Oracle IRM, the official blog

A frequently asked question is: "What happens when the person who encrypted a number of files leaves the organization?". The concern behind the question is that an organization might find itself locked out of its own information assets, with critical business processes being held up while administrators figure out how to regain control so that policy can be amended as required.

A related question is: "What happens when an author changes role?". Most IRM solutions reserve special privileges for the original authors of documents, such that they may retain access after moving away from a particular project or role, creating security and compliance issues. They may also continue to be called upon to modify policy for those documents long after they have moved out of the relevant position.

With most solutions, the reponse is not to worry because a superuser can always identify all of the documents owned by the outgoing user and transfer their ownership to someone else. Unfortunately, this means that IT override of access rights is a matter of routine, as staff turnover is an ongoing process. It also means that the new owner suddenly becomes responsible for, potentially, a large number of documents protected in a variety of ways by someone who can no longer be referred to for clarification.

With Oracle IRM, the answer is much cleaner. In standard deployments, the solution places no particular significance on who authored a document - documents belong to their classifications rather than to the individuals or applications that created them. If an author leaves the organization or the project, their documents continue to be protected according to classification policy. The author himself may well lose access rights because his account has been deleted, or because his rights have been updated to reflect a change of responsibilities within the organization.

Released today is the latest version of the client software in the Oracle IRM technology suite, the IRM Desktop. As part of the move of the technology into Oracles Fusion Middleware platform the new release now supports the following 27 languages!

To ensure compatibility with the latest platforms we have also added support for;

• Windows 7 operating system
  
• Adobe Reader 9.2
  
• Lotus Notes 8.5
  

Right-click Unseal option

Choices about what happens to the unprotected originals of sealed files

You can download this version from the Oracle Technology Network (OTN). More information can also be found in the release notes.

Whilst responding to an RFI I needed to describe how information rights management was positioned against many other types of technologies that use encryption to protect documents and emails. I thought it would make sense to write up the response on the blog. The diagram below really highlights how information rights management is at the leading edge of using cryptographic technologies to protect your confidential information.

Information security is a crowded and confusing marketplace. Many security solutions are really infrastructure security, because they secure IT infrastructure and users from information (for example anti-virus, anti-spam, intrusion detection). Some information security solutions only attempt to secure information from external attack (for example firewalls).

This diagram above illustrates the evolution of "information-centric" solutions that, by securing information directly, attempt to secure information from accidental or deliberate leakage by internal and external users. This diagram is not entirely even-handed in that it does not show the benefits of earlier solutions, just their critical shortcomings - but the idea is to show how IRM for the first time sufficiently solves these limitations to be the first truly enterprise-viable "information centric" solution.

Information-centric security started with products like PGP, which used public key infrastructure (PKI) encryption to encrypt information, and provided document and email encryption products. Products like PGP have two killer shortcomings. Firstly they ask busy non-technical business people to understand and personally manage the principles of PKI cryptography - pass phrases, public keys, private keys, digital signing, encryption, decryption, public key rings, certificates, etc. And then, after jumping through all these PKI hoops, the PGP-like technologies still just pass the decrypted information off into the clear (decrypted) to the document and email applications, from which they can easily and untraceably be redistributed - there is no post-delivery protection or tracking. Invasive to user workflows and with dubious benefits (most leaks are made, accidentally or deliberately, by end users - not by eavesdropping on networks) these solutions have over a long period gained minimal traction. Many people have briefly played with PGP, or something like it, but it is rare to meet someone who still does.

"In-delivery" secure email products built on the encryption capabilities of PGP-like products, in an email context. As organizations began to see email as their leading vector for information leakage (deliberate or accidental - how often have you sent a confidential email to the wrong user?) they sought solutions for securing email. Almost all of these solutions operate by intercepting outbound emails, and for those marked or scanned as being confidential, they place them on an SSL-protected web site and send on a replacement email with a link back to the original email on the SSL-protected web site. When the users follow the link to collect the email they are typically required to authenticate and the original email is then obtained over a secure SSL connection. So the shortcomings of these solutions are clear - again they provide no post-delivery security (authorized users can still save out in the clear and forward), they only defend against eavesdropping (which is a much less common threat than redistribution) and is ultimately an email-only point solution. While email remains the leading means of sharing information, there is also a huge amount of sharing via file shares, web, USB devices, etc.

The next major evolution of "information centric" security, which is currently generating significant interest, is gateway- or desktop-based filtering/monitoring. These technologies install software agents into gateways (such as email servers or web servers) or desktops that monitor outbound information flows, and scan the outbound emails, attachments and web pages for confidential information (such as social security numbers). It remains to be seen how effective these solutions are in practice, because they tend to be primarily passive (they are often detuned to prevent them blocking outbound information flows as a result of false positives) and act more as a deterrent; because they must monitor a bewildering number of perimeters in a modern network to be effective; and must sift through a staggering amount of legitimate traffic looking for a hopefully small amount of illegitimate traffic. But the fundamental shortcoming of these filtering/monitoring solutions is that they are effectively enterprise spyware: spying on internal information flows. Unfortunately most sensitive business processes involve sharing confidential information with external parties, and they are never going to allow your organization to spy on their networks to protect your information. So it would seem absurdly incomplete to spy on your own employees and then send the same confidential information unprotected and untracked into the networks of your partners, customers and suppliers.

Nevertheless there are considerable synergies between monitoring/filtering technologies and IRM - to help automate the sealing/classification of information. This is seen in the recent integrations between both DLP vendors and IRM vendors.

Oracle Information Rights Management (IRM) is very much an evolution from all these earlier technologies. It uses the PKI encryption from PGP-style products, but hides all the complexity from end users. It uses the close integration with leading email clients of secure email. It shares the same desktop agent and policy server profile of desktop filtering, but is only active in the context of sealed/classified information. But unlike preceding solutions Oracle IRM provides pro-active, post-delivery protection and tracking; works just as well outside the firewall as inside; has a classification-based rights model that completely hides all the complexity of encryption and makes policy management straightforward; and secures documents, emails and web pages regardless of how they are shared - so Oracle IRM it is a significantly more complete solution.

Over the weekend a document containing confidential information from one of the most secretive panels in Congress was floating about on an peer-to-peer network. Apparently a junior member of staff went home to work on the memo and stored the document on a computer that also ran peer-to-peer networking software. The inevitable happened and the document was whisked away to the file sharing network to be available to thousands of other computers.The 22 page report contains details of sensitive ethics probes involving more than 30 lawmakers and aides compiled by the ethics committee in the House of Congress.

The ethics committee is one of the most secretive panels in Congress, and its members and staff members sign oaths not to disclose any activities related to its past or present investigations. The 22-page "Committee on Standards Weekly Summary Report" gives brief summaries of ethics panel investigations of the conduct of 19 lawmakers and a few staff members. It also outlines the work of the new Office of Congressional Ethics, a quasi-independent body that initiates investigations and provides recommendations to the ethics committee. The document indicated that the office was reviewing the activities of 14 other lawmakers. Some were under review by both ethics bodies. The leaked document, which was reported to the Washington Post, caused Democrat Zoe Lofgren, chairwoman of the House Ethics Committee, to interrupt House voting. She announced that the Washington Post had obtained a confidential ethics report and the newspaper had been contacting lawmakers named in the document. She described the release of the sensitive document, as a form of hacking. This incident highlights the dangers of not correctly protecting your most confidential information. Unfortunately the blame is usually pointed at the person who didn't follow instructions on how to handle such data. In this incident the member of staff was fired and the committee "is taking all appropriate steps to deal with this issue,". According to house administration rules, they require that if a lawmaker or staff member takes work home, "all users of House sensitive information must protect the confidentiality of sensitive information" from unauthorized disclosure. I wonder what technologies are actually implemented to aid lawmakers and staff with actually protecting this information.

"I regret to report that there was a cyberhacking incident of a confidential document of the committee," Zoe Lofgren, (D CA)

Information Rights Management could have easily helped avoid this situation. The memo could have been encrypted and secured allowing the employee to work on the document where ever they wished. Then if the document had been transmitted across a peer-to-peer network, it would've been useless to anyone else because IRM ensures only authorized users can gain access to sealed content. This would've saved Congress the embarrassment and also saved the member of staff their job.

Finally I gave in, too many people kept saying... "you should have a twitter feed for your blog updates". Many in Oracle are embracing modern methods for communicating information about our technology and I decided to jump on the band wagon. You can follow Oracle IRM on twitter and also be a fan of our Oracle IRM page on Facebook.

Oracle has built an excellent website for people to share sample code and personal projects with the Oracle community. Over the coming months we are going to be sharing a lot of code we have been using for many years to help customers build rich IRM solutions.

The first project to hit this website is our HotFolders capability which monitors folders for new content and automatically seals documents to a preconfigured classification. Martin Lambert (Oracle IRM creator and HotFolders author) has just uploaded the latest version, 1.7, of this sample project.

Access the project here, https://oracle-irm-hotfolders-java.samplecode.oracle.com/, note that you will need to register a free Oracle Technology Network account. 1.7 brings some new features;

• Post-sealing action plugins - v1.7 introduces a simple plugin architecture for extending the functionality of Oracle IRM Hot Folders. This allows Java developers to easily implement post-sealing actions for files sealed to the correct classification in designated folders (either automatically sealed by Oracle IRM Hot Folders or sealed to the correct classification before being added to the folder).
• 'Shovel' file-moving plugin - The Shovel plugin moves correctly sealed files to a new location derived from its current location by regular expression matching. A use case is where a Data Loss Prevention (DLP) solution quarantines sensitive files to a quarantine folder where it is sealed by Oracle IRM Hot Folders and then returned by the Shovel plugin to its original location. The source code for Shovel is provided to assist developers in creating their own plugins.

Keep an eye on the blog, we plan to be releasing a whole raft of new sample projects and sample code over the coming months.

Just a quick note to say that within the next 2 weeks we will be releasing version 10.1.3.5.2 of the Oracle IRM Desktop. This desktop comes with the following updates;

• Support for the recently released Windows 7 operating system
  
• Support for sealed PDF's opened with Adobe Reader 9.2
  
• Sealed email support for Lotus Notes 8.5
  
• Support for 27 different languages including Japanese, Chinese and Korean.
  
• There have also been changes in the layout of the control panel and an improved user interface.
  

This is a major release of the IRM Desktop and we expect most customers to upgrade to it after familiarization with the subtle design differences. Release notes will be made available at the time of release to Oracle Technology Network.

This morning Symantec announced the latest incarnation of their data loss prevention (DLP) technology, version 10. DLP technologies allow organizations to do discovery and monitoring of enterprise perimeters to detect the flow of sensitive information. When DLP detects something that is deemed confidential it can take some action upon it, typically this is in the form of blocking the information from continuing to be transmitted. However combining DLP with IRM means you don't have to restrict the end user by blocking their attempts to collaborate. Instead encrypt and protect the document or email so that it can be shared. IRM ensures only authorized users have access and provides advanced security controls such as revocation to the information, even after it has left the control of your enterprise networks.

We've been working with Symantec over the past month to build an integration between Oracle IRM and DLP creating the most powerful security solution of any IRM and DLP combination. Oracle IRM is the leading rights management solution for enterprise-scale document and email security. Combining these features with Symantec's leading DLP solution means customers can now have rich monitoring and detection capabilities. Instead of blocking attempts to share valuable data, this solution allows it to happen securely. We first demonstrated this capability at Oracle Open World and if you were not able to attend, we've uploaded some video demonstrations to our YouTube channel.

If you want to learn more about using Oracle IRM and DLP together contact us.

Wow, a busy two days at Oracle Open World. All the IRM team are around the demoGrounds booth W105 in Moscone West helping customers and the public learn about Oracle IRM working with the wide range of Oracle applications, content solutions, portals and of course security technologies.

From left to right, Ryan Carroll - VP IRM development, Andy Peet - IRM product manager, Martin Lambert - IRM founder and Oracle CTO

Unfortunately James Wallace-Hadrill, one of our European consultants was unable to make the conference due to a last minute customer engagement. Therefore his IRM presentation slot has fallen to myself (which i'm still working on at 10pm) and you can join me at 1:30pm on Thursday in Moscone South, room 304. If you don't get chance to be there due to travel arrangements, no worries i'll be recording all the presentation and demonstration material and putting it on our YouTube channel later in the week.

So if you are at Open World, come by W105 and say hi, we've got some very cool technology we can show you.

When talking with customers they often ask if Oracle IRM is a DRM technology. I thought I would therefore go over the main differences between the consumer technology world of DRM and the business world of IRM (or ERM/EDRM). First lets detail what the acronyms stand for.

• IRM - Information Rights Management
  
• DRM - Digital Rights Management
  
• EDRM - Enterprise Digital Rights Management
  
• ERM - Enterprise Rights Management
  
• RMS - Rights Management Services, specific to the Microsoft IRM technology
  

Whilst at first glance it might seem like all of these technologies do the same thing, DRM is the odd one out and the others can be grouped together. In the early days IRM technologies were initially labeled as ERM in an attempt to separate them from DRM, the term IRM came later as the market matured. For simplicity sake in this article, technologies such as ERM, EDRM and RMS will be discussed under the acronym IRM unless specifically mentioned.

What is the difference between DRM and IRM?

• DRM refers to technologies that control access to common media formats, such as music, video and digitally published material (e.g. high value financial analysis reports)
• IRM refers to technologies which control access to enterprise generated content, such as engineering intellectual property, HR documents, patient health records, company financial reports, sensitive email communication
• Most enterprise based technologies (although not Oracle IRM) were developed from either an existing DRM technology, or at least from the same ideals and methods

The first two points are very important with regards to how the technologies are perceived by end users and the main goal for the implementation of the technology. Consider the following scenarios.

1. You purchase a favorite song in a digital form and download to your computer. You want to play this song on both your laptop, mp3 player and also in your home CD player. Yet due to a technology used by the retailer that sold you the song, you can only play the music on a limited number of devices.

2. Your doctor stores your health information on his laptop inside documents that are encrypted and use rights controls to ensure only your doctor and authorized medical staff can open them.

DRM applies to the first situation and consumers are typically unhappy that technology is trying to dictate what they can do with content they've purchased. People are used to playing their music on a variety of devices and want to copy the information to whatever device they wish. DRM is typically about protecting the rights of the content owner from being abused, the consumer of that information doesn't necessarily care about the mis-use of the content. This has led to a constant battle between DRM technologies and the users, with thousands trying to break/hack the DRM so they can use content as they wish.

IRM however addresses a very different issue. It is about helping businesses keep secrets a secret. That information might be your health records, your personal HR data at your place of work, it might be the intellectual property your company owns which allow it to keep ahead of the competition and keep you employed. End users have a very different view of IRM, they want to use it, it helps protect them and their companies data.

So DRM focuses mainly on protecting business to consumer type content, where IRM focuses on enterprise content. This is important because it drives the technology in different ways. For instance, consider the following.

DRM protects a single file which is to only be opened by the purchaser, so the rights are embedded and delivered with the file. This works in a DRM model, because you want only the end user to access the content.

IRM typically is used in different scenarios, such as;

IRM protects a single file which is to be opened by 500 sales employees. After 6 months, 1/2 of the employees leave the company taking a copy of the file with them and another 250 people are hired. Of these people, 15 were promoted to manager and their rights to the document is increased so they are allowed to print copies.

To support the above you can't store any rights specific information in the document itself because the rights do change over time. You need to have a way to change rights to the document with having to re-distribute it. Oracle IRM does this by separating the rights from the content. Oracle IRM has, from day one, kept all rights information outside the file itself and on the network server. Access and rights are granted at the point when the document is opened. Locally cached rights, an authenticated user and the encrypted document, all come together at once.

Other IRM technologies have been developed from DRM technologies or they have used the same design methods. This is what prevents them from being truly enterprise scalable.

Finally, IRM can be used to solve some DRM problems. Oracle IRM has been successfully implemented by publishers to protect high value content in PDF documents. This is a classic business to consumer model but Oracle IRM, due to it's scalable and more effective implementation of encryption, works and can deliver an effective solution.