Using Oracle IRM to secure your sensitive emails
By Simon Thorpe on Feb 19, 2009
Email is a very useful technology. It allows for people to easily and quickly communicate with vast numbers of people over great distances within minutes. However there is a downside to the ease of use, sensitive information can be broadcast with little effort and sometimes by mistake. How often have you been writing an email, filling in the "To" list and have allowed the email client to search through your history of previous emails and suggest the right recipient? Only to find that just after you've sent the email, you realize it went to the wrong person? I have heard all sorts of horror stories of sensitive documents, sometimes containing mergers and acquisition information being sent to the wrong people at the wrong company. Worse there have been reports of documents being sent to entire distribution/mailing lists of people by mistake.
So no surprise that we on the Oracle IRM team have a solution for protecting email communication. Oracle IRM supports a lot of formats, from Office (2000-2007, wider support than Microsoft's own IRM technology), PDF (Acrobat Reader 6.0+), HTML, JPEG, GIF, XML and others which allows people to protect documents that are attached to emails but we also support the ability to secure the content (body) of the email.
This is an area that comes with many different methods of creating, sending, receiving and reading the information. Some also regard their email client to be the most important tool in the workplace, so when integrating with this environment, especially from a security perspective, you need to be very careful and ensure you do not disrupt end users day to day activities.
Oracle IRM ensures the best user experience when protecting sensitive emails
When the Oracle IRM team decided to include email as part of the solution, we thought long and hard about how to address the issue of multiple email clients and servers. The decision was to be as agnostic as possible to the underlying platform so that we could ensure users could consume sealed information via as many clients and servers as possible. Nothing worse than a vendor trying to tie you into their way of doing things.
This led to the creation of the .seml format and the method of taking the body of an email, sealing it and then attaching that file to an ordinary email message. This means that the resulting email package can be sent via any of the usual email mechanisms. What did do on the client side was write some simple plug ins for the most common email clients to automate the above process. The email clients we current support are;
- Microsoft Outlook 2000-2007
- Lotus Notes 6.5-7.0
- Novell GroupWise 6.5-7.0
Sending a secure email with Oracle IRMWhen using one of the email clients above it is very simple to send a secured email. Simply start a new email as you would normally and the Oracle IRM Desktop will insert a small button in the email window. This allows you to mark the email as one which you wish to be sealed. Upon sending of the email the IRM software will ask you what classification (context) the email falls under and will list all the contexts to which you have the rights to secure information. This is exactly the same dialog and selection a user makes when sealing any document with Oracle IRM, consistency with the end user is important to reduce any confusion in the process. After choosing the classification the email is then sealed and sent onto the recipients.
|It is still possible to send a sealed email if you don't have one of the supported clients. But it requires the end user to create the sealed email attachment manually like any other ordinary sealed file and attach that to the email. Future support of new email clients is however possible as we have an API exposed specifically for integrating with email. This API has already been used in Oracle to develop an integration with the open source Thunderbird email client.|
Receiving a secure email with Oracle IRM
The beauty of the Oracle IRM solution is that receiving and opening a sealed email doesn't require any specific email client. Because the file is an attachment to the email, you just double click on the attachment and, assuming you have rights to the content, open the message.
There are some advantages with using a client that we've integrated with. For instance to reply to a sealed email is much easier with Outlook, Notes or Groupwise because we again insert a button behind which some logic automates the replying. But it is still possible to do this from any email client it just requires some manual effort on the end user.
Your email is secure and persistently under your control with Oracle IRM
Email extends the Oracle IRM format base to an area that is crucial for effective secure communication. It not only offers powerful protection using industry encryption algorithms to secure the information in transit, but it enables you to have total control over the email even after delivery. So even when your sensitive information goes out to thousands in the organization and is forwarded onto more, you still have the ability to audit and revoke access to every single copy of that communication, no matter where it resides.