Welcome to the second article in this quick quide to Oracle Information Rights Management 11g. Hopefully you’ve just finished the first article which takes you through deploying the software onto a Linux server. This article walks you through the configuration of this new service and contains a subset of information from the official documentation and is focused on installing the server on Oracle Enterprise Linux. If you are planning to deploy on a non-Linux platform, you will need to reference the documentation for platform specific information………

Recently we learnt that BP went about cost savings during the development of the deep water well Horizon. In an attempt to save a mere $10 million by going against the advice of its contractors, methods employed to get the well up and running were below the optimal requirements. Whether BP dismissed Halliburton’s advice we don’t know, but one thing we can say for sure is that in an attempt to save $10 million the following 6 adverse situations have resulted:-

• Costs almost approaching $2 billion and growing
• Loss of ½ its market value
• A significant downgrade in credit rating from AA to BBB; down 6 notches and just above junk status
• Reputational damage likely to linger on for years to come
• Operating in a more regulated environment in the future resulting in increased costs.
• An environmental clean-up bill that will linger on for many years to come.

Although BP’s problem is an environmental issue and top of the agenda of many, so is information security. The public do not tolerate companies that cannot properly secure their personal data entrusted to it. When there is a data breach it is almost as a result of neglect or failure to listen to what the IT security experts are advising. With the cost of a data breach around $200 per data record, how can you justify not spending $50K or $100K on that security tool or taking on additional resources that will reduce the risk of your organisation being found negligent in the way it secures personal data?

Cost cutting is a great tool for businesses to increase profitability, but this has to be done within reason and the best way to achieve this is by identifying were there is waste and cutting it out. However, cost cutting in IT security should be executed with ultimate caution and due diligence. Regulatory compliance requires that certain standards be met, however it makes sense for businesses to go beyond what is required from a regulatory viewpoint because as often found regulatory requirements fall behind the times.

Governments around the world are taking data breaches very seriously by imposing fines and calling the organisation’s management to become accountable. Data breaches like the one experienced by Heartland can last for years, with ongoing costs running into millions, class action law suits and fixing the damage done. Even areas of data security that are not governed by regulatory requirements need to be secured by the best tools and resources available because it impacts the bottom line.

Tools like database encryption, enterprise rights management, data loss prevention and all other forms of perimeter and endpoint security tools are available in the marketplace today, which will in one way or the other give you an edge over the “bad guys”. When it comes to decisions about the environment as well as IT security, when you cut costs you may save a few dollars in the short term you may save pennies, but in the long term you could end up being liable to untold amount in costs. You don’t have to end up like BP or Heartland, take action and secure that data by plugging all your vulnerabilities.

Fasoo Secure Exchange Server

Do you work with external partners and suppliers? Do you have to share confidential or sensitive information with these partners and suppliers, but worried about that information going beyond the permitted parties? This video from Fasoo explains how you can secure information that travels beyond your firewall, with the ability for you to monitor and control that information.

This video tells you about the capability of enterprise rights management, which is also known as information rights management and how it can help secure your sensitive documents.

We’ve all heard it over and over again: protect your personal information because identity theft is one of the most pervasive crimes in the current online and digital environment. A criminal can do a lot with your personal information, which includes destroying your credit history and your credibility……

Google’s decision to start moving away from the Windows operating system because of its vulnerabilities in my opinion represents a seismic shift in the IT industry. Although Google is still silent on this matter, if true many big enterprises will start to look into the feasibility of migrating to other operating systems like Linux, OS X and in the future Chrome OS.

It could be that the security vulnerabilities that we have suffered over the last three decades have been due to our dependency on a predominant operating system namely Windows. Maybe, if we had ten or more operating systems to choose from, and all with equal share of the market we would be less vulnerable than we are today, who knows?

However, no matter how many operating systems are available to us in the future, there will still be the need to protect confidential information like trade secrets, boardroom communications, financial data etc both within the corporate firewall and beyond. So it is becoming imperative that Enterprise Rights Management software vendors begin to observe the current trends and begin to develop a strategy to support the other operating systems like Linux, OS X and Chrome OS.

Enterprise Rights Management vendors that are able to respond to these changes will competitively place themselves to capture the new opportunities on the horizon.

All comments are welcome

With the progress of Enterprise Rights Management it is now possible to access reference materials with the authorised copyright permissions. As a member of a library, material could be sent to you electronically with settings to prevent copying, printing and set to expire after a defined period.

The British library is an example with this capability. They can use Enterprise Rights Management to send copyright materials to its members and have complete control over those documents no matter were they may located in the world. This represents excellent value for its customers who cannot always pay a visit to the library.

As time goes by more libraries will follow this path. There is also potential for significant cost reductions when libraries request material from other libraries, instead of sending bulk material in the post, it can be sent electronically protected by enterprise DRM.

No doubt in the future Enterprise Rights Management also called Enterprise DRM or Information Rights Management will make access to libraries significantly better in the 21st century, especially access to rare historic materials. So next time you visit your library tell them about the benefits of Enterprise Rights Management and how it can help improve its subscriber base.

Some organisations may not see the reason for implementing Information Rights Management because in their view the “cat has been let out of the bag” i.e. confidential documents have been copied many times over. This is a wrong approach, because things will not get better but get worse resulting in a potential embarrassing moment like a data breach.

Implementing Information Rights Management across an organisation can sometimes be challenging especially if the very documents that you want to secure have been copied a number of times all over the organisation. The next step for Information Rights Management vendors is to develop software that can crawl the enterprise’ network and secure all documents that have been copied from the original document. Once a copied document has been identified the policy that was applied to the parent document should be applied to it.

Yes there are a number of questions that still need to be answered, but the benefits could be immense. Maybe this is an idea someone somewhere is already working on!

“We need to talk about security, it’s becoming an issue.” 

article written by Ian Barrs and Reblogged from the Infosecisland website at http://www.infosecisland.com.