- How do you enforce protection of the same data once it leaves the laptop (via email, removable media, etc) ?
- How do you protect the information from other ways of extracting data like print-screen, screen grabbing tools, remote desktop sessions?
- How do you put granular control on information such that certain users can view and edit the document while some others can only view and print the document?All the above questions bring us to the fact that Disk Encryption technology only protect the container in which the data resides and not the data itself!
Why protect the container when the content needs protection ???
Different ways in which data gets leaked out even when full disk encryption is in deployed are-
- Authorized employees parted with the content with unauthorized users in unencrypted form.
- Ex-employees who had access to the information share it with their new organization.
- Employees who had more rights than were required to perform their task manhandled the data (E.g. printing, doing print screen).
- Business partners and vendors received unencrypted information because they did not have the decryption utility at their end. This eventually results in data leaks.
The problem at the heart of the system is that disk encryption is a perimeter-centric technology! There is no way of protecting information once it is available in unencrypted mode or once it moves outside the organizations firewall (perimeter).
To mitigate the above threats, a more holistic and information level security approach needs to be taken. A solution which satisfies the following requirements needs to be taken-
- an information usage control system that would provide security to the content itself without compromising on information sharing
- Capability to control editing, printing, distribution of shared information for each recipient
- Persistent protection of data while it is at rest, in transit and in use
- Capability to control information after it leaves the organizations firewall (i.e. after distribution)
- Full audit trail of authorized and unauthorized activity on the document
- Ability to revoke the usage rights on shared information irrespective of its location
IRM to the rescue
IRM, enables the organization to enforce usage rights on documents. With IRM Document creators can give specific usage rights like WHO (people, groups) can use the information, WHAT (view, edit, print, forward, full control) can the person do with the information, WHEN (specific dates, time spans) can this be done & from WHERE (within the office, at business partner) can the information be used. Documents can also be “deprecated” such that access to old documents residing on desktops can be prevented. Some IRM technologies like the ones offered by Seclore also provide the “audit trail” feature. The audit trail not only guarantees compliance to regulatory standards (e.g. ISO 27000, SOX, HIPPA, Basel2) but also helps in detecting suspicious activities on documents by unauthorized users. Document rights can also be changed post distribution thereby providing additional control on distributed documents.
Thus, IRM solutions take information protection well beyond full disk encryption by ensuring that usage rights are propagated during normal information use. Unlike full disk encryption technology which protects Information only while at rest, IRM offers protection while at rest, when in motion and when in use. Information is protected throughout the entire lifecycle of creation-distribution-use and destruction. Thus with granular control in information even post distribution IRM puts control on information over and beyond what disk encryption offers.
Posts
0 comments:
Post a Comment