Monday Aug 01, 2011

Document Theft - IRM as a Last Line of Defense

Document TheftI haven't had much time to update the blog recently, but just time to post before going on holiday. Over recent weeks there have been numerous stories relating to document theft – the Pentagon commentary on systematic theft of thousands of documents from defense contractors, the reports of journalists hacking into not just phones but the email systems of public and private citizens, the smug announcements by “cyber terrorists” that they’ve stolen files from various organisations.

The relevance of IRM is clear. Protect your perimeter, your applications, your file systems and repositories, of course, but protect your sensitive documents too. In the end, there are so many ways to gain digital possession of documents – but only one way to actually make use of them if they are protected by IRM. Anyone stealing a sealed document by whatever means has another substantial line of defense to overcome.

And that line of defense is designed to audit and authenticate access attempts as well as consider a number of other risk factors. It can also be rapidly reconfigured to deny access completely in the event of calamity – a single rule change can prevent all access from compromised user accounts or for whole classifications of information. The audit trail can also provide valuable clues as to the source of the attack.

In a cloudy world, where perimeters are of diminishing relevance, you need to apply controls to the assets themselves. And the scalable, manageable, intuitive way to achieve that control is Oracle IRM.

Friday Sep 24, 2010

Data loss prevention (DLP) solutions with document encryption

This week a new data sheet was approved which details the work done so far on integrating Oracle's industry leading document security solution with the top DLP vendors. The content of the data sheet is below and available as a PDF at the end of the article.

Organizations face the ongoing challenge of protecting their most sensitive information from being leaked. Two of the most popular solutions used to address this problem are Data Loss Prevention and Enterprise Rights Management. This datasheet explains how these technologies are highly complementary and advises how they can most effectively be used together to provide a complete data leakage solution. It also describes the integrations today between Oracle Information Rights Management and the DLP products from Symantec, McAfee, InfoWatch and Sophos.


Data Loss Prevention

Data Loss Prevention (DLP) technologies aim to prevent leaks of sensitive information. They do so by discovering sensitive information at rest, and monitoring and blocking sensitive information in motion, using content-aware scanning technology. The discovery, monitoring and blocking DLP components run either on the network (servers reaching out to scan repositories or intercepting network information flows) or on endpoints (end user computers or laptops).



Information Rights Management

Information Rights Management (IRM) also aims to prevent leaks of sensitive information. It does so by encrypting and controlling access to sensitive documents (and emails) so that regardless of how many copies are made, or where they proliferate (email, web, backups, etc.), they remain persistently protected and tracked. Only authorised users can access IRM-encrypted documents, and authorised users can have their access revoked at any time (even to locally made copies).



Complementary Solutions to Similar Problems

DLP and IRM address very similar problems, but in different and complementary ways:

  • DLP is well suited to situations where an organisation doesn't know where its sensitive information is being stored or sent. Content-aware DLP can map the proliferation of this sensitive information and direct remedial efforts, such as tightening existing access controls using blocking, quarantining or encrypting.
  • Out-of-the-box DLP remedial actions often prove to be disruptive to business workflows. Sensitive information is required for collaboration with certain third parties; configuring DLP to permit only the desired collaboration whilst preventing other data loss proves to be almost impossible.
  • Also DLP provides decisions about content at a point in time, e.g. can this user email this research document to a partner? However, 6 months later the organization may sever ties with the partner at which point the DLP rule may change; but this doesn't affect all the information that has flowed to this partner over the past 6 months. DLP cannot retroactively block access to information that it has previously been allowed to pass beyond its control to third parties.
  • Thus DLP customers are looking for a technology to allow secure collaboration triggered by their DLP solution.
  • IRM is well suited to situations where an organisation has relatively well defined business processes involving sensitive information, e.g. sharing intellectual property with partners, financial reporting, M&A, etc.. IRM-encrypting sensitive documents or emails ensures that all copies remain secured, regardless of their location.
  • IRM continues to work beyond the enterprise firewall or enterprise endpoints, so authorised end users on partner or home networks or endpoints can use IRM-encrypted documents without being able to make unencrypted copies. This access can be audited and revoked at any time, leaving previously authorised users with useless encrypted copies. IRM provides persistent protection, which means that you can revoke access to information at any time. One simple change in an IRM system can stop access to millions of documents shared with partners, customers or suppliers.
  • IRM protection requires any document to be encrypted. This can be manually actioned by an end user according to a corporate policy, but this reliance on a manual process may result in reduced uptake. To aid uptake and enforce policy many organizations automate the process via integrations with content management systems and enterprise applications. However many other sensitive documents are collaborated with that fall outside these perimeters.
  • Thus IRM customers are looking for a technology to detect sensitive data and trigger the IRM encryption process.

Integration Use Cases

From the above it should be clear that the combination of DLP and IRM will be more effective than either solution in isolation.

  1. DLP-discover and IRM-encrypt data at rest
    DLP is used to discover the proliferation of sensitive information (on endpoints and servers) and classify it in terms of its relative sensitivity. Sensitive classifications can then be IRM-encrypted to have persistent access rights in line with enterprise information security policy. For example DLP discovers a set of financial documents stored in a public file share and automatically protects them against an IRM classification that allows only the finance group to open the documents. The documents stay where they are, but IRM enforces the access controls.
  2. DLP-monitor and IRM-encrypt data in motion
    This time DLP monitoring is used to detect sensitive outbound information flows and to add IRM encryption as a remedial action for policy violations. For example a user attempts to email a sensitive document to a supplier, DLP detects this and uses IRM to protect the document but allows the email to continue onto its destination.
  3. DLP discovery of IRM-encrypted information at rest
    It is important that DLP scanners be enabled to scan IRM-encrypted documents and emails. This can be shallow scans (which verify the document is IRM-encrypted and check the IRM classification) to enable controlled sharing of suitably IRM-encrypted documents, or deep scanning (which temporarily decrypts the IRM-encrypted content) to verify that documents are encrypted to the correct IRM classification.
  4. DLP monitoring of IRM-encrypted information in motion
    Shallow scanning of IRM-encrypted documents could be used to ease potentially disruptive DLP blocking of sensitive outbound content. Certain IRM classifications could be allowed outbound while others could be blocked. Deep scanning could be used to add in content-aware policies and ensure consistency between DLP and IRM policies.

Integrating with DLP Vendors

Oracle has been requested by several customers and partners to integrate Oracle IRM with the leading DLP Vendors' solutions. Whilst all four of the above integration use cases are being scheduled on both Network and Endpoints, work has already been done today to support the following functionality.

Symantec DLP and Oracle IRM

Oracle and Symantec have collaborated to provide a solution that allows DLP to discover and automatically call IRM to encrypt data at rest. This results in sensitive documents being identified by DLP and then automatically encrypted with IRM. The encrypted files can then remain in their original location rather than being quarantined, but can only be opened by authorized users. The DLP product can also discover and monitor IRM-encrypted documents and then audit, quarantine or take no action depending on policy and context.

McAfee DLP and Oracle IRM

McAfee's Data Loss Prevention quickly delivers data security & actionable insight about the data at rest, in motion and in use across your organization. Protecting data requires comprehensive monitoring and controls from the USB drive to the firewall. The powerful combination of McAfee DLP and Oracle IRM automates the process of protecting your data, giving you confidence that policies are enforced consistently wherever your data needs to travel.

InfoWatch DLP and Oracle IRM

Oracle and InfoWatch have collaborated to provide a solution that controls information transferred via removable storage, optical media, web uploads and emails with attachments; as well as inspects contents of IRM-encrypted files and messages. The solution applies policies to prevent sensitive information leakage. A flexible policy can be configured to enforce IRM-encryption of sensitive emails. Digital fingerprinting of the IRM-encrypted content ensures that no parts or quotes of IRM-protected documents can leak outside the corporate network.

Sophos DLP and Oracle IRM

Oracle and Sophos have collaborated to provide a solution to control the transfer of IRM-encrypted information via removable storage, optical media, web uploads and email attachments. A policy can be configured to simply audit the transfer of IRM protected files or, if required, authorise the transfer of IRM protected files and block the transfer of non-IRM protected files.


And you can download the PDF version of this data sheet.

Friday Sep 03, 2010

Oracle IRM and Sophos DLP Integration

Continuing our theme on DLP and IRM, we've been working with leading DLP vendor Sophos to create integrations that bring IRM and DLP together. These integrations provide a richer set of security controls for protecting your most sensitive information, such as intellectual property, patient healthcare information (PHI), financial data as it flows around your enterprise networks and beyond. The video below demonstrates one of these integration use cases we are hearing a lot customers ask for, the need to ensure that only IRM protected documents can be copied onto USB devices and CD's to ensure the organization has persistent control over their most valuable content.

John Stringer, product manager at Sopho's comments,

DLP can be used to identify IRM-protected documents, audit their transfer and - where appropriate - apply IRM classification based on document content. This complements traditional methods for applying IRM such as manual classification by employees. At Sophos we're really excited about working with a number of IRM vendors, such as Oracle, to achieve exactly this.

The ultimate goal over the coming months with these integrations is to use DLP to maintain the policy which defines what you classify as confidential or sensitive information. DLP then implements these policies when it monitoring network traffic, searching across file repositories and watching the movement of information onto USB keys and other removable devices. When DLP finds unprotected information instead of simply blocking it it can apply an IRM policy inline with DLP to ensure that it becomes protected no matter where it ends up. Have a look at the video and feel free to contact us if you'd like to know more about what DLP and IRM can do together for you.


Friday Aug 20, 2010

Understanding the value of persistent document security with IRM and DLP

Great progress is being made here at integrating many DLP vendors with our information rights management (IRM) document security solution. Keep an eye out over the coming months for some sneak previews into this work. Our integration with Symantec DLP is also in the pipe for a vast increase in functionality as part of an integration with Oracle IRM 11g.

DLP and IRM together make a lot of sense. DLP is an excellent technology for watching systems and network perimeters to recognize content as sensitive so it can monitor/warn/block activities. For example, if you try to email a sensitive doc out of the business, DLP might block the email due to policy.

But DLP is an internal solution. No third party is going to let you monitor their networks and systems to protect anything that you send out, or that the third party is doing on your behalf. Especially with many looking to the cloud to store and manage content, does the cloud integration with your DLP? Does the cloud provide the same level of security and integrate with your existing internal security technologies and policies? So, many DLP implementations involve monitoring the perimeter of your network trying to prevent things leaving - or monitor your USB ports trying to prevent you from copying information to USB memory. Your USB port is an example of many different "perimeters" that DLP needs to monitor if it can.

IRM on the other hand protects information more directly. You seal a document and it is encrypted. You can send sealed documents to external parties - or allow third parties to create sealed content because they are working for you - but policy and audit still apply. The solution can be used in third party networks because the IRM solution only monitors/controls sealed documents - it does not monitor the third party's networks or systems or intervene in third party processes that have nothing to do with you.

Recent interest from both customers as well as partners and vendors has sparked a lot of discussion within the walls of Oracle and one of our expert IRM consultants came up with a great way to explain the abilities of these two technologies and how they work well together. I thought i'd share his analogy here;


  • DLP is like a police force. It watches as many things as it can for breaches of policy and intervenes in some way when it can. It needs to monitor all the channels that you identify as a potential risk, and its effectiveness stops at your border. You need constant adjustment to be confident that you are catching everything you should catch, and the trick is defining a comprehensive set of policies without making everyone feel that they are living in a police state. In practice, this might mean that you define very simple policies and warn rather than block. Once a document has left your borders, you have no further control and no means of revoking access.

  • IRM is more like a bodyguard. It goes wherever the sensitive assets go - even if they go beyond your border - but it takes no interest in anything that is not sealed. It applies policy consistently even if policy changes over time - so you can revoke access to external copies long after sending them. However, it only protects the assets it is assigned to protect, so the trick is using business process or automation to ensure that all sensitive assets are sealed. The automation could be managed by DLP.


Thursday Jul 22, 2010

More intellectual property theft, GM lose $40M of hybrid vehicles trade secrets to China industry

General Motors logo
A few years ago Intel had an employee walk out the door with their intellectual property and take it to AMD, Intel estimated the value of the information was close to $1 billion! Then there was the case of the IBM executive emailing trade secrets to HP, more recently Ford was hit by a worker taking 4000 confidential trade secret documents and using them to secure a new job with at least one Chinese car company.

Today news has been released that General Motors is the latest US company demonstrating a lack of control over trade secret information. Two ex-employee's have been charged with conspiring to steal trade secrets related to hybrid vehicles from General Motors to pass on to China's Chery Automobile Company. A court in Detroit has charged Sanshan Du and Yu Chin with conspiracy to possess trade secrets and unauthorized possession of trade secrets which can carry a penalty of up to 10 years imprisonment and a $250,000 fine.

Du is accused of copying thousands of GM documents to an external hard drive five days after the automaker offered her a severance agreement in January 2005. General Motors have estimated the value of the stolen information to be about $40 million.

It is quite shocking that these high profile incidents continue to happen when the technology is available which would render the possession of these documents useless, even when someone has copied them to a DVD and sent them to China. Oracle IRM would've ensured that as soon as these employee's had left the company, access to the documents is no longer possible. More importantly, sending these documents to illegitimate parties is a waste of time, only authorized users have the ability to gain access to the information. As a CIO once said to me, "There is no point spending all the security budget on protecting access to the applications, VPN and file shares with identity management technologies when the greater risk is the employee leaving the company who spent the last 2 weeks copying every sensitive document they could to a DVD".

Thursday Jul 15, 2010

Former MI6 man Daniel Houghton discloses thousands of top secret documents


Shocking news just reached me that 25 year old Daniel Houghton working for MI6, the British Government Secret Service, has said he was "directed by voices" after admitting charges of unlawfully disclosing top secret material. The judge said his chances of jail time are "inevitable"!

Daniel seems to have been driven by greed in an attempt to sell documents he had been collecting (later found on a USB key and a hard disk at his home) to the Dutch intelligence services for £2M GBP ($3M USD). The Dutch then tipped off MI5, the Military Intelligence boys who in turn had a word in the ear of MI6...

He was then bugged and filmed him as he displayed the files and offered to provide them with lists of MI5 agents he had worked with. The price was negotiated down to £900,000 and immediately after Houghton handed over the files on 1 March he was arrested while carrying a suitcase containing the cash. This is the stuff of the movies!

Police were stunned to discover the top-secret information he had casually taken, including 'techniques for intelligence collection' and personal information about spies, stashed under the double-bed in his small bedroom. There were over 7,000 files they collected from his home flat, and who knows what other data they may not have recovered. How on earth was someone with Daniel Houghton's character get employed with one of the worlds most powerful secret services? Gordon Corera, security correspondent for the BBC says, "But even though he was easily caught, the fact that he was recruited into MI6 and then was able to smuggle so much information out of the building will raise questions about how tight security and vetting procedures really are at the Secret Intelligence Service."

Of course this story could have been very different if those documents had been protected with an information rights management solution like Oracle's. Oracle IRM is a perfect technology to allowing national security agencies to protect their most valuable data and last year an agency in Mexico, who are in the middle of a serious national security problem with the drugs wars, purchase Oracle IRM for this exact reason.

Wednesday Jan 06, 2010

Solving the data loss prevention (DLP) puzzle and using IRM for encryption

An interesting strategy guide was published recently from InfoWorld. Titled "Strategies for endpoint security", it addresses concerns and challenges businesses have regarding the protection of endpoints, namely laptops and desktop computers.

One section of the guide which caught my eye was "Five technologies that will help solve the DLP puzzle." The article discusses the following areas where "before embarking on a data loss prevention program, enterprises must first determine the essential technical ingredients.".

The first subject tackled is that of classifying information in the first place. DLPs most valuable functionality is the ability to monitor many points in the enterprise and detect the storage or movement of documents, emails and websites that contain sensitive or classified data. However one problem with DLP is how do you configure it to reflect a well designed and understood information classification policy? William Pfeifer states that "You cannot protect everything, Therefore methodology, technology, policy and training is involved in this stage to isolate the asset (or assets) that one is protecting and then making that asset the focus of the protection." Nick Selby, former research director for enterprise security at The 451 Group and CEO/co-founder of Cambridge Infosec Associates, then goes onto say the key is to develop a data classification system that has a fighting chance of working. To that end, lumping data into too few or too many buckets is a recipe for failure. "The magic number tends to be three or four buckets--public, internal use only, classified, and so on," he says.

So the recommendation is that DLP should be configured with a simple and easy to understand set of classifications. Keeping things simple in the complex world of security dramatically reduces chance of human error and increases usability. Oracle IRM is a technology that has had this message designed within its core from day one, it has a very powerful and yet simple to configure and deploy classification system. This is what makes the union of IRM and DLP such a compelling story when it comes to a comprehensive data loss prevention solution that can actually be deployed and used at an enterprise scale.

The second subject approached in the article is encryption. It's worth repeating the full statement here...

"This is a tricky one [encryption], as some security pros will tell you encryption does not equal DLP. And that's true to a point. As former Gartner analyst and Securosis founder Rich Mogull puts it, encryption is often sold as a DLP product, but it doesn't do the entire job by itself. Those polled don't disagree with that statement. But they do believe encryption is a necessary part of DLP. "The only thing [encryption doesn't cover] is taking screen shots and printing them out or smuggling them out on a thumb drive. Not sure I have a solution to that one."

No worries Rich, Oracle and Symantec have exactly the solution you are looking for. DLP detects that a document or email contains sensitive information and IRM encrypts and secures it. IRM not only encrypts the content, but it can limit the ability to take screenshots, stop printing, manage who can edit the content, who can see formulae in Excel spreadsheets, even allow for users to search across hard disks and content systems for information inside encrypted documents to which they have legitimate access...

The article continues, "Stiennon says that while all encryption vendors are not DLP vendors, applying encryption is a critical component to DLP. "It could be as simple as enforcing a policy," he says. "When you see spreadsheets as attachments, encrypt them."

Or more specifically, when you see any sensitive document or email, seal them with Oracle IRM! For more information on how IRM and DLP technologies can work together, have a read of this.

Monday Dec 14, 2009

Privacy watchdog warns about unacceptable level of data loss, highlighting the NHS


The Information Commissioner's Office (ICO) is continuing to raise awareness of data loss and highlights that in 2010 companies need to do more to protect customer and patient information. In a recent report they quote;

"Unacceptable amounts of data are being stolen, lost in transit or mislaid by staff. Far too much personal data is still being unnecessarily downloaded from secure servers on to unencrypted laptops, USB sticks, and other portable media."

The warning from the office comes with news that the worst offenders are in the health care industry. "We have investigated organisations, including several NHS bodies, that have failed to adequately secure their premises and hardware, which has left people's personal details at risk," said Mick Gorrill, the assistant commissioner with responsibility for investigations.

In the same month the ICO also released an excellent and much needed plain english guide to data protection.

Looking at the results of current research and also at the findings of risk assesments, Information Rights Management is a technology well designed to provide a fast solution to the loss of data in environments where security is hard to enforce. How do you control access to content that is lost by someone you've sent it to at another location outside your firewall? Oracle IRM provides the ability to secure and track that information no matter where it resides.

Loss of data in 2010 is to get more expensive as new laws allow the ICO to implement fines. David Smith, Deputy Information Commissioner, says: "Since November 2007 we have taken action against 54 organisations for the most reckless breaches in line with our commitment to proportionate regulation. Some of these breaches would trigger a significant fine for organisations were they to occur after the introduction of monetary penalties in 2010. We are keen to encourage organisations to achieve better data protection compliance and we expect that the prospect of a significant fine for reckless or
deliberate data breaches will focus minds at Board level."

If you want to learn more about Oracle IRM, have a look at some of the videos on our YouTube channel and please contact us if you want to undertake a free evaluation.

Wednesday Nov 04, 2009

Oracle IRM and the evolution of "information-centric" security

Whilst responding to an RFI I needed to describe how information rights management was positioned against many other types of technologies that use encryption to protect documents and emails. I thought it would make sense to write up the response on the blog. The diagram below really highlights how information rights management is at the leading edge of using cryptographic technologies to protect your confidential information.

Oracle IRM Evolution of information-centric security

Information security is a crowded and confusing marketplace. Many security solutions are really infrastructure security, because they secure IT infrastructure and users from information (for example anti-virus, anti-spam, intrusion detection). Some information security solutions only attempt to secure information from external attack (for example firewalls).

This diagram above illustrates the evolution of "information-centric" solutions that, by securing information directly, attempt to secure information from accidental or deliberate leakage by internal and external users. This diagram is not entirely even-handed in that it does not show the benefits of earlier solutions, just their critical shortcomings - but the idea is to show how IRM for the first time sufficiently solves these limitations to be the first truly enterprise-viable "information centric" solution.

Information-centric security started with products like PGP, which used public key infrastructure (PKI) encryption to encrypt information, and provided document and email encryption products. Products like PGP have two killer shortcomings. Firstly they ask busy non-technical business people to understand and personally manage the principles of PKI cryptography - pass phrases, public keys, private keys, digital signing, encryption, decryption, public key rings, certificates, etc. And then, after jumping through all these PKI hoops, the PGP-like technologies still just pass the decrypted information off into the clear (decrypted) to the document and email applications, from which they can easily and untraceably be redistributed - there is no post-delivery protection or tracking. Invasive to user workflows and with dubious benefits (most leaks are made, accidentally or deliberately, by end users - not by eavesdropping on networks) these solutions have over a long period gained minimal traction. Many people have briefly played with PGP, or something like it, but it is rare to meet someone who still does.

"In-delivery" secure email products built on the encryption capabilities of PGP-like products, in an email context. As organizations began to see email as their leading vector for information leakage (deliberate or accidental - how often have you sent a confidential email to the wrong user?) they sought solutions for securing email. Almost all of these solutions operate by intercepting outbound emails, and for those marked or scanned as being confidential, they place them on an SSL-protected web site and send on a replacement email with a link back to the original email on the SSL-protected web site. When the users follow the link to collect the email they are typically required to authenticate and the original email is then obtained over a secure SSL connection. So the shortcomings of these solutions are clear - again they provide no post-delivery security (authorized users can still save out in the clear and forward), they only defend against eavesdropping (which is a much less common threat than redistribution) and is ultimately an email-only point solution. While email remains the leading means of sharing information, there is also a huge amount of sharing via file shares, web, USB devices, etc.

The next major evolution of "information centric" security, which is currently generating significant interest, is gateway- or desktop-based filtering/monitoring. These technologies install software agents into gateways (such as email servers or web servers) or desktops that monitor outbound information flows, and scan the outbound emails, attachments and web pages for confidential information (such as social security numbers). It remains to be seen how effective these solutions are in practice, because they tend to be primarily passive (they are often detuned to prevent them blocking outbound information flows as a result of false positives) and act more as a deterrent; because they must monitor a bewildering number of perimeters in a modern network to be effective; and must sift through a staggering amount of legitimate traffic looking for a hopefully small amount of illegitimate traffic. But the fundamental shortcoming of these filtering/monitoring solutions is that they are effectively enterprise spyware: spying on internal information flows. Unfortunately most sensitive business processes involve sharing confidential information with external parties, and they are never going to allow your organization to spy on their networks to protect your information. So it would seem absurdly incomplete to spy on your own employees and then send the same confidential information unprotected and untracked into the networks of your partners, customers and suppliers.

Nevertheless there are considerable synergies between monitoring/filtering technologies and IRM - to help automate the sealing/classification of information. This is seen in the recent integrations between both DLP vendors and IRM vendors.

Oracle Information Rights Management (IRM) is very much an evolution from all these earlier technologies. It uses the PKI encryption from PGP-style products, but hides all the complexity from end users. It uses the close integration with leading email clients of secure email. It shares the same desktop agent and policy server profile of desktop filtering, but is only active in the context of sealed/classified information. But unlike preceding solutions Oracle IRM provides pro-active, post-delivery protection and tracking; works just as well outside the firewall as inside; has a classification-based rights model that completely hides all the complexity of encryption and makes policy management straightforward; and secures documents, emails and web pages regardless of how they are shared - so Oracle IRM it is a significantly more complete solution.

Monday Nov 02, 2009

Peer-to-peer network exposes document detailing US Congress ethics probes

Over the weekend a document containing confidential information from one of the most secretive panels in Congress was floating about on an peer-to-peer network. Apparently a junior member of staff went home to work on the memo and stored the document on a computer that also ran peer-to-peer networking software. The inevitable happened and the document was whisked away to the file sharing network to be available to thousands of other computers.The 22 page report contains details of sensitive ethics probes involving more than 30 lawmakers and aides compiled by the ethics committee in the House of Congress.

The ethics committee is one of the most secretive panels in Congress, and its members and staff members sign oaths not to disclose any activities related to its past or present investigations. The 22-page "Committee on Standards Weekly Summary Report" gives brief summaries of ethics panel investigations of the conduct of 19 lawmakers and a few staff members. It also outlines the work of the new Office of Congressional Ethics, a quasi-independent body that initiates investigations and provides recommendations to the ethics committee. The document indicated that the office was reviewing the activities of 14 other lawmakers. Some were under review by both ethics bodies.

The leaked document, which was reported to the Washington Post, caused Democrat Zoe Lofgren, chairwoman of the House Ethics Committee, to interrupt House voting. She announced that the Washington Post had obtained a confidential ethics report and the newspaper had been contacting lawmakers named in the document. She described the release of the sensitive document, as a form of hacking.

This incident highlights the dangers of not correctly protecting your most confidential information. Unfortunately the blame is usually pointed at the person who didn't follow instructions on how to handle such data. In this incident the member of staff was fired and the committee "is taking all appropriate steps to deal with this issue,". According to house administration rules, they require that if a lawmaker or staff member takes work home, "all users of House sensitive information must protect the confidentiality of sensitive information" from unauthorized disclosure. I wonder what technologies are actually implemented to aid lawmakers and staff with actually protecting this information.
"I regret to report that there was a cyberhacking incident of a confidential document of the committee,"

Zoe Lofgren, (D CA)

Information Rights Management could have easily helped avoid this situation. The memo could have been encrypted and secured allowing the employee to work on the document where ever they wished. Then if the document had been transmitted across a peer-to-peer network, it would've been useless to anyone else because IRM ensures only authorized users can gain access to sealed content. This would've saved Congress the embarrassment and also saved the member of staff their job.

Tuesday Oct 27, 2009

Oracle IRM and Symantec DLP version 10 integration announced


This morning Symantec announced the latest incarnation of their data loss prevention (DLP) technology, version 10. DLP technologies allow organizations to do discovery and monitoring of enterprise perimeters to detect the flow of sensitive information. When DLP detects something that is deemed confidential it can take some action upon it, typically this is in the form of blocking the information from continuing to be transmitted. However combining DLP with IRM means you don't have to restrict the end user by blocking their attempts to collaborate. Instead encrypt and protect the document or email so that it can be shared. IRM ensures only authorized users have access and provides advanced security controls such as revocation to the information, even after it has left the control of your enterprise networks.

We've been working with Symantec over the past month to build an integration between Oracle IRM and DLP creating the most powerful security solution of any IRM and DLP combination. Oracle IRM is the leading rights management solution for enterprise-scale document and email security. Combining these features with Symantec's leading DLP solution means customers can now have rich monitoring and detection capabilities. Instead of blocking attempts to share valuable data, this solution allows it to happen securely. We first demonstrated this capability at Oracle Open World and if you were not able to attend, we've uploaded some video demonstrations to our YouTube channel.

If you want to learn more about using Oracle IRM and DLP together contact us.



Wednesday Jul 15, 2009

Twittergate? Twitter employee hacked and loses hundreds of documents


News broke this month about the hacking of Twitter CEO Evan Williams's email account. His wife and two other Twitter employees also had email accounts hacked. As a result the hacker, French in origin, was able to access numerous documents containing information about a reality TV show involving Twitter, financial forecast documents (although they claim no longer current), wage information, credit card details and many others. He then offered these documents to different sources one of which was TechCrunch, a well respected Silicon Valley site. They made the brave choice to publish these documents and have caused widespread debate with many calling the incident Twittergate.

This obviously raises the issue of the documents security. The Wall Street Journal comments that, "Bloggers and tech experts are debating not only the ethics of airing the files, but also how the hacker got the information. Was it Google's password-recovery system? "That would mean this isn't a 'cloud' privacy issue," wrote GigaOm's Om Malik. "Rather it would be an issue of companies using poor authentication and password protocols to secure their data."

In Mr. Williams blog post about the issue he wrote that "It was a good lesson for us that we are being targeted because we work for Twitter. We have taken extra steps to increase our security, but we know we can never be entirely comfortable with what we share via email."

This incident raises the issue about storing sensitive information in the cloud. A few months ago Google accidentally exposed access to their online document services. Although this recent incident was in no way a result of problems with Google security, it does highlight that putting your important documents in the hands of others and using poor security to protect your own information systems is asking for trouble.

The BBC News website commented that "Many in the technology industry said this latest episode points to the potent reminder of how much information is stored in the cloud and the vulnerability or otherwise of that data.".

With people storing sensitive documents out in the cloud networks, it is even more important that any security affects the document itself, not the place of storage. It isn't good enough to rely on the security implemented by others such as Google, mistakes happen and leaks occur. Oracle IRM can provide this persistent security by securing the document and so no matter where you store it nor where it is stolen from, your ability to control access to the information remains where ever that document resides! Hmm I think i'll just go and tweet this...

Challenges with the classification of content, or, "data labels suck"!

A mildly heated debate has arisen regarding whether the classification of content/data (and the use of labels) for security purposes is worth the effort. On one side of the discussion is the position that trying to manually classify and label both content and data is time consuming, prone to error and quickly results in out of date classifications/labels. The opposing opinion is whilst in theory there are problems, in the real world you need to apply some level of classification/labeling manually and it isn't as hard as you think if you keep things simple.

Simple... this reminds of a key phrase that was drilled into me from day one when working on IRM. Simplicity is the key to effective security. Of course in reality implementing enterprise security is never simple, but the goal should always be to achieve the simplest solution possible. Humans are simple creatures, and the more complex a solution, the more the risk.

Anyway, back on topic. One difference being discussed is between the definition of information classification, e.g. what is the definition of top secret, and the mechanisms for applying the classification, "top secret", to data and documents. The crux of the dispute is that relying on manual application of the "top secret" classification doesn't work. The reasons being;

  1. By the time you manually classify something, it's something (or someplace) else.
  2. Labels aren't necessarily accurate.
  3. Labels don't change as the data changes.
  4. Labels don't reflect changing value in different business contexts.
  5. Labels rarely transfer with data as it moves into different formats.

Technologies such as DLP can however provide some clever real time capabilities to identifying important information, yet often the methods of protection are invasive and limiting. For example you might want to copy an important document to your USB flash drive and the DLP technology stops you. This means frustration on the users part and trying to place restrictions on every possible end point can be complex and expensive.
Andy Peet, Oracle IRM product manager

"The next generation of IRM will see truly dynamic classifications; where a document is categorized by its content and not according to a security classification in place when the document was created."

Andy Peet, product manager

I spoke with Andy Peet, Oracle IRM product manager, who had the following to say on this topic.

"I don’t think that there is any disagreement that sensitive data needs to be classified. The problem faced by security products such as DLP and IRM is that it is easiest for these solutions to label a document with information about its classification. However data classification is a dynamic process: a highly restricted document today may become a public document in a few days time (for example quarterly financial results). So if a document is permanently labelled with a fixed classification then it cannot evolve with the data that it contains."

I've seen and dealt with this sort of discussion at most of our customers. Oracle IRM provides the ability to create classifications, define roles within them (e.g. can someone edit and print a document?), assign those roles to users and then apply the classification to a document. But customers often ask;

  • What if someone doesn't apply the classification at all in the first place, we have no security!
  • What if someone applies the wrong classification (secures a top secret document to the public classification), this is even worse than no security, the technology is now actively allowing the document to be accessed by the wrong people.
  • What happens if my document changes classification? Or if someone joins the company after the point where the content was secured, how do I enable access?


Here is how with Oracle IRM we have often addressed these issues. IRM doesn't solve all the problems, but it does provide a simple and powerful mechanism for addressing a high percentage. Remember, good security is defense in depth. IRM and DLP combined also creates a compelling set of solutions and we are working with the leading DLP companies to have integrations between the technologies.


What if someone doesn't apply the classification at all in the first place, we have no security!

A very common question. IRM doesn't enforce the creation of sealed content for all documents, users have to actively make the decision to classify and then secure the document... or do they? We've been developing IRM for over 10 years and therefore we've had plenty of time to create solutions for this problem. The best way to address this concern is to remove the choice from the end user, simply apply the classification in a way that makes sense from the start. How?



Using sealed Office templates

With Oracle IRM you can seal Word, Excel and PowerPoint templates. Users then use existing work flows for creating documents from templates and therefore the classification choice is removed, it is instead predefined. From the first instance of the document, it is always sealed and protected. But what if the document already exists? Or if the user didn't choose to start from a template?



Protecting the content storage location

We've done many integrations with the location where content gets stored. We have an integration with our own Oracle content server which allows documents to be automatically classified and sealed upon checkin, and we've had customers do integrations with Documentum and Microsoft SharePoint. Again here the user is unaware of making the classification decision, the system automates the protection. We also have a tool called "Hot Folders" which allows for content to be secured when it is stored on a file system, either locally or a network file share. But what if a user stores the content in a location that doesn't have an IRM agent actively classifying and protecting the content?



Integrating with DLP technologies

Another line of defense is to leverage the powerful content scanning and identification functionality offered from DLP. If the user attempts to store that sensitive financial report onto their local USB flash drive, instead of preventing them from performing the copy, simply have DLP call to IRM to encrypt it. The user gets to move the content, securely, because IRM secures access to the content no matter where it resides, and they are still unaware that a decision to classify the content has been made.


In summary IRM, integrated with the storage locations and DLP, provides a much richer solution to classifying and securing content.


What if someone applies the wrong classification (secures a top secret document to the public classification), this is even worse than no security, the technology is now actively allowing the document to be accessed by the wrong people.

This is a tough one. Any technology that provides the user with a choice to secure a document is prone to poor decision making. Consider a network file share, one called "financial reports" which contains sensitive financial documents and has a very limited access control list and one called "financial documents" which has public documents for redistribution and access by a wide number of users. It doesn't take much for a user to drop a document into the wrong location. The same is true with IRM, someone could choose the wrong classification and allow the wrong set of users to potentially have access. Remember IRM is part of a total security solution, so just applying the wrong classification doesn't mean unauthorised users get access, only that they have the potential, they must first get their hands on the document. But this can happen...



Real time auditing with Oracle IRM

IRM may not be able to stop mis-classification, but it can provide audit reporting of both the securing of content and access. IRM audit logs contain information about the file, who is accessing/securing it, from what IP address (both local and firewall) plus other data. This can be combined with other technologies such as DLP, Governance, Risk, and Compliance (GRC) tools and Business Activity Monitoring (BAM).


Obviously there is still risk involved, but at least with IRM you now have the ability to view every single access to your sensitive information. Again, DLP here plays a good role in being able to identify information that isn't just unclassified, but has been misclassified.


What happens if my document changes classification? Or if someone joins the company after the point where the content was secured, how do I enable access?

This is a question at the heart of the dispute. Information changes and therefore so does its classification. Consider the following;

  • You have open an email and enter in employee details such as address and social security number.
  • You are working on a spreadsheet about a 35nm technology and enter in details about a 22nm technology you are working on.
  • You edit a financial document and remove information pertaining to quarterly financial results.


All three are scenarios mean the classification of the document or email changes. Use case one is a document that requires classification, use case two is a change in classification and the third is actually content being declassified. I have spent a lot of time with customers who deal with export control and foreign national compliance regulations which dictate who should have access to what information, often based on the type of technology. For example the US government may decide that the point at which compliance controls take effect moves from 35nm to 22nm and therefore all documents classified as 35nm change classification from controlled, to non-controlled. The subject matter of the document doesn't change, but the classification has.


Separation of rights from the content.

There are different scenarios which breed different methods for addressing this problem. They typically depend on the model used for classification, but fall into two main areas. One where the classification applied reflects the documents content, i.e. in the above example the classification would be "35nm technology" and the other is where the classification is directly mapped to the document, i.e. "L1 Top Secret technology documents"


Now we come to one of the most important aspects of Oracle IRM. The separation of rights from content. This allows for dynamic changes to be made to rights on the server and this affects all content associated with those rights, in the above example imagine.


  • 1000 documents classified as "35nm technology - chip designs".
  • 1 group on the IRM server called "3E001 Chip designs - top secret"
  • The above group assigned a "Contributor" role which allows the engineers to create, edit, print the document.
  • 500 engineers who are a member of the above group


The 3E001 is an example of an ECCN number. Lets say that this set of documents is no longer covered by this control and therefore all the 1000 documents are reclassified. With Oracle IRM this is easily handled by reassigning another group, lets say "Declassified information - top secret". Which contains a wider variety of users within the company that can now access this information BUT it still remains classified as top secret to the organization. Because this change is made on the server, the next time someone tries to access a secured document, then the new rights are issued and it all happens dynamically!

Making this even simpler to manage is the fact you can tie in these rights assignments with identity management technologies such as role management and identity managers.


Oracle IRM allows the resealing, or reclassification of content.

Another example, depending on the classification model, is the ability to reclassify the documents themselves. Lets say that in the above example we had a document classified as "35nm technology - chip designs" and the document actually had some new content insert which contained details on a 22nm technology. This document now needs to be reclassified. Oracle IRM allows you to re-encrypt the document from "35nm technology - chip designs" to "22nm technology - chip designs". This can either be done by the end user or en mass automatically. It could be a change on meta data in the content repository and all documents get reclassified automatically.



Oracle IRM 11g brings even more dynamic possibilities

Now there are still some limitations here, documents still have some sort of descriptive classification that needs to be managed and is relatively static. The next release of Oracle IRM makes another big leap in this area, i'll let the words of Andy Peet explain.


"The next generation of IRM will see truly dynamic classifications; where a document is categorized by its content and not according to a security classification in place when the document was created. This enables the classification to evolve as the content enters different stages of its lifecycle. Take the simple example of document workflow: a set of marketing collateral for an exciting new campaign is being collaborated on (highly restricted), then the collateral is sent off for wider internal review (company confidential), after review the collateral is shared with trusted external partners (restricted) and eventually at the launch of the campaign the collateral is revealed to consumers (public). This demonstrates how the same content has its classification dynamically changing; it is exactly these processes that Oracle IRM will be supporting in future releases as the technology evolves to match the business requirements."

So yes, there is a huge challenge in trying to apply a classification model to information. In theory it would be fantastic if it was possible to have security always use dynamic classification but in reality this isn't available yet with current technologies. Oracle IRM is close and by far the leading IRM technology which has a lot of the required capabilities. From its creation it has separated the rights from the information which is crucial to an effective, large scale enterprise rights solution.

We see in the real world that IRM is applied at a high level and in simple scenarios, for instance insuring all sensitive content about a large acquisition is protected or a corporate wide classification as a catch all to sensitive data. Our experience is that simplicity is key and we are often advising customers to make compromises between the complex regulatory controls, complex inter-enterprise security requirements and apply IRM with large scale simple classifications.

Saturday Mar 07, 2009

Data on Presidential helicopter goes astray

The BBC reports that information about the Presidential helicopter has been exposed inappropriately. Apparently an executive working for a defense contractor was running file sharing software, and the file in question wound up on an Iranian computer.

The information was low-grade - no real harm done - but the story illustrates how easily information gets out and about. It also illustrates how third parties, such as contractors, can lose your information even if you do not, and how some technology focuses on leak detection rather than prevention.

My initial reaction was to think about how an enterprise would typically lock down all the network ports/protocols that would allow for file sharing such as this to occur. But this is no good when laptops are taken home or documents are stored on USB devices and worked on using home computers.

The BBC says that "Keith Tagliaferri, director of operations at Tiversa, said the employee who inadvertently disclosed the information was a high-level executive - and the breach had taken place outside the company's offices."

Traditional network security tools such as firewalls simply do not protect against these types of problems. Even DLP technologies can only be effective at the points where DLP agents are deployed. It is impossible to protect every channel and its why IRM is a good compliment to these existing techniques.

Protecting the most valuable content is most effectively done when the security controls are around the content itself, no matter where it resides nor where it is transmitted to.

Tuesday Feb 24, 2009

Laid off workers stealing company data


More news articles published this week are raising awareness of risks involved with sensitive information leaving your organization when employees are laid off. Another research study from the Ponemon Institute, in conjunction with Symantec, surveyed 945 adults in the United States who were laid-off, fired or changed jobs in the last 12 months. It found 59% of employees who leave or are asked to leave are stealing company data, such as contact lists, employee records, financial reports, confidential business documents and software tools

Kevin Rowney from Symantec told the BBC that, "The intellectual property of a company can represent the crown jewels and are almost worth more than the building. This is the core asset of a company and any breach or loss can be very expensive... The industry has concentrated on the protection of the containers where the data is stored like firewalls, access, controls and end point security systems... The end result is that most security teams are protecting the containers not the data itself. And that is a core flaw in the security methodology of many practitioners today,"

Symantec sponsorship obviously highlights their DLP solutions which allows for the detection and control of information as it flows across devices such as firewalls and network files servers onto desktop and laptop computers, and ultimately onto removable USB devices.

Without question i'm going to state that IRM is a perfect compliment to DLP to provide a robust solution to protecting, controlling and reporting on the use of sensitive content. DLP has its limitations and IRM fills those holes, combine this with the total set of security technologies from Oracle and a smart company could ensure the recent increase in risk can be reduced and controlled for a fraction of the cost from the repercussions of loosing all this data.

Another comment I found interesting was, "It is not enough that I will be laid off, that I will have to sell my home and possessions at a loss - I am now considered a 'thief' for'stealing' (ie taking work home with me) intellectual property. Why is the worker blamed for everything that goes wrong with a company?"

Oracle IRM has positive solutions for both problems. It first provides an organization with the ability to have absolute control over documents, not only by limiting who can print (and therefore steal paper copies) but also by removing access to content when an employee no longer works for the organization.

Secondly it can actually help the employee... Oracle IRM allows for a balance of usability and security that allows people to use sensitive content on the move and from home locations. Leaving a company and knowing they are responsible for removing your access rights, frees the ex-employee from all responsibility. If the organization is able to revoke all rights to content, then the end user no longer feels under the spot light when they leave.


Oracle IRM protects and tracks your sensitive information no matter where it goes. It combines business friendly encryption with role based usage rights and auditing.

11g quick guide


« June 2016