for the moratorium and it is likely that other telecoms companies will follow the same route.

This really should not be a big issue since the solution to solve this problem has been around for a while. It is called Enterprise Rights Management and works on the principle of persistent security which means the data cannot be used beyond what has been specified by the data owner, whether the data is in use, at rest or in motion.

Read More

By Ron Arden

I was reading an interesting article in SC Magazine about how a transportation strike in London may be a cause for data loss in the workplace.  The article quotes Mark Darvill, director at AEP Networks, saying about the strike that “… will drive employees to take vast amounts of confidential data out of the office leading to ‘briefcases around the capital becoming data loss ticking timebombs’.”

I never really thought about a strike, or bad weather, or even a holiday being a potential security breach.  Many of us take information home on our laptops to work during the evenings or weekends.  Much of it is not confidential, but there is probably a percentage that is.  It may depend on the industry you are in.  If you are in financial services or healthcare, you probably have access to more confidential information on customers or patients than someone in the transportation business. 

Most businesses and government agencies have procedures for handling confidential and private information as long as you are inside the company or agency.  If you have to work on something at home, there is usually a VPN to connect you to the company network.  That’s good for email and databases, but a lot of us tend to copy things locally when we work on them.  Even if they’re stored in a document management system, when you check them out, they are on your laptop.

Of course one answer to this is to never let anyone copy these documents onto laptops or other portable devices.  That might sound good, but it’s not practical.  There is a tradeoff of productivity versus security.  If there’s a snowstorm and I can’t get to my place of business, I still need to work, so I need access to documents.  If I have to go on an airplane, the same is true.  If I can’t, nothing gets done.

So how can you make sure that a tube strike doesn’t open your company up to a potential data breach? 

First make sure that any communications between workers at home and the business is through a secure connection, like a VPN.  If you have web based access to information, either using SaaS or an on-premise application, make sure it’s using https. 

Next, make sure that any documents going home are encrypted using an Enterprise Digital Rights Management system to control their access.  Even if they get into the wild, you can shut down their access, so they are useless to anyone other than the intended recipient.

Last is to make sure all anti-virus and malware software is current and functioning on laptops, desktops and servers.  This way a worker at home can’t accidentally upload a virus or malware into the corporate network.

This way you can let employees be productive when a strike hits your city or town, without worrying about giving away the keys to the castle.

Ron Arden is the Vice President, Strategy & Marketing at eDocument Sciences LLC a document solutions and enterprise rights management solutions company based in Amherst, New York. This post was originally posted on the eDocument Sciences blog.

Photo credit Annie Mole

Last week I was reading the evening standard while on the train on my way home and my attention was drawn to the story on the recent data theft at Foxtons, the upmarket estate agent chain based around West London. What happened at this company is a classic case of a business not using technology to enforce protection on its intellectual property.

The preference for policy, procedure and discipline to enforce compliance, without using technology to guarantee information security is futile and is clearly not working. If I were a client of Foxton’s and I know that my data can be misused by any employee other than the intended purpose, I will be very worried considering the type of clients it has on its list are mainly high net worth individuals.

Read More