They’re both in entertainment – well, that is if you consider politics entertaining these days. They both have had a lot of publicity lately and they both have compromised their reputations due to unprotected emails containing very sensitive information.
Most of the time organizations worry about securing files that contain sensitive information, but emails contain highly confidential information as well. In the case of Hillary’s emails, her request to use her personal email account for work was granted. Fortunately the Government did not experience a national crisis with Hillary’s “top secret” emails being hacked. However, a media frenzy is now being generated as it becomes open knowledge that sensitive information now resides on unprotected servers outside of the Government’s control.
In Sony’s case, the emails were on their secured server. Once these servers got hacked however, sensitive information contained in emails (or to some, juicy gossip about spoiled celebrities and salaries) was shared with the world, giving Sony a huge black eye; millions lost in revenue, early release of movies titles, and executive resignations.
In either situation, had the emails been protected with Enterprise Rights Management (ERM) , both Hillary and the executives at Sony would not have made headlines. An ERM system persistently protects the content in the email and the files that are attached. This persistent protection ensures that only the authorized recipient can view and use the email and the attachments. Regardless of where the email and file are stored (secured or unsecured server), how it is shared (email, file-sharing, etc.) or even what device is used to access the content, if the information is protected by ERM, it could only be accessed by the intended recipient. Furthermore, the sender can control how the file can be used by the recipient including control over whether the content can be viewed, edited, cut/pasted, screen captured, and printed. These permissions remain with the file wherever it travels or is stored, putting the sender in full control of their email content and attachments.
What is also interesting in the latest “Hillary” news is that the classified information was sent to individuals that did not have high enough clearance. If these emails and files had been protected with an ERM system, rights to these emails would have been easily revoked. ERM also offers a detailed audit trail showing exactly who received the content and what they did with it. Instead countless hours are being spent reviewing how the intelligence was shared, replied to, and copied.
In Sony’s situation, their emails were not sent outside the organization. Their information was residing on servers within the company’s secured perimeter. However, just like we talked about in an earlier blog, The Buck Stops Here, cybercriminals got through Sony’s multiple layers of security to reach the content on servers. Because ERM will protect data-at-rest, if Sony had ERM in place, the hackers would not have been able to access and share this sensitive information.