Click here for a short white paper on how the Wikileaks saga would never have occurred if the DoD used IRM, and how the technology can help you comply with US export laws. This is the second of a multi-part series of posts (click here for part I) where we look at one of the most neglected areas of export compliance – securing technical data and documentation.
“If you think compliance is expensive, try noncompliance.”
– Former U.S. Deputy Attorney General Paul McNulty.
The Problem With Current Security Measures
Traditional ‘perimeter-centric’ security tools – such as firewalls, DLP, IPS/IDS, SFTP, VPNs – although important in their own way – are united in their focus on securing everything except the actual information. The focus of these tools is not the information itself but rather the area or device where the information is stored or transmitted.
Consider the following:
- Firewalls secure networks,
- Virtual Private Networks (VPNs) secure the transmission channel,
- Disk Encryption tools encrypt the device or the folder,
- Mobile Device Management (MDM) tools secure the device
- And so on…
Each of these tools has an area of jurisdiction. Your confidential files leave the perimeter and jurisdiction of your traditional security solutions because you need to send them outside your corporate firewall to do business.
A famous example is that of Bradley Manning, who leaked 250,000 US Embassy cables (the famous Wikileaks cables) from SIPRNet, the secure intranet of the US Department of Defense. Access to the network was controlled, but access to the cables downloaded from the network was not. Hence, the security was not information-centric but perimeter-centric.
The Question You Need Answered
Securing just the perimeter or the device where the data resides is no longer enough. What you truly need is a solution that secures your information and makes you compliant regardless of where your sensitive information assets g. If only there was somehow a way to secure the actual information itself, then all constraints of information movement, platform, device, endless information audits etc. would be removed.
How IRM Can Help
Information Rights Management (IRM) can help you secure your confidential documentation even after you send it outside your corporate firewall. A few unique benefits that IRM offers are:
- You can assign granular usage permissions to your files: who can open it, what they can do with it (edit, print, copy content, take screen shots etc.)
- You can audit and monitor ALL activities performed on your files centrally
- You can expire information at the click of a button – so that your files lock themselves automatically
- You can change/restrict any usage permission for any user even after sending the files
Read a short white paper on how Information Rights Management (IRM) can help you comply with the technical data security requirements of US export laws. Click here to check us out at the recently concluded BIS update conference!