Secure Content Collaboration with Information Rights Management

Page 1 of 3

      Bookmark and Share

BEST PRACTICES SERIES

Information could be the greatest by-product of our new digital era.
Every day enormous amounts of information are created in the form of documents, email, Web sites, and multimedia— all of which is then stored on PCs, much like the one you may be reading this article from. And yet, to date, corporate America has largely overlooked the security of these digital repositories in its rush towards technology advancement and user-ubiquity.

To combat the ebb and flow of information from internal corporate computing networks, corporations, institutions, and organizations alike have, until now, protected their digital documents, multimedia, and code with perimeter-based systems like Virtual Private Networks (VPNs), Access Control Lists (ACLs), secure token FOBs and, in some cases, biometric input devices like hand scanners and eye scanners. For years, corporations the world-wide have spent a considerable amount of capital expenditure to build and maintain their perimeter systems to address the Triple AAAs of Security: Access, Authentication, and Audits.

And yet, as the events of September 11 demonstrated, having a secure perimeter isn't defense enough. In effect, the terrorist strike spawned a resurgence of IT spending in the Information Rights Management (IRM) industry. But in the corporate world, profit demands a greater flexibility from its information and sometimes mandates the ability to instantly collaborate or share this information in a secure way. However, current systems have one inherit and common flaw: Human users with their unpredictable intentions and actions. Job screen- ing, monthly training, and yearly reviews can only account for so much of an individual's true intent and, when the motives are greed or terror-driven, the results can be disastrous.

Information Insurance
In short, IRM solutions provide much needed insurance against a breakdown in the use of your information by users under all scenarios using simple and seamless methods to provide strong encryption and real-time accounting to real-world situations. While no Orwellian Big Brother, IRM is exploding as a tool to manage information easily with persistent policy expressions that can be modified at will, by-the-click, with a basic knowledge of security.

In 2002, the average financial loss from computer security breaches reported for 2001 totaled over two million dollars per company. The most serious financial losses occurred through theft of proprietary information. Yet time and time again when I cite this—on an analyst call or in email or at a tradeshow—people almost refuse to accept it. If you think about it, how hard could it really be to commit information theft, reproduce someone's personal records, or get your competitor's sales plan? Not that hard if you consider a recent report indicating nearly 7 million American's were victims of identity theft and only 1 in 7 identity thieves were caught.

Perimeter systems are a necessity in the security of your corporate IT assets, but most corporations rely on them exclusively, which leaves the security of their information wide open to any and all employees at any time or on any PC. IRM provides a secure barrier between "bad people" and data while offering an easy to use secure conduit through which both the owner and the user can communicate. Information Rights Management will dramatically change the way you collaborate with information on a PC.

PC: Pilfering Petri
It's no secret that Microsoft continues to dominate the PC marketplace with a staggering 87% of the market share according to a recent report by IDC. As a result, America, and the planet at large, is literally covered with PCs using some form of the software behemoth's applications. Even with the looming Linux boom and word that Microsoft continues to make deeper and deeper concessions to keep their large contracts in place, we continue to see large numbers of PCs being deployed on a global basis and don't expect that trend to end. As a result, many software ciompanies focus solely on the PC phenomenon in the development of their applications to manage the rights of information and its movement.

One need look no further than the P2P explosion, which was been, for the most part, "a PC thing." For example, Kazaa, which at last count claimed nearly 4 million users, does not even offer a Mac-based client and, although there are Mac variant applications that use the FastTrack network, their numbers are miniscule compared to the PC-deployed Kazaa client.

I wrote last year that the PC is the greatest petri dish for theft ever invented. If you take a common PC with fast Ethernet, a combo CD/DVD writer, and some free apps found in Google, in seconds you can turn a PC into a multi-format information interchange and exchange appliance. Herein lies the problem. The by-products of these tools could be exact copies of your corporate records or your firm's intellectual property or your big next product launch PowerPoint and with an email outbound or a blank DVD someone can wreak havoc on you or your company intentionally…or not.

With the information theft trend on the rise, there is little consolation for the IT manager or corporate VP responsible for the daunting task of managing millions of zeros and ones they never see or touch. So where do you start in the basics of securing your personal or corporate information? Microsoft thinks the answer is a market-driven commitment to a secure computing baseline or the Next Generation Secure Computing Base (NGSCB was previously called "Paladium") initiative, which is a standard to which all next-generation applications for providing seamless or plug-in IRM will adhere for the security of both users and their information on a PC.

NGSCB takes a PC that was, for the most part, a useless drone in the information food chain and makes it a more secure and accountable platform for creating, consuming, and managing information. It provides the ability for software application vendors to develop IRM applications for the PC that speak directly to the core cryptography of the machine itself. These applications include tools for securing email, Word, Excel, PowerPoint, and PDF documents, as well as Web data like HTML and XML, and management of digital audio and video assets.

It has been said that the real killer app of the Internet is email. Just about every major corporation on the planet depends on email as a cheap and instant form of communication that can enable more efficient collaboration within the workplace. We all know how easy email is to use and access and, if deployed and managed properly, it surely saves money. However, email has been the undoing of CEOs, presidents, lawyers, and everyday users. It's almost unbelievably easy to send an email out to the wrong party, attach the wrong document, or accidentally include the wrong person on a reply. And once it's done, there's no way to undo. It's hard to say how many attachments a day flow through the corporate networks of America to inboxes with little if any security in place.

Scenarios like these keep the folks at Authentica up at night. So they, and many other vendors, are developing a gauntlet of IRM tools that strive to ease the burden of managing secure collaboration and allow for the flexibility that the corporate environment requires.


Page 1 of 3