Thursday Feb 10, 2011

Energy Firms Targetted for Sensitive Documents

oilwell.jpg
Numerous multinational energy companies have been targeted by hackers who have been focusing on financial documents related to oil and gas field exploration, bidding contracts, and drilling rights, as well as proprietary industrial process documents, according to a new McAfee report.

"It ... speaks to quite a sad state of our critical infrastructure security. These were not sophisticated attacks ... yet they were very successful in achieving their goals," said Dmitri Alperovitch, McAfee's vice president for threat research.

Apparently, the attacks can be traced back over several years, creating a sustained security compromise that has provided access to highly sensitive information that is of huge financial value to competitors.

The value of IRM as an additional layer of protection is clear. Whether your infrastructure security is in a sad state or is state of the art, breaches are always a possibility - and in any case, a lot of sensitive information is shared with third parties whose infrastructure security might not be as good as yours. IRM protects the individual information assets directly so that, even if infrastructure security is compromised, your critical information is enrypted and trackable and only accessible to authenticated, authorised, audited users.

The full McAfee report is available here.

 

 

Thursday Jan 06, 2011

Renault under threat from industrial espionage, intellectual property the target

renault.jpg
Last year we saw news of both General Motors and Ford losing a significant amount of valuable information to competitors overseas. Within weeks of the turn of 2011 we see the European car manufacturer, Renault, also suffering. In a recent news report, French Industry Minister Eric Besson warned the country was facing "economic war" and referenced a serious case of espionage which concerns information pertaining to the development of electric cars.

Renault senior vice president Christian Husson told the AFP news agency that the people concerned were in a "particularly strategic position" in the company. An investigation had uncovered a "body of evidence which shows that the actions of these three colleagues were contrary to the ethics of Renault and knowingly and deliberately placed at risk the company's assets", Mr Husson said.

A source told Reuters on Wednesday the company is worried its flagship electric vehicle program, in which Renault with its partner Nissan is investing 4 billion euros ($5.3 billion), might be threatened. This casts a shadow over the estimated losses of Ford ($50 million) and General Motors ($40 million).

One executive in the corporate intelligence-gathering industry, who spoke on condition of anonymity, said: "It's really difficult to say it's a case of corporate espionage ... It can be carelessness." He cited a hypothetical example of an enthusiastic employee giving away too much information about his job on an online forum.

While information has always been passed and leaked, inadvertently or on purpose, the rise of the Internet and social media means corporate spies or careless employees are now more likely to be found out, he added.

We are seeing more and more examples of where companies like these need to invest in technologies such as Oracle IRM to ensure such important information can be kept under control. It isn't just the recent release of information into the public domain via the Wikileaks website that is of concern, but also the increasing threats of industrial espionage in cases such as these. Information rights management doesn't totally remove the threat, but abilities to control documents no matter where they exist certainly increases the capabilities significantly. Every single time someone opens a sealed document the IRM system audits the activity. This makes identifying a potential source for a leak much easier when you have an absolute record of every person who's had access to the documents.

Oracle IRM can also help with accidental or careless loss. Often people use very sensitive information all the time and forget the importance of handling it correctly. With the ability to protect the information from screen shots and prevent people copy and pasting document information into social networks and other, unsecured documents, Oracle IRM brings a totally new level of information security that would have a significant impact on reducing the risk these organizations face of losing their most valuable information.

Wednesday Jan 05, 2011

IRM and Consumerization

tablet.png
As the season of rampant consumerism draws to its official close on 12th Night, it seems a fitting time to discuss consumerization - whereby technologies from the consumer market, such as the Android and iPad, are adopted by business organizations.

I expect many of you will have received a shiny new mobile gadget for Christmas - and will be expecting to use it for work as well as leisure in 2011. In my case, I'm just getting to grips with my first Android phone.

This trend developed so much during 2010 that a number of my customers have officially changed their stance on consumer devices - accepting consumerization as something to embrace rather than resist.

Clearly, consumerization has significant implications for information control, as corporate data is distributed to consumer devices whether the organization is aware of it or not. I daresay that some DLP solutions can limit distribution to some extent, but this creates a conflict between accepting consumerization and frustrating it.

So what does Oracle IRM have to offer the consumerized enterprise?

First and foremost, consumerization does not automatically represent great additional risk - if an enterprise seals its sensitive information. Sealed files are encrypted, and that fundamental protection is not affected by copying files to consumer devices. A device might be lost or stolen, and the user might not think to report the loss of a personally owned device, but the data and the enterprise that owns it are protected.

Indeed, the consumerization trend is another strong reason for enterprises to deploy IRM - to protect against this expansion of channels by which data might be accidentally exposed. It also enables encryption requirements to be met even though the enterprise does not own the device and cannot enforce device encryption.

Moving on to the usage of sealed content on such devices, some of our customers are using virtual desktop solutions such that, in truth, the sealed content is being opened and used on a PC in the normal way, and the user is simply using their device for display purposes. This has several advantages:

  • The sensitive documents are not actually on the devices, so device loss and theft are even less of a worry
  • The enterprise has another layer of control over how and where content is used, as access to the virtual solution involves another layer of authentication and authorization - defence in depth
  • It is a generic solution that means the enterprise does not need to actively support the ever expanding variety of consumer devices - the enterprise just manages some virtual access to traditional systems using something like Oracle Secure Global Desktop  or Citrix or Remote Desktop.
  • It is a tried and tested way of accessing sealed documents. People have being using Oracle IRM in conjunction with virtual desktops for several years.

For some scenarios, we also have the "IRM wrapper" option that provides a simple app for sealing and unsealing content on a range of operating systems.

We are busy working on other ways to support the explosion of consumer devices, but this blog is not a proper forum for talking about them at this time. If you are an Oracle IRM customer, we will be pleased to discuss our plans and your requirements with you directly on request. You can be sure that the blog will cover the new capabilities as soon as possible.

Thursday Dec 23, 2010

Oracle IRM Desktop update

 

christmas-presents.jpg

Just in time for Christmas, we have made a fresh IRM Desktop build available with a number of valuable enhancements:

 


  • Office 2010 support
  • Adobe Reader X support
  • Enhanced compatibility with SharePoint
  • Ability to enable the Sealed Email for Lotus Notes integration during IRM Desktop installation

 

The kit is currently available as a patch that you can access by logging in to My Oracle Support and looking for patch 9165540. The patch enables you to download a package containing all 27 language variants of the IRM Desktop. We will be making the kit available from OTN as soon as possible, at which time you will be able to pick a particular language if preferred.

Friday Dec 17, 2010

Wikileaks Cablegate, could Oracle IRM have helped?

Wikileaks Logo
I've been asked many times over the past month about how IRM could help with the saga playing out in the news regarding Julian Assange and Wikileaks. There must be a lot going in within certain US government agencies right now as the backlash of the constant release of information not only causes pain for US security departments, but also across the globe as the cables detail all sorts of sensitive and embarrassing information.

I won't go into the question of why this was possible in the first place, why so much information could be extracted en mass, but I will comment on how IRM could play a part in a solution to prevent something like this in the future.

Once it's out, it's out...

One thing the release of this information is demonstrating, is as soon as you've lost control of information, it's gone. Once those cables existed as clear text on a website, they were quickly copied, distributed via Torrent networks and mirrored at a rate that it is now impossible to destroy all evidence of these files. This is a problem with a lot of security technologies today, they focus either on the location, the network or a gateway to define access to information. If that information leaves these protected areas, then it can travel very quickly and multiply at an amazing rate.

 

This is the real value of IRM over hard disk encryption, DLP, PGP etc. Most security technologies that use encryption only do so whilst the information is at rest or in transit. Then typically an access control mechanism defines who has the ability to access and decrypt that information. PGP for files is the best example. Say you secure a document with PGP. It wraps the file up with encryption, you can then safely store this file anywhere, on a USB key, on a hard disk or website. You may then want to share the encrypted file with a trusted person via email, you then have to give them the ability to decrypt it. It is at this point where the real threat begins. PGP decrypts the file back to the user and they can then store the unprotected file where they like. Sure DLP can detect this and try and block it, but this becomes impractical when the user NEEDS to decrypt and open the file, or when you are sharing the information with a supplier who can't install your DLP agents.

 

IRM provides persistent protection, it's never in the clear

IRM makes sure the information is ALWAYS protected, even when in use. I'm not familiar with the system that contained the information Wikileaks is exposing, but most likely this was some custom application storing the data in a secure database. The application probably has some secure access control mechanism in place to ensure only authorized users can login to the application and see classified information at their security level. But the application ultimately delivers the information in a format that is easily copied. In fact the masses of information Wikileaks has acquired implies the application which stored it had easy ways to access data en mass. An RSS feed? It would be trivial, for an authorized user, to export masses of information from an RSS feed into another format and ship this over to Julian and his crew.

 

 

What specifically does IRM do to keep control over information?

IRM on the other hand would never have allowed the information to be exported into an insecure location. IRM provides the following such features to defend against this type of risk.

  • Most importantly every IRM secured document or email requires authentication every time you open it. Even if you do copy thousands of IRM secured documents to your local computer, you need to authenticate every time you open them.
  • If you have the ability to open an IRM document, you cannot use the clipboard to cut and paste the information into another unsecure environment. IRM ensures that information STAYS inside the secured document. Even if you try to use a programmatic approach and access the information via the application document object model, IRM protects and defeats that as well.
  • You can't easily take screen shots of the information either, IRM protects against that. Sure there are ways to get around this (take a photograph of your computer screen), but Wikileaks is stating to have 251,287 documents. I wonder how long it would take to photograph every one?
  • You can place dynamic watermarks in IRM secured content. So even if you DID take 250,000 photographs, your login id, computer name, time/date is going to appear in them all. Good luck sitting down in Photoshop editing out the watermarks for 250,000 digital photos.
  • Every time you open an IRM protected document it generates an audit. So if someone with the authority to open lots of secured content starts opening thousands of files, the activity is going to be very visible. Want to know who spent all their spare time taking pictures of his monitor, editing all the images in photoshop and passing them to an illegitimate source? Just run one audit report.
  • IRM rights to secured content can be removed at any time. So if your audit report starts to show mass opening of content, you can detect this and revoke that persons access very quickly.

 

 

Could Oracle IRM have been used?

Absolutely. IRM supports HTML, TXT, CSV, DOC, and other popular formats. The application could have delivered the classified information via an RSS feed. Users would be authenticated when they access each piece of information and they can also take copies to store where they like. Centrally the department would have complete visibility of who is accessing what. Different classifications of information (secret, confidential) can be enforced even when someone takes a file and forwards it via email onto someone else. Most importantly of all, if someone were to copy 250,000 IRM protected documents, zip them up and stick them on a BitTorrent network... the information is still safe.

 

The Oracle IRM server also has a very extensive set of APIs with a plug in architecture that can support any classification model you want. This means the integration of the technology with a secured application is possible and sustainable.

I'm sure we are going to see an increase in the use of IRM technologies over the coming months as the questions over how Cablegate was possible trickle through the information security departments of governments and other organizations. If you'd like to know more about how this technology can help your organization, please contact us and we can go into detail.

Thursday Dec 09, 2010

Setting Up IRM Test Content

A feature of the 11g IRM Server that sometimes gets overlooked is the ability to set up some test content that any IRM user can access to verify that their IRM Desktop can reach the server, authenticate successfully, and render protected content successfully. Such test content is useful for new users, and in troubleshooting scenarios.

Here's how to set up some test content...

In the management console, go to IRM - Administration - Test Content, as shown.

em-test-menu.png

The console will display a list of test content - initially an empty list.

Use the Add option to specify the URL of a document or image, and define one or more labels for the test content in whichever languages your users favour.

em-add-content.png

Note that you do not need to seal the image or document in order to use it as test content. Nor do you need to set up any rights for the test content. The IRM Server will handle the sealing and rights assignment automatically such that all authenticated users are authorised to view the test content.

Repeat this process for as many different types of content as you would like to offer for test purposes - perhaps a Word document, a PDF document, and an image.

To keep things simple the first time I did this, I used the URL of one of the images in the IRM Server's UI - so there was no problem with the IRM Server being able to reach that image. Whatever content you want to use, the IRM Server needs to be able to reach it at the URL you specify.

Using Test Content

Open a browser and browse to the URL that the IRM Desktop normally uses to access the IRM Server, for example:

http://irm11g.oracle.com/irm_desktop

If you are not sure, you can find this URL in the Servers tab of the IRM Options dialog.

Go to the Test tab, and you will see your test content listed. By opening one of the items, you can verify that your IRM Desktop is healthy and that you can authenticate to the IRM Server.

test-page.png

Tuesday Nov 02, 2010

Oracle IRM and Device Control

device-stack.png
Another question from a colleague - what controls and options does Oracle IRM provide over the use of multiple devices? What happens if a user has a laptop and a PC and wants to use sealed content on both?

The Default Configuration

By default, each user can use one device at a time. The IRM Desktop provides the server with some information to uniquely identify the user's device. If the user connects from a different device, the server informs the user that their rights are already in use and declines to issue rights to the second device. Simple.

The Rationale

This device control helps prevent credential sharing. If the user gives their credentials to another user, or is the victim of key-logging or some other exposure of their credentials, the other user cannot simply contact the IRM Server and gain the benefit of the first user's rights.

This is an important control in many deployments, including publishing deployments where users might try to avoid paying for content individually.

Any attempt to share credentials in this way will show up in the audit trail. Some customers tell me that this constraint and auditability for multi-device usage is a key reason for choosing Oracle IRM.

So, Oracle IRM defaults to the most secure configuration - limiting each user to one device at a time.

The Catch with the Default

In many organisations, it is standard to have a desktop PC and a laptop. Users also need to be able to switch devices when, for example, they buy a new laptop.

The default configuration is good for security, but not always so good in usability terms. As always, our goal is to give you options that let you choose the right balance of security, usability, and manageability for your organisation.

Using Multiple Devices Despite the Default Configuration

Before discussing non-default options, what choices do you have with the default state?

 


  • Wait for the offline period to expire on your first device. The server can issue rights to your second device as soon as the cached rights have expired on the first.

     

    This is not ideal. In most deployments, the first device is constantly refreshing its offline period by synching regularly with the server. Even where this is not true, you might have to wait a couple of days or more for the offline period to expire.

  • Manually check in your rights from the first device and then use the second device.

     

    Checking in is easy enough, but it is preferable to avoid users needing to understand such details of the solution.

  • Ask the administrator to check in your rights at the server end.

     

    This caters for situations where, for example, you have lost your laptop and therefore cannot check the rights in from the desktop end. However, it adds to the management burden.

 

In all cases, these options enable you to switch from one device to another in a controlled, audited way, but the user is limited to one device at a time. Depending on your deployment, the default configuration could be undesirable, although it does help defend against password theft or sharing.

The Configurable Option

The Device Count parameter enables you, as a matter of service policy, to define how many devices users can use.

device-count.png

The server will issue rights to the specified number of devices per user, such that the above check-in options are rarely necessary - but there is still a limit.

The Benefit

The Device Count parameter enables a customer to define their own balance of security, usability, and manageability. By setting a limit of two or three, you enable legitimate usage of multiple devices and reduce the management burden. There is a slightly increased risk of account sharing, but it is defined by your policy and backed up by the audit trail. As a simple example, the following image shows that the user "mabrahams" is consistently using a device with an obviously corresponding name.

device-audit.png

If you see evidence that "mabrahams" is using several different devices - some apparently belonging to other users - you might want to investigate. It would be pretty simple to write a report to flag up such evidence.

By contrast, some solutions offer no device control, or enforce a large, hard-coded device limit such as 25. Either way, you don't get to choose your own level of risk. In addition, audit facilities are sometimes very technical in content, requiring considerable expertise to identify potential abuse.

Thursday Oct 28, 2010

How to Get the Most Bang for Your Information Security Buck

profit_logo.gif

I was recently asked to write an article for one of the Oracle publications, Profit Online, commenting on the recent PricewaterhouseCoopers global survey on security. The article discusses the state of securty budgets, their effect on the information security or business and the awareness of and increasing threat from security incidents. You can read the full article over at oracle.com.

Monday Oct 18, 2010

Document security in the real world, experience from the field

BrandonCrossLogo.png
I've invited Justin Cross from Brandon Cross Technologies to share some of the experience gained in the industry when implementing IRM solutions. So over to you Justin...

I began working with IRM at SealedMedia and I have seen it grow and mature through the refinement which only comes from many, many real world deployments, where we need to apply thoughtful consideration to the protection of real business information, against real security risks; while keeping real business users happy and assured that the technology wont get in the way.

I decided take on the challenge of forming my own company, Brandon Cross Technologies, just as SealedMedia were being acquired by Oracle. As Brandon Cross Technologies I've had the good fortune of working with a number of vendors, including Oracle, to provide the consultancy to successfully deploy software which requires an understanding of how software really gets used in practice, by real people, as well the technical know-how.

We have recently been working with some of the largest oil & gas and telecom companies, among others, to deploy their IRM solutions to address their concerns regarding the dramatic increase in data security threats.

 

Secure from the inside


Despite the best efforts of virus checkers and firewalls, platform vulnerabilities and malware provide lots of scope for bad guys to punch holes in your defences, disrupt your systems, and steal your data. If you ensure your own business users can only access and use information they legitimately require, while retaining the ability to revoke that access, then any external threat will be no more able to extract information from your organisation than your own people. Information Rights Management therefore enables us to limit the threat from perimeter security breaches, as well as potential misuse of information by legitimate business users.

 

 

User buy-in


As with other security solutions, successful IRM deployments must be simple to use and work without impeding existing business processes. Any solution which slows or limits a business user's ability to do their daily work will be unpopular, but more importantly the user may actually end up putting business information at greater risk by avoiding such systems. In the case of IRM, users may create, request, distribute or keep unprotected files, or use an IRM Context or document classification intended for less sensitive information to avoid the more stringent controls intended by the business.

 

Of course once information is IRM protected it is under the full control of the appropriate information owner; but it does need to be sealed / protected in the first place. Protecting information using IRM needs to be a continual, business-as-usual process. While IRM provides simple tools to protect information, manual protection does involve the user making the decision to protect information as it is created, and being in the habit of doing so. This can be addressed through creation of clear guidelines, policy requirements and training.

 

Integrated solutions


Protecting information using IRM should be performed at the earliest point in the information life cycle. One way to ensure information is appropriately secured using IRM is to automate the protection / sealing process. Oracle IRM has open programmatic interfaces which allow information to be sealed and for rights to be programmatically managed. This allows IRM protection to be integrated with other content management, workflow and security products.

 

For example Oracle IRM can be integrated with SharePoint, ensuring that any documents which are added into a SharePoint site are automatically IRM protected as they are uploaded. Information is then protected in storage, protecting against privileged users with server access, while still allowing documents to be found by keyword search using Oracle's unique search capabilities. Automated protection can therefore allow users to collaborate in the normal way without having to make the conscious decision to protect it first, or even needing to be aware that such a step is necessary. In this way, taking the manual protection step away from users, the level of usage and consistency with which IRM protection is applied can be substantially improved.

Another policy enforcement technology which can be used in conjunction with IRM is DLP (Data Loss Prevention). There are a variety of vendors which provide DLP solutions and, as with IRM, these solutions work in a variety of ways with different features and capabilities. What they do have in common is the ability to monitor the movement of data within your organisations network, with many also having the ability to control that movement. Some will purely monitor network communications using dedicated network appliances; others monitor file system, device and inter-process communications at the desktop. These capabilities can be used to make sure data does not leave your systems and networks without the necessary IRM protection being applied.

 

Brandon Cross Technologies


Brandon Cross Technologies is based in the UK, but has delivered projects internationally. It believes it is possible to take the pain and uncertainty out of deploying client-server and web based technologies, simply through listening to customers and sharing experience and expertise.

 

http://www.brandoncross.co.uk/
http://www.irmprotection.co.uk/

Thursday Oct 14, 2010

New Release of Oracle IRM Wrapper version 1.5.0

The wrapper tool has been updated again - this time to provide an installer script for Linux systems, and to improve compatibility between the IRM Desktop and the wrapper when installed on the same machine.

For further info, see the 1.4.0 announcement.

If you download and experiment with this tool, drop us a line to let us know how you get on.

Auditing IRM Protected Content - updated

[Read More]

Tuesday Oct 12, 2010

Quick guide to Oracle IRM 11g: Sample use cases

Quick guide to Oracle IRM 11g index

Oracle-IRM-Quick-Guide-Logo-Regular.gif
If you've been following this guide step by step, you'll now have a fully functional IRM service and a good understanding of how to start creating some contexts to match your business needs to secure content. The classification design article in the guide goes over some essential advice in creating your classification model in IRM and what follows is additional information in the form of common use cases that I see a lot in our customers. For each I'll walk through the important decisions made and resulting context design to help you understand how IRM is used in the real world.

Contents

Work in progress

Let's look at the use case of a financial reporting process where highly sensitive documents are created by a small group of executives. These work in progress (WIP) documents may change content quickly during review and therefore it is important that the wrong and inaccurate versions of the documents do not end up outside the working group. Once a document is ready for wider review it is then secured against another context with a much wider readership. All the unapproved documents are still secured against a context available only to the initial working group. Finally the document is approved to be published and becomes public knowledge. At which time the document may change format, e.g. from a sealed Word document to an unprotected PDF which has no IRM protection at all. This is a nice example of how IRM can protect content through its life.

Financial Reports - Work In Progress (Standard template)
Role Assigned Users & Groups
Contributor Finance Executives
Reviewer Company Board
Reader - No Print bill.smith@abc-attorneys.com
Financial Reports - Review (Standard template)
Contributor david.lee (VP of Finance)
alex.johnson (CFO)
Reviewer Legal Executives
Finance Executives
Company Board
bill.smith@abc-attorneys.com
Financial Reports - Published (Export template)
Contributor with export alex.johnson (CFO)

The first context secures work in progress content. Participants are identified as those who are involved in the creation and review of the information and are given contributor and reviewer roles respectively. Note that in this use case there is an attorney privy to the information who is external to the company. However due to the sensitive nature of the material, this external person has been given very restrictive rights, essentially they can only open the content, no printing, editing etc. The offline period for this role may be a matter of hours, allowing the revocation of access to the documents in a very timely manner.

After several iterations of the report have been created, it needs to be reviewed by a wider audience of executives. At this point David Lee (VP of finance) or Alex Johnson (CFO) have the authority to reseal the latest revision to the review context. Therefore there is a trust relationship between the WIP context and the Review context to allow this information to be reclassified. David and Alex are the only authorized users to be able to perform this task and therefore provide a control point for the reclassification of information. Note also that the external attorney now has the ability to review this reclassified document. The Reviewer role allows them to edit, print and use the clipboard within the bounds of the document. Their access to the previous, more sensitive versions remains unchanged.

One aspect of the reviewer role is that in Word change tracking is enforced. This means that every change made in the entire review process is tracked. Up until this enforcement with Oracle IRM, change tracking in Word was only useful if you trusted the end user to not switch it off. IRM brings security to this simple functionality and makes it a powerful tool for document review. Imagine if this was a contract negotiation process, you can be assured that every change to the contract has been recorded.

Finally, the last stage of the life cycle for this financial document is the approval of the report to be released to the investors, employees and the public at large. There is one more context which only the CFO has access to. This context allows for the export of the unprotected document so that it resides outside the realm of IRM security. Such a powerful role is only given to a highly trusted executive, in this example the VP. Again, IRM still protects all the previous versions of content that contain information not appropriate for public consumption.

All the steps in this use case are easy and familiar for the users. All they are doing is opening, editing and working with Word and Excel documents, activity they are used to performing. They may find a slight inconvenience if they are prevented from printing or cut and pasting content into a non-secure location, but overall they require little to no training on how to use IRM content.

Using IRM with a classification model

There are customers with a very mature security strategy which includes a clearly defined and communicated classification policy implemented with procedures and technology to enforce controls and provide monitoring. When IRM is added to the mix of security technologies it is common for the customer to ask how to implement their existing security classification system within IRM. When we deployed IRM at Oracle this was the first point of reference when trying to determine the correct convention for the creation of IRM contexts.

Before we go into the detail of this, it is worth noting that in this use case we are manually recreating elements of an existing security policy inside IRM. There may well be a situation where another product contains all this logic and replicating the information inside IRM would be redundant and costly. For example the Oracle Beehive 2.0 platform is integrated with IRM and as such IRM doesn't use the built in context model but simply leverages the existing security model inside Beehive. So it is possible for Oracle IRM to externalize the entire classification system. This however requires consulting effort which may or may not be appropriate for the return in automation.

But back on topic, let's look at what a security classification model looks like. A common standard that people work to is the ISO 17799 guidelines which was the result of a group of organizations documenting their best practice for security classification. Below is an example of the sort of classification system ISO 17799 recommends.

Level Class Description
1 Top Secret Highly sensitive information about strategies, plans, designs, mergers & acquisitions
2 Highly Confidential Serious impact if shared internally or made public
3 Proprietary Procedures, project plans, specifications and designs for use by authorized personnel
4 Controlled For controlled use within the extended enterprise, but not approved for public circulation
5 Public Information in the public domain

There is an increase in sensitivity of information as you move from bottom to the top of this table. Inversely, the amount of information that is classified decreases as you increase the level of classification. This is important because as you wish to create a model for protecting top secret information, you need to have more control over who can open the documents and who has the power to assign new rights to people. This increases the administration of the solution because someone has to make these decisions. Luckily IRM places this control in the hands of the business users, so those managing top secret contexts are the people who are working with the top secret information. A good example is in Oracle we have a single classification across the entire company for controlled information. Everyone in Oracle has access to this and the provisioning of rights is automatic. However when IRM is used to protect mergers and acquisitions (M&A) documents in Oracle, very top secret information, a small group of users have access and only one or two people can administrate the context. These people however are the ones directly involved in the M&A activity.

Public

Looking at each of these we can determine how IRM might apply. For publicly classified content the response is immediate and quite obvious. You don't use IRM because the information has low to zero risk from a security perspective and therefore requires no controls. However there have been times where documents may be sealed to a public context simply to provide usage statistics.

Controlled

For controlled content there may be strong reasons to leverage IRM security. However the sensitivity of the information is such that the risks are relatively low. Therefore consider a single company, or at least department wide context. This is born from our best practice which leans towards a simple, wide context model which balances risk versus the usability and manageability of the technology. Essentially controlled information needs some level of security, but it isn't important enough to warrant a fine grained approach with a high cost of maintenance. Usually every professional member of staff is a contributor to the context which allows them to create new content, edit, print etc. This at a minimum provides security of content if it is accidentally lost, emailed to the wrong person outside the company and provides a clear indication that the information has some value and should be treated with due care and attention. Yes allowing everyone the ability to cut and paste information outside the IRM document exists, but disallowing this to a low level of classification may impact business productivity. If control of the information is that necessary, then it should result in a higher classification.

Business partners are given appropriate roles which allow them to open, print and interact with the content but not have the authority to create controlled information or copy and paste to other documents. For the rare exceptions where you wish to give access to un-trusted users you can create guest roles which are assigned as part of a work flow requesting for exceptions to the rule.

Proprietary

As we move up through the classification policy we find an increase in the need for security from finer grained control. Proprietary information carries with it a greater risk if exposed outside the company. Therefore the balance of risk and usability requires a finer granularity of access than a single context. So now you have to decide at what level of granularity these contexts are created and this varies. There are however some good common rules. Avoid a general "proprietary" context, this would undermine the value of the classification. Follow a similar pattern to the work-in-progress use case defined above. Be careful to not be too generous about assigning the contributor role, restricting this group guarantee's document authenticity. Remember with IRM you can add/change access rights at any time in the future, so here is a chance to start out with a limited list and grow as the business requires.

Highly Confidential

As we get closer to your organizations most important information, we start to see an increase in the amount of contexts you need to provide adequate security. Highly confidential information requires a high level of security and as such the risk versus usability trade off favors a more granular approach. Here you are identifying explicit business owners of classifications instead of groups of users or using an automated system for unchecked provisioning of access. Training increases a little here as well because as you hand these classifications into the business, they need to know how to administrate the classification and understand the impact of their assignments of rights. The contexts also become very specific in their naming because instead of relating to wide groups of data, they now apply to very specific, high risk information. The right level of granularity and administration is hard to predict, therefore always start with a few contexts initially and pilot with a small number of business units with well defined use cases. You will learn as you go the right approach and more contexts will emerge over time.

Top Secret

Last but most definitely not least, the Top Secret contexts. Sometimes these are the first to be created because they protect the most important documents in the company. These contexts are very controlled and tightly managed. Even the knowledge that these exist can be a security issue and as such the contexts are not visible to the support help desk. The number of top secret contexts is also typically very small due to the nature of the information. A company will only generate a small number of highly sensitive financial documents or a few critical documents which contain the secret sauce of the product your company creates. Top secret contexts also can have a short life span as they sometimes apply to a short lived, top secret project. Mergers and acquisitions is again another good example, these are often very top secret but also short lived. L1 classified contexts quite often contain external users, executives from a target acquisition or attorneys from your legal firm. But the sensitivity of the information means external users are closely monitored by the context managers.

Example context map

Typically to map a classification policy to IRM requires a business consulting project which asks each elements of the business how they use sensitive information, who should be able allowed to open and it and manage the access. At the end of this exercise you end up with a context map. This is a simple table which shows the IRM contexts and their relationship to the classification policy. Here is an example table from when we used the technology in SealedMedia before we were acquired by Oracle.

Top Secret Highly Confidential Proprietary Controlled
L1 L2 L3 L4
Board Communications Executive WIP Executive Company
Intellectual Property   Competitive  
Security Product Management WIP Product Management  
  Professional Services WIP Professional Services  
  Sales WIP Sales  
  Marketing WIP Marketing  
  Finance WIP Finance  
  Engineering WIP Engineering  
    External External

Note the use of the labels L1 through L4 to indicate level of sensitivity. This would be used as part of the actual context name, e.g. "L1 (Top Secret) Intellectual Property". This serves a few purposes, firstly if a user has access to many classifications, they will be listed in order or sensitivity with the most important at the top when users are making decisions about classification of documents. Also it makes it very clear how sensitive each classification is. If I attempt to open a document I do not have rights to, the IRM software redirects me to a web page informing me that I don't have access to "L1 (Top Secret) Security". Immediately I understand that I shouldn't be opening this top secret document because it is classified above my access level. Note that in the above map only ongoing contexts are documented. There may well be a context called "L1 (Top Secret) Smith versus Jones dispute" which would be used to secure the information about a highly confidential law suit. But this classification exists for only a short period of time and therefore is created as and when needed. The context map is designed to document classifications which will exist for ongoing future of the company.

Periodic expiry & version control

The last example in this set of use cases is when IRM can allow for the periodic expiry of access to information which in turn can also be used to implement security related version control. Consider the situation where your company has some very valuable product roadmap documents which detail information on the next release of your products. This information may have valuable insight to the direction of the company and the disclosure of such information to competitors, the press or just the general public may have a significant impact to your business. However road map information changes often and therefore not only do you need to ensure who has access to it, but ensure that authorized users are access the right versions. Another useful aspect of IRM is that you may wish to review who has access to your product road maps on a annual basis and examine if the rights model you've decided on is still appropriate, e.g. do you still want users to be able to print the documents. IRM can satisfy both of these requirements when you appropriately design the classification model. Consider the context below;

Context title 2010 L1 (Top Secret) Product Roadmap
Contributor VP Product Management
Item Readers Trusted users in the company who have been training on how to deliver product roadmap presentations and messaging
Context managers VP of product development and those who approve and verify the training of trusted users

This is a very simple definition of a context but a great demonstration of the powerful capabilities of Oracle IRM. The only person who can create product roadmap documents is the VP. This is because this person is the last point in the review and approval process and as such has the authority to reseal the final product roadmap document from the work in progress context to this published context. The Item Reader role by default gives no access to anything in the context. So as each person completes the product roadmap training, they are given the role Item Reader and at the same time you add the specific documents which they've been trained on. There is of course an administrative overhead here, if you have hundreds of users being trained a month, someone has to be administrating IRM. Using groups at this point does allow for the management to be simplified. You might have a group called "Trained 2010 product roadmap presentation field sales users" and this group has been given the Item Reader role with the document restriction of the current 2010 product roadmap presentation. Then the management of users who can access these documents is done in the user directory, such as managing group membership in Active Directory. A better solution for the management of this rights assignment would be to use a provisioning system such as the Oracle Identity Manager. Here you can centralize the workflow of users being trained and then not only give them access to the IRM context but also automate the provisioning to the location where the documents are stored.

ProductRoadmapItemLock.png

Periodic expiry

Because the context name is prepended with the year it means that in 2011 the owner of this classification needs to review this classification. This review may decide that users with the "Item Reader" role can be trusted to print the content and that the 2 week offline period is too long and should be reduced to 1 week. The use case may also require that for each year users must be trained on the presentation of product roadmap information. So the creation of a new context, "2011 L1 (Top Secret) Product Roadmap" is created with a blank list of Item Readers, ready for new trained users to be given access to the new product roadmap. All Item Readers in the 2010 context are then removed and in one simple action you now ensure that nobody can access the old, out dated 2010 information. Because Oracle IRM separates out all the access rights from the documents themselves, there is nothing else to do. You remove access from the server, and as the offline periods to these documents expire, so does the access. The advantage for this retirement of access to old content, is that in the future if you ever need to be able to access a product roadmap document from 2010, the IRM administrator can simply go back to the old context and give access to a specific person.

Version control

With the Item Reader role you are explicitly defining what documents users have access to. Whilst this might incur an administrative cost in maintaining this list, the value from a security perspective is very fine grained control and high visibility of who can access what. Another benefit of this is because Oracle IRM allows you to change your access rights at any time, you can update this list. So imagine that you have a group of trained users assigned with an Item Reader role that has version 1 of the product roadmap presentation listed. Then after a few months, the roadmap changes, as it often does and a new version 2 is created. After making this new version available somewhere you can now remove the groups access to version 1 and add version 2. What does this mean? Now everyone in that group trying to open version 1 is going to get an access denied message. But, this message is in the form of a web status page which you have full control over. You can now modify that status page to provide the link to the new version 2, which they do have the ability to open.

This is incredibly powerful. Not only is IRM providing the means to ensure only authorized users have access to your most sensitive information, but it is ensuring they can only access the latest versions of that information AND allowing you to easily communicate to them where to GET that latest version from.

These are just a few of the many uses for Oracle IRM, if you would like to discuss your own particular use cases and see how Oracle IRM can help, please contact us.

Tuesday Sep 28, 2010

PwC 2011 Global State of Information Security Survey

PWC-logo.png
PwC has just released the findings of an information security survey by PricewaterhouseCoopers, CIO Magazine and CSO Magazine. The survey contains responses from more than 12,840 CEOs, CFOs, CIOs, CSOs, vice presidents and directors of IT and information security in 135 countries. Quite a wide audience. The report focuses on the business drivers for information security spending and reveals that in general spending on security has flat lined or at least dropped in the past 12 months. Mostly due to lack of funds after a wildly unpredictable economic financial climate. There were some elements of the report I found intriguing given my knowledge of IRM and the problems it solves.

 

While the impacts of the downturn linger, risks associated with weaker partners have increased


So whilst organizations are not spending money on security, they do recognize that the risks of sharing information externally with partners is increasing because... their partners are also not investing in adequate security. It is a very obvious point to make, everyone is not adequately investing in security and yet there is a growing trend to outsourcing where more and more of your information is shared beyond your existing security perimeter. There is now much higher risk when relying more on external partners for your business to be effective but its a necessary evil. What if that partner is your cloud storage provider and you are about to undertake a migration of your content into their platform? Will it be secure?

 

 

Visibility of security breaches/incidents is increasing, as are the costs


The report also finds a healthy increase in the knowledge of security incidents. I would guess this is primarily an impact of regulatory requirements forcing the issue. More and more companies have to report data loss incidents and therefore they are deploying technologies and processes to become more visible of the events.

 

PWC-2010-SecurityIncidients12Months.png

Yet growing in the other direction is the cost awareness of data loss. In three years this number has doubled. So it's a simple summary. People know a lot more about the loss/breach of important information and it is costing them more. The graph below shows the significant increase in both the area of financial loss to the business as well as the loss of critical intellectual property. These results tally with the issues we've seen in the news over the past year. GM losing masses of hybrid research, Ford also losing lots of intellectual property. The health care industry is also reporting data loss incidents at an alarming rate.

PWC-2010-ImpactsToOrganization.png

Another main areas this risk is coming from is, and i'll quote the report "traced to employees and former employees, in line with the higher risks to security associated with salary freezes, job instability, layoffs and terminations and other HR challenges that rise during economic stress." The technology that is presenting the greatest risk is the social network. The channels of communication into and out of your business environment are increasing dramatically. No longer is it appropriate to monitor just email and the firewall. But you have to worry about USB devices, web based storage, social networks... and a lot of this activity happens outside the office whilst people are at home, in a hotel or on the move with their cell phones.

 

How does IRM help?


So where does a document security solution like IRM play into this? First let me summarize up what I think all the research is telling us...

 

Companies are more aware of security incidents and the threat is moving to the partners who are not spending enough to secure your information. The costs of losing information are increasing from both the impact to the business and the technology you need to buy to defend against the loss in the first place. More and more ways to lose information are now invading the enterprise and often they are beyond your control.

So consider the following advantages of a document security solution like Oracle IRM.

  • IRM moves your perimeter of security to the information itself. Instead of buying and deploying DLP, hard disk encryption, encrypted USB devices, simply deploy IRM and no matter where your sensitive documents and emails end up, they are only accessible by authorized persons and encrypted no matter where they are stored.
  • IRM can allow users to open, edit and review documents but prevent them from copying information from the document into an untrusted environment... Facebook, LinkedIn, unprotected Word and Excel documents. Of course it may not take much for a user to retype the information but one of the biggest issues around security is that of awareness. If a user can't easily copy information from a document, they know the information must be confidential.
  • Every single time an IRM protected document is created, opened, printed or saved, it is audited. This dramatically increases the visibility of who is doing what with your information. Also when end users know that by opening IRM documents they are leaving a trail of access, it decreases the likelihood they are going to misuse that information.
  • IRM is easy to deploy. The biggest advantage of IRM by far is that once a document has been secured, you have total control over who can open it. So the simplest deployment where you create one single classification for your entire business and secure all your confidential documents to it for use only by internal employees is quick and easy to do. Right now most organizations have millions, nay billions of documents floating around on partner file shares, employee laptops and the internet. IRM in one simple deployment brings a massive amount of value.
  • IRM does not suddenly impact your business effectiveness. Core to its design is a usable and scalable rights and classification model that puts the decision making on user access into the business. Enormous effect has been invested in making the use of Oracle IRM protected documents simple and easy for authorized users.

 

Have a look at some of the videos on our YouTube channel, or get in touch if you'd like to know more about how this solution works.

Monday Sep 27, 2010

New release of Oracle IRM Wrapper version 1.4.0

Yet another release of a highly useful tool in the Oracle IRM kit bag. The Oracle IRM Wrapper is a Java based client which demonstrates some of the powerful ways in which you can create extensions of the Oracle IRM technology to extend the protection of files beyond the out of the box features. The IRM Wrapper uses the IRM API to allow for the encryption of any file, similar in nature to functionality as PGP, however with the difference that the rights control of decrypting files is the same powerful classification system that is used across the usual gambit of IRM files.

In this release support for existing sealed extensions has been added. This is a significant feature because it means that files wrapped by Oracle IRM Wrapper can be opened by the Oracle IRM desktop, and files sealed by the Oracle IRM desktop can be unwrapped by Oracle IRM Wrapper. In a mixed community of end users, where most have the Oracle IRM desktop installed but some do not (they may be on MacOS or Linux), no users need be excluded from workflows - they can all use the same sealed files! It is only necessary to add the Wrapper users to a special group assigned a role with unrestricted export rights.

Download this latest version from here.

 


  • NEW! Support for sealed extensions, e.g. .sdoc, .spdf
  • Installation scripts for easy installation on Windows and MacOS X
  • Written in 100% pure Java so runs on any Java-compatible operating system
  • Internationalized and localized into English, Japanese and (bad) schoolboy French
  • Right-click wrapping and unwrapping
  • Easily configure per-context drag-n-drop wrapping icons on your desktop
  • Automatically checks that you have the rights to wrap and unwrap files
  • Automatically select a default context
  • More robust configuration handling (ignores leading or trailing whitespace)

 

And a few screen shots of the tool running in Windows and Linux.

IRM_Wrapper_On_Linux.png

IRM_Wrapper_On_Windows.png

Security in the Enterprise 2.0 World: Conflicts of collaboration

CMSWireLogo_v2-02.png
I was recently asked to be a guest author on CMSwire.com to comment on the challenges of security in the Enterprise 2.0 (E2.0) world. Having worked in both E2.0 and security, I have a good perspective.

As E2.0 brings web 2.0 into the enterprise it runs directly into the issues of security, compliance and regulation. It's a big challenge and a big contradiction. The business wants to use all these amazing new ways to share content, but the same business also needs to ensure that only the right people can get access to it.
And What About the Cloud?

Then there is the cloud. Cloud, cloud, cloud, it's on every webcast, in every article. The cloud has many advantages. Why wouldn't you want to outsource all your costs of network management, storage, system administration? The cloud makes perfect sense but has one massive concern... security. Wouldn't it be nice if someone else could host your content, provide the search functionality, upgrade the systems, manage backups and the network access and yet you could have persistent control over the actual information itself?

Read the full article over on cmswire.com.

About

Oracle IRM protects and tracks your sensitive information no matter where it goes. It combines business friendly encryption with role based usage rights and auditing.

11g quick guide

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today