Oracle IRM, the official blog

UK Data Losses to Incur Fines Up to £500,000

2010-01-13T23:56:38Z

The BBC reports that the British Secretary of State for Justice has approved a new rule to empower the Information Commissioner's Office to impose fines up to £500,000 for data breaches.

Fines will be in proportion to the severity of the breach and the resources of the erring organization.

In a press release, Information Commissioner Christopher Graham, said: "Getting data protection right has never been more important than it is today. As citizens, we are increasingly asked to complete transactions online, with the state, banks and other organisations using huge databases to store our personal details. When things go wrong, a security breach can cause real harm and great distress to thousands of people. These penalties are designed to act as a deterrent and to promote compliance with the Data Protection Act. I remain committed to working with voluntary, public and private bodies to help them stick to the rules and comply with the Act. But I will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law."

Offline Access Management for IRM Encrypted Documents

2010-01-13T22:52:42Z

Perhaps the most frequent of frequently-asked-questions about IRM was put to me recently by one of my Irish colleagues:

If you have to get IRM decryption keys and access rights from an IRM server, how does that impact offline access to documents and offline creation of new documents? How do I ensure that business users can keep working when they are on customer premises, or sitting on a plane, or simply disconnected from the net for whatever reason?

All IRM solutions have, on the face of it, a similar answer: keys and rights may be cached for offline use for a defined period. Your cached rights enable you to keep working, but not indefinitely.

Offline access issues resolved? Well the devil is in the detail - and we believe that Oracle IRM offers the best available balance of security, usability, and manageability.

How so? First, let's consider how most solutions handle offline periods.

How Most Solutions Manage Offline Periods

With most solutions, every document is evaluated separately. So, when you first open Document-A, you contact the server and obtain the keys and rights for Document-A, and typically you are permitted to cache them for the offline period defined for Document-A. The clock starts ticking immediately for Document-A.

You then want to open Document-B, and you need to contact the server again because opening Document-A has no bearing on whether you can open Document-B - even if the two documents are supposedly subject to the same policy. Having been authorised to open Document-B, the clock starts ticking for Document-B. And likewise for Document-C and so on for each document you access. So, you have contacted the server several times, and now have cached rights and keys for several documents, and independent timers running for each.

The repeated communication with the server highlights a key shortcoming of most solutions. Users need to be online to gain access to each document on first use - and again when revisiting documents after the expiry of their offline periods. This constant per-document evaluation generates a lot of network traffic, and takes place even if exactly the same policy is defined for each document. Each document needs to be evaluated individually.

The fact that each document has its own timer makes it difficult for users to be confident that they will be able to work offline, and causes frustration when some documents turn out to be inaccessible even though the user knows that they are authorised.

Of course, user frustration leads to users bypassing a solution if they can - for example, by choosing not to protect documents due to the inconvenience this entails, or copying information out of documents so that they have an unprotected copy to work with.

But it doesn't end there. The natural user response to the inconvenience of the offline rights expiry is to specify a long offline period for documents that they protect. Long offline periods means less frequent inconvenience.

This pragmatic user behaviour reduces security for two reasons:

Users may continue to use cached rights for a considerable period after rights are revoked on the server
Routine policy changes take a considerable time to propagate out to all affected users because they may only refer back to the server once their cached rights have expired, which might be weeks after a policy change is configured

Most customers want to know that policy changes will be effective in a short space of time, but the user pressure for a long offline period conflicts with this requirement. Indeed, the fact that many solutions invite users to specify offline periods to suit themselves is a security and management shortcoming for many customers.

Another consequence of unpredictable, per-document timers is that users may have to make manual preparation to go offline. Rather than simply go offline, you might be expected to do a manual synchronisation step first, or required to explicitly notify the server that you are about to go offline and want to be able to work on certain documents. In practice, users won't remember to do this, and those who do remember will not appreciate the added chore.

Other attempts to address this issue involve nominating particular folders in which you will keep the documents that you want to be able to use offline, and have the IRM client software pro-actively manage rights caching for those documents. Sadly, again, users tend not to cope well with mechanisms that require them to keep things in particular locations, and there is a scalability issue if large numbers of users keep large numbers of documents in such folders.

Further, with most solutions you can only apply one offline period to each document, and some solutions require you designate documents as usable offline or only online. There is often no mechanism to differentiate between users according to role. So, if you want to offer a lengthy offline period to your most trusted users, you may have no choice but to give the same period to less trusted users.

As a related issue, with some solutions, a user will find they also need to be online when they want to apply protection to a new document. Setting up the policy and keys for the new document requires communication with the server. This leads to more frustration and, inevitably, leads to documents remaining unprotected.

So, How Does Oracle IRM Differ?

Firstly, Oracle IRM allows a single timer to run for all of the documents in a given classification. This immediately improves the predictability of the user experience. When you open Document-A, you start a timer for all documents in the same classification.

This massively reduces network traffic, and means that you do not need to be online every time you try to access a new document. Worst case, you need to be online when you encounter a new classification of document - there are far fewer of those, and we address even that potential frustration as described below.

Next, the offline period is defined as part of a user's role in each classification - different users get different offline periods for the same documents. So, your most trusted users can be given a role with a lengthy period, while less trusted users can be given a role with a short period.

Crucially, our policy model makes the entire policy set small enough for the IRM Desktop to support regular rights synchronisation for ALL of a user's rights IN ADVANCE of the user actually trying to open any documents, and to synchronise any policy changes pro-actively rather than when the offline period expires for various pieces of content.

In practice, this typically means that policy changes are propagated within 24 hours rather than several days or weeks. And this synchronisation is for ALL documents - not just the ones that the user has remembered to keep in a particular folder, or has nominated in some other way. Synchronisation a transparent process, making the solution significantly more user friendly. Users don't need to do any preparation to use content offline - they just pull the cable and go.

Automated synchronisation also means that whatever your offline period might be for a particular classification, it is regularly "refreshed" so that you don't have to worry about your rights expiring at an inconvenient time. So there is no conflict between users wanting a long offline period and security officers wanting a short offline period.

Finally, our solution does not routinely invite users to choose the offline periods to suit themselves. Offline periods are defined as part of a policy framework. This reduces variability, and removes a potential conflict between users and security officers.

Summary

For many solutions, particularly when used at scale, offline access creates significant frustrations and challenges for both business users and security officers. Oracle IRM's unique approach makes it significantly easier to balance usability, security, and manageability even for large scale deployments.

By the way, anyone using the IRM evaluation service is subject to a 3 day offline period, with daily synchronisation during office hours. The majority of those users will be blissfully unaware of this - which is precisely the point.

I hope this article has helped you understand Oracle's position on one of the most frequently asked questions. If you have any questions, feel free to drop us a line.

Keep alive public awareness of data loss, support datalossdb.org

2010-01-13T18:03:02Z

Public reporting of security issues and incidents are key to addressing security concerns and continuing to advance the methods we all use to protect our most valuable data. Without public scrutiny, we are exposed to lack of awareness which leads to lack of security through lack of knowledge.

Luckily the Open Security Foundation (OSF) do a great job of managing two very important web sites. The Open Source Vunerability Database is managed by the public community and is a great tool for tracking problems in software you may have deployed and making sure vendors are on their toes to fixing issues due to public awareness.

The second website is Data Loss Database which records all publically reported incidents where data is lost either by accident, from a result of a hack, stolen equipment etc. This invaluable database provides awareness so that organisations are able to better understand the ways in which information is at risk and therefore implement technologies to reduce risk of dataloss, such as using information rights managment.

The OSF is currently asking for donations to help these valuable services to continue to run. So open your wallet and drop some money in the direction of the Open Security Foundation... and in doing so contribute to the efforts which keep all of our information secure.

Solving the data loss prevention (DLP) puzzle and using IRM for encryption

2010-01-07T07:33:53Z

An interesting strategy guide was published recently from InfoWorld. Titled "Strategies for endpoint security", it addresses concerns and challenges businesses have regarding the protection of endpoints, namely laptops and desktop computers.

One section of the guide which caught my eye was "Five technologies that will help solve the DLP puzzle." The article discusses the following areas where "before embarking on a data loss prevention program, enterprises must first determine the essential technical ingredients.".

The first subject tackled is that of classifying information in the first place. DLPs most valuable functionality is the ability to monitor many points in the enterprise and detect the storage or movement of documents, emails and websites that contain sensitive or classified data. However one problem with DLP is how do you configure it to reflect a well designed and understood information classification policy? William Pfeifer states that "You cannot protect everything, Therefore methodology, technology, policy and training is involved in this stage to isolate the asset (or assets) that one is protecting and then making that asset the focus of the protection." Nick Selby, former research director for enterprise security at The 451 Group and CEO/co-founder of Cambridge Infosec Associates, then goes onto say the key is to develop a data classification system that has a fighting chance of working. To that end, lumping data into too few or too many buckets is a recipe for failure. "The magic number tends to be three or four buckets--public, internal use only, classified, and so on," he says.

So the recommendation is that DLP should be configured with a simple and easy to understand set of classifications. Keeping things simple in the complex world of security dramatically reduces chance of human error and increases usability. Oracle IRM is a technology that has had this message designed within its core from day one, it has a very powerful and yet simple to configure and deploy classification system. This is what makes the union of IRM and DLP such a compelling story when it comes to a comprehensive data loss prevention solution that can actually be deployed and used at an enterprise scale.

The second subject approached in the article is encryption. It's worth repeating the full statement here...

"This is a tricky one [encryption], as some security pros will tell you encryption does not equal DLP. And that's true to a point. As former Gartner analyst and Securosis founder Rich Mogull puts it, encryption is often sold as a DLP product, but it doesn't do the entire job by itself. Those polled don't disagree with that statement. But they do believe encryption is a necessary part of DLP. "The only thing [encryption doesn't cover] is taking screen shots and printing them out or smuggling them out on a thumb drive. Not sure I have a solution to that one."

No worries Rich, Oracle and Symantec have exactly the solution you are looking for. DLP detects that a document or email contains sensitive information and IRM encrypts and secures it. IRM not only encrypts the content, but it can limit the ability to take screenshots, stop printing, manage who can edit the content, who can see formulae in Excel spreadsheets, even allow for users to search across hard disks and content systems for information inside encrypted documents to which they have legitimate access...

The article continues, "Stiennon says that while all encryption vendors are not DLP vendors, applying encryption is a critical component to DLP. "It could be as simple as enforcing a policy," he says. "When you see spreadsheets as attachments, encrypt them."

Or more specifically, when you see any sensitive document or email, seal them with Oracle IRM! For more information on how IRM and DLP technologies can work together, have a read of this.

IRM for CRM - Protection and Auditing for CRM Reports

2009-12-22T15:38:47Z

In a recent article on ComputerWorld, David Taber highlighted the need to "prevent key CRM data from walking out the door", observing that "Your employees not only have access to a significant amount of data, but also know what the data means and how to separate the marginal from the important." and that "Given the number of layoffs and the turnover of sales reps these days, the risk has grown."

David goes on to comment "If a user is allowed to run any reports, they can typically run almost all of them and export the results to a CSV file." - which they may then print or distribute as they choose. There are tools that can block the usage of CSV files, but actually you want to target just the ones that pose a risk.

Amongst the recommendations made to mitigate the resultant risk, it is proposed that an organization should "dramatically limit" the use of mass import/export tools.

The problem with this recommendation, and with the suggestion that you might block the creation of CSV files, is that while seeking to reduce risk it also reduces the usefulness of the CRM system to its users. The data export function exists to help employees make use of CRM data - to get their jobs done. The tension between security and usability is clear.

Within Oracle, we use IRM to address exactly this issue by sealing CSV files as they are created by the export function. This allows the employee to run whatever reports they need as usual, but protects the data automatically. This approach has no impact on any other uses of the CSV format - the protection is targeted on the files that constitute a risk.

The export files are sealed to a classification that allows them to be shared with other Oracle employees, but guards against accidental or malicious exposure to 3rd parties. As and when the employees leave the company, their rights are automatically revoked. Simple.

Sealing also addresses another concern raised in the article - the creation and usage of the export data is fully audited.

Streamline and Secure your Oracle Applications with Oracle's Identity Management and Data Security solutions

2009-12-15T23:28:02Z

It seems to be the season for online webcasts and seminars. Another series about to start looks at how Oracle security solutions can help customers using any of the Oracle applications. Tomorrow is the first of a 4-part iSeminar series to learn how Oracle Identity Management and Data Security solutions are helping our Oracle E-Business Suite, PeopleSoft, Siebel and JD Edwards EnterpriseOne customers extend their existing investment. See how they are drastically improving service levels, reducing the cost and complexity of compliance and ensuring the protection of sensitive data while accelerating core business processes. Head here for full details of the conference...

Oracle IRM plays an important part in this story. Securing the database in use by the application, securing the communication from database to application and controlling access to the application is not complete without the ability to ensure that sensitive information exported from the application can be secured and persistantly controlled. Oracle IRM provides this ability so that documents downloaded from the application are protected no matter where they resides, inside and outside the firewall.

There are also 3 more seminars running next year to cover the other applications.

January 20, 2010  Part 2: Oracle PeopleSoft
February 17, 2010  Part 3: Oracle Siebel
March 16, 2010  Part 4: Oracle JD Edwards EnterpriseOne

Oracle IRM December webcast now available as a replay

2009-12-15T19:10:27Z

The second of our online IRM webcasts went really well and we had an even bigger attendance than the first. For those that were not able to attend and would like to listen at their own pace, an archive of the webcast is available.

If you're tempted to learn more about IRM, visit our YouTube channel or contact us for access to one of our evaluation services. You can also try Oracle IRM right now by registering to access our free sample secured content.

Privacy watchdog warns about unacceptable level of data loss, highlighting the NHS

2009-12-14T19:58:29Z

The Information Commissioner's Office (ICO) is continuing to raise awareness of data loss and highlights that in 2010 companies need to do more to protect customer and patient information. In a recent report they quote;

"Unacceptable amounts of data are being stolen, lost in transit or mislaid by staff. Far too much personal data is still being unnecessarily downloaded from secure servers on to unencrypted laptops, USB sticks, and other portable media."

The warning from the office comes with news that the worst offenders are in the health care industry. "We have investigated organisations, including several NHS bodies, that have failed to adequately secure their premises and hardware, which has left people's personal details at risk," said Mick Gorrill, the assistant commissioner with responsibility for investigations.

In the same month the ICO also released an excellent and much needed plain english guide to data protection.

Looking at the results of current research and also at the findings of risk assesments, Information Rights Management is a technology well designed to provide a fast solution to the loss of data in environments where security is hard to enforce. How do you control access to content that is lost by someone you've sent it to at another location outside your firewall? Oracle IRM provides the ability to secure and track that information no matter where it resides.

Loss of data in 2010 is to get more expensive as new laws allow the ICO to implement fines. David Smith, Deputy Information Commissioner, says: "Since November 2007 we have taken action against 54 organisations for the most reckless breaches in line with our commitment to proportionate regulation. Some of these breaches would trigger a significant fine for organisations were they to occur after the introduction of monetary penalties in 2010. We are keen to encourage organisations to achieve better data protection compliance and we expect that the prospect of a significant fine for reckless or
deliberate data breaches will focus minds at Board level."

If you want to learn more about Oracle IRM, have a look at some of the videos on our YouTube channel and please contact us if you want to undertake a free evaluation.

Information Rights Management top of the Christmas list?

2009-12-14T16:42:37Z

We come to the end of a busy year and we've seen a lot of examples over 2009 of data loss that could have been prevented. Computer Weekly have agreed and placed the loss or theft of customer data at the top of their Christmas wish list asking, "what will CEOs be asking CIOs to give them for Christmas?"

1. No more customer data nightmares

The loss or theft of confidential customer data makes headline news these days. Whether you are a public sector body such as the HMRC or a private organisation such as T-Mobile, both of which have been embroiled in high-profile data loss incidents, the damage to reputation is massive. Could technologies such as information rights management software, which make data impossible to read once outside an organisation, be top of the wish list?

Enabling Oracle IRM web services

2009-12-08T19:16:07Z

Many people have been asking recently how to enable web services in the 10gR3 IRM server. By default they are not enabled and you need to do the following.

Stop the IRM Server service. The service name is Oracle Information Rights Management Server and can be found in the services list.
Open the server.properties file in a text editor such as Notepad. This file is located under the installation directory. The default location is as follows:

%Program Files%\Oracle\Information Rights Management\ls\properties\server.properties
Locate the configuration setting called sealedmedia.server.plugins.

sealedmedia.server.plugins=...

Append to the end of the setting the location of the IRM Server Web Services plugin. This file will have been installed with the IRM Server.

sealedmedia.server.plugins=[existing settings],c:\\Program Files\\Oracle\\Information Rights Management\\ls\\bin\\smsoapp.dll

Note the use of the comma (,) to delimit plugin DLLs and the use of double backslashes.
Save the server.properties file.
Re-start the Oracle IRM Server

To confirm the Web Services are enabled open a browser and navigate to http://localhost:80/sm/wsdl/oracleirm.wsdl The browser should download/display the WSDL document for the IRM Server. Note, change the port if you have configured the server to listen on something other than port 80.

The importance of balancing security, usability and manageability

2009-11-25T19:49:46Z

Security solutions that are poorly designed and difficult to use don't work, if security presents a significant hurdle for user adoption, it simply won't get used and people will just workaround it.

With this in mind, I had an excellent meeting this week with a customer interested in Oracle IRM. Right from the start they commented that whatever information rights management solution they implement, it must be simple and easy for end users and the business to use and deploy. This is exactly the opinion we have when developing Oracle IRM. We've built a solution which gives the customer the ability to balance all three.

Sometimes people spend so much time wanting to understand how our crypto works, how long the keys are, how do we ensure the security of the content when it's decrypted and passed to the rendering application and how good the screen capture functionality is. These are all very important technical issues which we address, yet it is just as important to understand how the powerful classification model, the transparent synchronization of rights, separation of rights from content, ability to search in sealed content, all contribute to an easy to use and effective to manage technology.

Experience this for yourself, just go have a look at the easy to use self service Oracle IRM demonstration.

Moving secured documents between Oracle IRM Hot Folders

2009-11-25T19:02:13Z

A customer recently asked how do they handle the following;

A document which is in IRM protected folder A is now moved to IRM protected folder B. In such a case what will happen to the classification tied to the document? Will the earlier classification remain with the document or the document will now inherit the new classification which is B.

The customer is looking at using our Hot Folders functionality which monitors folders for new files and automatically seals them to the correct classification. The problem is, what happens if a user moves a sealed document from one Hot Folder to another?

Oracle IRM Hot Folders can be configured to associate different classifications with the A and B folders and then take one of several alternative actions if it encounters a file sealed to the A context in the B folder:

It can warn (to the log) and do nothing. This is the default.
It can quarantine the file to another folder.
It can reseal the file to the B context.

In the last option the user account under which IRM Hot Folders is operating must have the appropriate rights in the source (A) and destination (B) contexts. Also - IRM Hot Folders (and the underlying IRM web services) only support resealing between contexts defined on the same IRM Server.

So it's the customer's choice as to what to do, no need to write any code, just configure the software.

Oracle IRM webcast replay available

2009-11-25T16:30:09Z

Last week we had a great attendance to our online webcast. For those that were not able to attend and would like to listen at their own pace, an archive of the webcast is available.

We do however have another webcast on Thursday, Dec. 3, 2009 10 a.m. PT / 1 p.m. ET, so if you want to ask me any questions feel free to register.

Encrypted Document Ownership: Whose File is it Anyway?

2009-11-14T23:37:46Z

A frequently asked question is: "What happens when the person who encrypted a number of files leaves the organization?". The concern behind the question is that an organization might find itself locked out of its own information assets, with critical business processes being held up while administrators figure out how to regain control so that policy can be amended as required.

A related question is: "What happens when an author changes role?". Most IRM solutions reserve special privileges for the original authors of documents, such that they may retain access after moving away from a particular project or role, creating security and compliance issues. They may also continue to be called upon to modify policy for those documents long after they have moved out of the relevant position.

With most solutions, the reponse is not to worry because a superuser can always identify all of the documents owned by the outgoing user and transfer their ownership to someone else. Unfortunately, this means that IT override of access rights is a matter of routine, as staff turnover is an ongoing process. It also means that the new owner suddenly becomes responsible for, potentially, a large number of documents protected in a variety of ways by someone who can no longer be referred to for clarification.

With Oracle IRM, the answer is much cleaner. In standard deployments, the solution places no particular significance on who authored a document - documents belong to their classifications rather than to the individuals or applications that created them. If an author leaves the organization or the project, their documents continue to be protected according to classification policy. The author himself may well lose access rights because his account has been deleted, or because his rights have been updated to reflect a change of responsibilities within the organization.

The focus shifts, therefore, to the classification or context managers. What happens when they move on? In most cases, the role of classification manager is shared by a small number of business users, so the depature of one has no impact. If not, the departing user simply transfers their responsibility to an appropriate successor. This is a simple task that does not involve IT intervention and does not involve revisiting each of the individual documents.

And what of the admin burden for the incoming classification manager - suddenly responsible for managing rights to, potentially, thousands of documents? Well, one of the key benefits of the classification model is that the new manager can think in terms of policy for one classification rather than for thousands of distinct documents.

So, Oracle IRM does not suffer the administrative overhead that staff turnover creates for rival solutions. The overall policy set is small, it is managed by a small subset of users, and the responsibility is easily transferrable without IT intervention. There is no need for IT to be granted rights to override policies defined by the business.

New Oracle IRM Desktop released and supports Windows 7

2009-11-11T20:17:12Z

Released today is the latest version of the client software in the Oracle IRM technology suite, the IRM Desktop. As part of the move of the technology into Oracles Fusion Middleware platform the new release now supports the following 27 languages!

Arabic	German	Portuguese
Chinese - Simplified	Greek	Portuguese - Brazilian
Chinese - Traditional	Hebrew	Romanian
Czech	Hungarian	Russian
Danish	Italian	Slovak
Dutch	Japanese	Spanish
English	Korean	Swedish
Finnish	Norwegian	Thai
French	Polish	Turkish

To ensure compatibility with the latest platforms we have also added support for;

Windows 7 operating system
Adobe Reader 9.2
Lotus Notes 8.5

Other headline features in this new release are;

Right-click Unseal option

If you have the right to save a sealed document as an unsealed copy (that is, to unseal a document), you can now do so by right-clicking the file name or icon and selecting the Unseal command (for example, in Windows Explorer or on the Windows desktop). This feature is available only for individual files: it is not available for multiple files, that is, at folder level.

Choices about what happens to the unprotected originals of sealed files

In previous releases, the original version of a sealed file was always retained in its unsealed state. In this release, the former behavior remains the default, but you can also choose to move the original file to the Recycle Bin or to "not retain" it. These options are available on the Desktop Sealing tab of the Oracle IRM Desktop Options dialog. If you choose the "Do not retain" option, the original file will be removed after a sealed version has been created. This is a normal file system deletion, not a complete destruction of the file, so if you are concerned that this does not provide adequate security, you may want to consider further action.

You can download this version from the Oracle Technology Network (OTN). More information can also be found in the release notes.