Monday Oct 18, 2010

Document security in the real world, experience from the field

BrandonCrossLogo.png
I've invited Justin Cross from Brandon Cross Technologies to share some of the experience gained in the industry when implementing IRM solutions. So over to you Justin...

I began working with IRM at SealedMedia and I have seen it grow and mature through the refinement which only comes from many, many real world deployments, where we need to apply thoughtful consideration to the protection of real business information, against real security risks; while keeping real business users happy and assured that the technology wont get in the way.

I decided take on the challenge of forming my own company, Brandon Cross Technologies, just as SealedMedia were being acquired by Oracle. As Brandon Cross Technologies I've had the good fortune of working with a number of vendors, including Oracle, to provide the consultancy to successfully deploy software which requires an understanding of how software really gets used in practice, by real people, as well the technical know-how.

We have recently been working with some of the largest oil & gas and telecom companies, among others, to deploy their IRM solutions to address their concerns regarding the dramatic increase in data security threats.

 

Secure from the inside


Despite the best efforts of virus checkers and firewalls, platform vulnerabilities and malware provide lots of scope for bad guys to punch holes in your defences, disrupt your systems, and steal your data. If you ensure your own business users can only access and use information they legitimately require, while retaining the ability to revoke that access, then any external threat will be no more able to extract information from your organisation than your own people. Information Rights Management therefore enables us to limit the threat from perimeter security breaches, as well as potential misuse of information by legitimate business users.

 

 

User buy-in


As with other security solutions, successful IRM deployments must be simple to use and work without impeding existing business processes. Any solution which slows or limits a business user's ability to do their daily work will be unpopular, but more importantly the user may actually end up putting business information at greater risk by avoiding such systems. In the case of IRM, users may create, request, distribute or keep unprotected files, or use an IRM Context or document classification intended for less sensitive information to avoid the more stringent controls intended by the business.

 

Of course once information is IRM protected it is under the full control of the appropriate information owner; but it does need to be sealed / protected in the first place. Protecting information using IRM needs to be a continual, business-as-usual process. While IRM provides simple tools to protect information, manual protection does involve the user making the decision to protect information as it is created, and being in the habit of doing so. This can be addressed through creation of clear guidelines, policy requirements and training.

 

Integrated solutions


Protecting information using IRM should be performed at the earliest point in the information life cycle. One way to ensure information is appropriately secured using IRM is to automate the protection / sealing process. Oracle IRM has open programmatic interfaces which allow information to be sealed and for rights to be programmatically managed. This allows IRM protection to be integrated with other content management, workflow and security products.

 

For example Oracle IRM can be integrated with SharePoint, ensuring that any documents which are added into a SharePoint site are automatically IRM protected as they are uploaded. Information is then protected in storage, protecting against privileged users with server access, while still allowing documents to be found by keyword search using Oracle's unique search capabilities. Automated protection can therefore allow users to collaborate in the normal way without having to make the conscious decision to protect it first, or even needing to be aware that such a step is necessary. In this way, taking the manual protection step away from users, the level of usage and consistency with which IRM protection is applied can be substantially improved.

Another policy enforcement technology which can be used in conjunction with IRM is DLP (Data Loss Prevention). There are a variety of vendors which provide DLP solutions and, as with IRM, these solutions work in a variety of ways with different features and capabilities. What they do have in common is the ability to monitor the movement of data within your organisations network, with many also having the ability to control that movement. Some will purely monitor network communications using dedicated network appliances; others monitor file system, device and inter-process communications at the desktop. These capabilities can be used to make sure data does not leave your systems and networks without the necessary IRM protection being applied.

 

Brandon Cross Technologies


Brandon Cross Technologies is based in the UK, but has delivered projects internationally. It believes it is possible to take the pain and uncertainty out of deploying client-server and web based technologies, simply through listening to customers and sharing experience and expertise.

 

http://www.brandoncross.co.uk/
http://www.irmprotection.co.uk/

Thursday Oct 14, 2010

New Release of Oracle IRM Wrapper version 1.5.0

The wrapper tool has been updated again - this time to provide an installer script for Linux systems, and to improve compatibility between the IRM Desktop and the wrapper when installed on the same machine.

For further info, see the 1.4.0 announcement.

If you download and experiment with this tool, drop us a line to let us know how you get on.

Tuesday Oct 12, 2010

Quick guide to Oracle IRM 11g: Sample use cases

Quick guide to Oracle IRM 11g index

Oracle-IRM-Quick-Guide-Logo-Regular.gif
If you've been following this guide step by step, you'll now have a fully functional IRM service and a good understanding of how to start creating some contexts to match your business needs to secure content. The classification design article in the guide goes over some essential advice in creating your classification model in IRM and what follows is additional information in the form of common use cases that I see a lot in our customers. For each I'll walk through the important decisions made and resulting context design to help you understand how IRM is used in the real world.

Contents

Work in progress

Let's look at the use case of a financial reporting process where highly sensitive documents are created by a small group of executives. These work in progress (WIP) documents may change content quickly during review and therefore it is important that the wrong and inaccurate versions of the documents do not end up outside the working group. Once a document is ready for wider review it is then secured against another context with a much wider readership. All the unapproved documents are still secured against a context available only to the initial working group. Finally the document is approved to be published and becomes public knowledge. At which time the document may change format, e.g. from a sealed Word document to an unprotected PDF which has no IRM protection at all. This is a nice example of how IRM can protect content through its life.

Financial Reports - Work In Progress (Standard template)
Role Assigned Users & Groups
Contributor Finance Executives
Reviewer Company Board
Reader - No Print bill.smith@abc-attorneys.com
Financial Reports - Review (Standard template)
Contributor david.lee (VP of Finance)
alex.johnson (CFO)
Reviewer Legal Executives
Finance Executives
Company Board
bill.smith@abc-attorneys.com
Financial Reports - Published (Export template)
Contributor with export alex.johnson (CFO)

The first context secures work in progress content. Participants are identified as those who are involved in the creation and review of the information and are given contributor and reviewer roles respectively. Note that in this use case there is an attorney privy to the information who is external to the company. However due to the sensitive nature of the material, this external person has been given very restrictive rights, essentially they can only open the content, no printing, editing etc. The offline period for this role may be a matter of hours, allowing the revocation of access to the documents in a very timely manner.

After several iterations of the report have been created, it needs to be reviewed by a wider audience of executives. At this point David Lee (VP of finance) or Alex Johnson (CFO) have the authority to reseal the latest revision to the review context. Therefore there is a trust relationship between the WIP context and the Review context to allow this information to be reclassified. David and Alex are the only authorized users to be able to perform this task and therefore provide a control point for the reclassification of information. Note also that the external attorney now has the ability to review this reclassified document. The Reviewer role allows them to edit, print and use the clipboard within the bounds of the document. Their access to the previous, more sensitive versions remains unchanged.

One aspect of the reviewer role is that in Word change tracking is enforced. This means that every change made in the entire review process is tracked. Up until this enforcement with Oracle IRM, change tracking in Word was only useful if you trusted the end user to not switch it off. IRM brings security to this simple functionality and makes it a powerful tool for document review. Imagine if this was a contract negotiation process, you can be assured that every change to the contract has been recorded.

Finally, the last stage of the life cycle for this financial document is the approval of the report to be released to the investors, employees and the public at large. There is one more context which only the CFO has access to. This context allows for the export of the unprotected document so that it resides outside the realm of IRM security. Such a powerful role is only given to a highly trusted executive, in this example the VP. Again, IRM still protects all the previous versions of content that contain information not appropriate for public consumption.

All the steps in this use case are easy and familiar for the users. All they are doing is opening, editing and working with Word and Excel documents, activity they are used to performing. They may find a slight inconvenience if they are prevented from printing or cut and pasting content into a non-secure location, but overall they require little to no training on how to use IRM content.

Using IRM with a classification model

There are customers with a very mature security strategy which includes a clearly defined and communicated classification policy implemented with procedures and technology to enforce controls and provide monitoring. When IRM is added to the mix of security technologies it is common for the customer to ask how to implement their existing security classification system within IRM. When we deployed IRM at Oracle this was the first point of reference when trying to determine the correct convention for the creation of IRM contexts.

Before we go into the detail of this, it is worth noting that in this use case we are manually recreating elements of an existing security policy inside IRM. There may well be a situation where another product contains all this logic and replicating the information inside IRM would be redundant and costly. For example the Oracle Beehive 2.0 platform is integrated with IRM and as such IRM doesn't use the built in context model but simply leverages the existing security model inside Beehive. So it is possible for Oracle IRM to externalize the entire classification system. This however requires consulting effort which may or may not be appropriate for the return in automation.

But back on topic, let's look at what a security classification model looks like. A common standard that people work to is the ISO 17799 guidelines which was the result of a group of organizations documenting their best practice for security classification. Below is an example of the sort of classification system ISO 17799 recommends.

Level Class Description
1 Top Secret Highly sensitive information about strategies, plans, designs, mergers & acquisitions
2 Highly Confidential Serious impact if shared internally or made public
3 Proprietary Procedures, project plans, specifications and designs for use by authorized personnel
4 Controlled For controlled use within the extended enterprise, but not approved for public circulation
5 Public Information in the public domain

There is an increase in sensitivity of information as you move from bottom to the top of this table. Inversely, the amount of information that is classified decreases as you increase the level of classification. This is important because as you wish to create a model for protecting top secret information, you need to have more control over who can open the documents and who has the power to assign new rights to people. This increases the administration of the solution because someone has to make these decisions. Luckily IRM places this control in the hands of the business users, so those managing top secret contexts are the people who are working with the top secret information. A good example is in Oracle we have a single classification across the entire company for controlled information. Everyone in Oracle has access to this and the provisioning of rights is automatic. However when IRM is used to protect mergers and acquisitions (M&A) documents in Oracle, very top secret information, a small group of users have access and only one or two people can administrate the context. These people however are the ones directly involved in the M&A activity.

Public

Looking at each of these we can determine how IRM might apply. For publicly classified content the response is immediate and quite obvious. You don't use IRM because the information has low to zero risk from a security perspective and therefore requires no controls. However there have been times where documents may be sealed to a public context simply to provide usage statistics.

Controlled

For controlled content there may be strong reasons to leverage IRM security. However the sensitivity of the information is such that the risks are relatively low. Therefore consider a single company, or at least department wide context. This is born from our best practice which leans towards a simple, wide context model which balances risk versus the usability and manageability of the technology. Essentially controlled information needs some level of security, but it isn't important enough to warrant a fine grained approach with a high cost of maintenance. Usually every professional member of staff is a contributor to the context which allows them to create new content, edit, print etc. This at a minimum provides security of content if it is accidentally lost, emailed to the wrong person outside the company and provides a clear indication that the information has some value and should be treated with due care and attention. Yes allowing everyone the ability to cut and paste information outside the IRM document exists, but disallowing this to a low level of classification may impact business productivity. If control of the information is that necessary, then it should result in a higher classification.

Business partners are given appropriate roles which allow them to open, print and interact with the content but not have the authority to create controlled information or copy and paste to other documents. For the rare exceptions where you wish to give access to un-trusted users you can create guest roles which are assigned as part of a work flow requesting for exceptions to the rule.

Proprietary

As we move up through the classification policy we find an increase in the need for security from finer grained control. Proprietary information carries with it a greater risk if exposed outside the company. Therefore the balance of risk and usability requires a finer granularity of access than a single context. So now you have to decide at what level of granularity these contexts are created and this varies. There are however some good common rules. Avoid a general "proprietary" context, this would undermine the value of the classification. Follow a similar pattern to the work-in-progress use case defined above. Be careful to not be too generous about assigning the contributor role, restricting this group guarantee's document authenticity. Remember with IRM you can add/change access rights at any time in the future, so here is a chance to start out with a limited list and grow as the business requires.

Highly Confidential

As we get closer to your organizations most important information, we start to see an increase in the amount of contexts you need to provide adequate security. Highly confidential information requires a high level of security and as such the risk versus usability trade off favors a more granular approach. Here you are identifying explicit business owners of classifications instead of groups of users or using an automated system for unchecked provisioning of access. Training increases a little here as well because as you hand these classifications into the business, they need to know how to administrate the classification and understand the impact of their assignments of rights. The contexts also become very specific in their naming because instead of relating to wide groups of data, they now apply to very specific, high risk information. The right level of granularity and administration is hard to predict, therefore always start with a few contexts initially and pilot with a small number of business units with well defined use cases. You will learn as you go the right approach and more contexts will emerge over time.

Top Secret

Last but most definitely not least, the Top Secret contexts. Sometimes these are the first to be created because they protect the most important documents in the company. These contexts are very controlled and tightly managed. Even the knowledge that these exist can be a security issue and as such the contexts are not visible to the support help desk. The number of top secret contexts is also typically very small due to the nature of the information. A company will only generate a small number of highly sensitive financial documents or a few critical documents which contain the secret sauce of the product your company creates. Top secret contexts also can have a short life span as they sometimes apply to a short lived, top secret project. Mergers and acquisitions is again another good example, these are often very top secret but also short lived. L1 classified contexts quite often contain external users, executives from a target acquisition or attorneys from your legal firm. But the sensitivity of the information means external users are closely monitored by the context managers.

Example context map

Typically to map a classification policy to IRM requires a business consulting project which asks each elements of the business how they use sensitive information, who should be able allowed to open and it and manage the access. At the end of this exercise you end up with a context map. This is a simple table which shows the IRM contexts and their relationship to the classification policy. Here is an example table from when we used the technology in SealedMedia before we were acquired by Oracle.

Top Secret Highly Confidential Proprietary Controlled
L1 L2 L3 L4
Board Communications Executive WIP Executive Company
Intellectual Property   Competitive  
Security Product Management WIP Product Management  
  Professional Services WIP Professional Services  
  Sales WIP Sales  
  Marketing WIP Marketing  
  Finance WIP Finance  
  Engineering WIP Engineering  
    External External

Note the use of the labels L1 through L4 to indicate level of sensitivity. This would be used as part of the actual context name, e.g. "L1 (Top Secret) Intellectual Property". This serves a few purposes, firstly if a user has access to many classifications, they will be listed in order or sensitivity with the most important at the top when users are making decisions about classification of documents. Also it makes it very clear how sensitive each classification is. If I attempt to open a document I do not have rights to, the IRM software redirects me to a web page informing me that I don't have access to "L1 (Top Secret) Security". Immediately I understand that I shouldn't be opening this top secret document because it is classified above my access level. Note that in the above map only ongoing contexts are documented. There may well be a context called "L1 (Top Secret) Smith versus Jones dispute" which would be used to secure the information about a highly confidential law suit. But this classification exists for only a short period of time and therefore is created as and when needed. The context map is designed to document classifications which will exist for ongoing future of the company.

Periodic expiry & version control

The last example in this set of use cases is when IRM can allow for the periodic expiry of access to information which in turn can also be used to implement security related version control. Consider the situation where your company has some very valuable product roadmap documents which detail information on the next release of your products. This information may have valuable insight to the direction of the company and the disclosure of such information to competitors, the press or just the general public may have a significant impact to your business. However road map information changes often and therefore not only do you need to ensure who has access to it, but ensure that authorized users are access the right versions. Another useful aspect of IRM is that you may wish to review who has access to your product road maps on a annual basis and examine if the rights model you've decided on is still appropriate, e.g. do you still want users to be able to print the documents. IRM can satisfy both of these requirements when you appropriately design the classification model. Consider the context below;

Context title 2010 L1 (Top Secret) Product Roadmap
Contributor VP Product Management
Item Readers Trusted users in the company who have been training on how to deliver product roadmap presentations and messaging
Context managers VP of product development and those who approve and verify the training of trusted users

This is a very simple definition of a context but a great demonstration of the powerful capabilities of Oracle IRM. The only person who can create product roadmap documents is the VP. This is because this person is the last point in the review and approval process and as such has the authority to reseal the final product roadmap document from the work in progress context to this published context. The Item Reader role by default gives no access to anything in the context. So as each person completes the product roadmap training, they are given the role Item Reader and at the same time you add the specific documents which they've been trained on. There is of course an administrative overhead here, if you have hundreds of users being trained a month, someone has to be administrating IRM. Using groups at this point does allow for the management to be simplified. You might have a group called "Trained 2010 product roadmap presentation field sales users" and this group has been given the Item Reader role with the document restriction of the current 2010 product roadmap presentation. Then the management of users who can access these documents is done in the user directory, such as managing group membership in Active Directory. A better solution for the management of this rights assignment would be to use a provisioning system such as the Oracle Identity Manager. Here you can centralize the workflow of users being trained and then not only give them access to the IRM context but also automate the provisioning to the location where the documents are stored.

ProductRoadmapItemLock.png

Periodic expiry

Because the context name is prepended with the year it means that in 2011 the owner of this classification needs to review this classification. This review may decide that users with the "Item Reader" role can be trusted to print the content and that the 2 week offline period is too long and should be reduced to 1 week. The use case may also require that for each year users must be trained on the presentation of product roadmap information. So the creation of a new context, "2011 L1 (Top Secret) Product Roadmap" is created with a blank list of Item Readers, ready for new trained users to be given access to the new product roadmap. All Item Readers in the 2010 context are then removed and in one simple action you now ensure that nobody can access the old, out dated 2010 information. Because Oracle IRM separates out all the access rights from the documents themselves, there is nothing else to do. You remove access from the server, and as the offline periods to these documents expire, so does the access. The advantage for this retirement of access to old content, is that in the future if you ever need to be able to access a product roadmap document from 2010, the IRM administrator can simply go back to the old context and give access to a specific person.

Version control

With the Item Reader role you are explicitly defining what documents users have access to. Whilst this might incur an administrative cost in maintaining this list, the value from a security perspective is very fine grained control and high visibility of who can access what. Another benefit of this is because Oracle IRM allows you to change your access rights at any time, you can update this list. So imagine that you have a group of trained users assigned with an Item Reader role that has version 1 of the product roadmap presentation listed. Then after a few months, the roadmap changes, as it often does and a new version 2 is created. After making this new version available somewhere you can now remove the groups access to version 1 and add version 2. What does this mean? Now everyone in that group trying to open version 1 is going to get an access denied message. But, this message is in the form of a web status page which you have full control over. You can now modify that status page to provide the link to the new version 2, which they do have the ability to open.

This is incredibly powerful. Not only is IRM providing the means to ensure only authorized users have access to your most sensitive information, but it is ensuring they can only access the latest versions of that information AND allowing you to easily communicate to them where to GET that latest version from.

These are just a few of the many uses for Oracle IRM, if you would like to discuss your own particular use cases and see how Oracle IRM can help, please contact us.

Tuesday Sep 28, 2010

PwC 2011 Global State of Information Security Survey

PWC-logo.png
PwC has just released the findings of an information security survey by PricewaterhouseCoopers, CIO Magazine and CSO Magazine. The survey contains responses from more than 12,840 CEOs, CFOs, CIOs, CSOs, vice presidents and directors of IT and information security in 135 countries. Quite a wide audience. The report focuses on the business drivers for information security spending and reveals that in general spending on security has flat lined or at least dropped in the past 12 months. Mostly due to lack of funds after a wildly unpredictable economic financial climate. There were some elements of the report I found intriguing given my knowledge of IRM and the problems it solves.

 

While the impacts of the downturn linger, risks associated with weaker partners have increased


So whilst organizations are not spending money on security, they do recognize that the risks of sharing information externally with partners is increasing because... their partners are also not investing in adequate security. It is a very obvious point to make, everyone is not adequately investing in security and yet there is a growing trend to outsourcing where more and more of your information is shared beyond your existing security perimeter. There is now much higher risk when relying more on external partners for your business to be effective but its a necessary evil. What if that partner is your cloud storage provider and you are about to undertake a migration of your content into their platform? Will it be secure?

 

 

Visibility of security breaches/incidents is increasing, as are the costs


The report also finds a healthy increase in the knowledge of security incidents. I would guess this is primarily an impact of regulatory requirements forcing the issue. More and more companies have to report data loss incidents and therefore they are deploying technologies and processes to become more visible of the events.

 

PWC-2010-SecurityIncidients12Months.png

Yet growing in the other direction is the cost awareness of data loss. In three years this number has doubled. So it's a simple summary. People know a lot more about the loss/breach of important information and it is costing them more. The graph below shows the significant increase in both the area of financial loss to the business as well as the loss of critical intellectual property. These results tally with the issues we've seen in the news over the past year. GM losing masses of hybrid research, Ford also losing lots of intellectual property. The health care industry is also reporting data loss incidents at an alarming rate.

PWC-2010-ImpactsToOrganization.png

Another main areas this risk is coming from is, and i'll quote the report "traced to employees and former employees, in line with the higher risks to security associated with salary freezes, job instability, layoffs and terminations and other HR challenges that rise during economic stress." The technology that is presenting the greatest risk is the social network. The channels of communication into and out of your business environment are increasing dramatically. No longer is it appropriate to monitor just email and the firewall. But you have to worry about USB devices, web based storage, social networks... and a lot of this activity happens outside the office whilst people are at home, in a hotel or on the move with their cell phones.

 

How does IRM help?


So where does a document security solution like IRM play into this? First let me summarize up what I think all the research is telling us...

 

Companies are more aware of security incidents and the threat is moving to the partners who are not spending enough to secure your information. The costs of losing information are increasing from both the impact to the business and the technology you need to buy to defend against the loss in the first place. More and more ways to lose information are now invading the enterprise and often they are beyond your control.

So consider the following advantages of a document security solution like Oracle IRM.

  • IRM moves your perimeter of security to the information itself. Instead of buying and deploying DLP, hard disk encryption, encrypted USB devices, simply deploy IRM and no matter where your sensitive documents and emails end up, they are only accessible by authorized persons and encrypted no matter where they are stored.
  • IRM can allow users to open, edit and review documents but prevent them from copying information from the document into an untrusted environment... Facebook, LinkedIn, unprotected Word and Excel documents. Of course it may not take much for a user to retype the information but one of the biggest issues around security is that of awareness. If a user can't easily copy information from a document, they know the information must be confidential.
  • Every single time an IRM protected document is created, opened, printed or saved, it is audited. This dramatically increases the visibility of who is doing what with your information. Also when end users know that by opening IRM documents they are leaving a trail of access, it decreases the likelihood they are going to misuse that information.
  • IRM is easy to deploy. The biggest advantage of IRM by far is that once a document has been secured, you have total control over who can open it. So the simplest deployment where you create one single classification for your entire business and secure all your confidential documents to it for use only by internal employees is quick and easy to do. Right now most organizations have millions, nay billions of documents floating around on partner file shares, employee laptops and the internet. IRM in one simple deployment brings a massive amount of value.
  • IRM does not suddenly impact your business effectiveness. Core to its design is a usable and scalable rights and classification model that puts the decision making on user access into the business. Enormous effect has been invested in making the use of Oracle IRM protected documents simple and easy for authorized users.

 

Have a look at some of the videos on our YouTube channel, or get in touch if you'd like to know more about how this solution works.

Monday Sep 27, 2010

New release of Oracle IRM Wrapper version 1.4.0

Yet another release of a highly useful tool in the Oracle IRM kit bag. The Oracle IRM Wrapper is a Java based client which demonstrates some of the powerful ways in which you can create extensions of the Oracle IRM technology to extend the protection of files beyond the out of the box features. The IRM Wrapper uses the IRM API to allow for the encryption of any file, similar in nature to functionality as PGP, however with the difference that the rights control of decrypting files is the same powerful classification system that is used across the usual gambit of IRM files.

In this release support for existing sealed extensions has been added. This is a significant feature because it means that files wrapped by Oracle IRM Wrapper can be opened by the Oracle IRM desktop, and files sealed by the Oracle IRM desktop can be unwrapped by Oracle IRM Wrapper. In a mixed community of end users, where most have the Oracle IRM desktop installed but some do not (they may be on MacOS or Linux), no users need be excluded from workflows - they can all use the same sealed files! It is only necessary to add the Wrapper users to a special group assigned a role with unrestricted export rights.

Download this latest version from here.

 


  • NEW! Support for sealed extensions, e.g. .sdoc, .spdf
  • Installation scripts for easy installation on Windows and MacOS X
  • Written in 100% pure Java so runs on any Java-compatible operating system
  • Internationalized and localized into English, Japanese and (bad) schoolboy French
  • Right-click wrapping and unwrapping
  • Easily configure per-context drag-n-drop wrapping icons on your desktop
  • Automatically checks that you have the rights to wrap and unwrap files
  • Automatically select a default context
  • More robust configuration handling (ignores leading or trailing whitespace)

 

And a few screen shots of the tool running in Windows and Linux.

IRM_Wrapper_On_Linux.png

IRM_Wrapper_On_Windows.png

Friday Aug 20, 2010

Understanding the value of persistent document security with IRM and DLP

Bodyguard.png
Great progress is being made here at integrating many DLP vendors with our information rights management (IRM) document security solution. Keep an eye out over the coming months for some sneak previews into this work. Our integration with Symantec DLP is also in the pipe for a vast increase in functionality as part of an integration with Oracle IRM 11g.

DLP and IRM together make a lot of sense. DLP is an excellent technology for watching systems and network perimeters to recognize content as sensitive so it can monitor/warn/block activities. For example, if you try to email a sensitive doc out of the business, DLP might block the email due to policy.

But DLP is an internal solution. No third party is going to let you monitor their networks and systems to protect anything that you send out, or that the third party is doing on your behalf. Especially with many looking to the cloud to store and manage content, does the cloud integration with your DLP? Does the cloud provide the same level of security and integrate with your existing internal security technologies and policies? So, many DLP implementations involve monitoring the perimeter of your network trying to prevent things leaving - or monitor your USB ports trying to prevent you from copying information to USB memory. Your USB port is an example of many different "perimeters" that DLP needs to monitor if it can.

IRM on the other hand protects information more directly. You seal a document and it is encrypted. You can send sealed documents to external parties - or allow third parties to create sealed content because they are working for you - but policy and audit still apply. The solution can be used in third party networks because the IRM solution only monitors/controls sealed documents - it does not monitor the third party's networks or systems or intervene in third party processes that have nothing to do with you.

Recent interest from both customers as well as partners and vendors has sparked a lot of discussion within the walls of Oracle and one of our expert IRM consultants came up with a great way to explain the abilities of these two technologies and how they work well together. I thought i'd share his analogy here;

 


  • DLP is like a police force. It watches as many things as it can for breaches of policy and intervenes in some way when it can. It needs to monitor all the channels that you identify as a potential risk, and its effectiveness stops at your border. You need constant adjustment to be confident that you are catching everything you should catch, and the trick is defining a comprehensive set of policies without making everyone feel that they are living in a police state. In practice, this might mean that you define very simple policies and warn rather than block. Once a document has left your borders, you have no further control and no means of revoking access.


  • IRM is more like a bodyguard. It goes wherever the sensitive assets go - even if they go beyond your border - but it takes no interest in anything that is not sealed. It applies policy consistently even if policy changes over time - so you can revoke access to external copies long after sending them. However, it only protects the assets it is assigned to protect, so the trick is using business process or automation to ensure that all sensitive assets are sealed. The automation could be managed by DLP.

 

Tuesday Jun 08, 2010

New Oracle Information Rights Management release (11.1.1.3)

IRM-OTN.jpg
Just released is the latest version of the market leading document security technology from Oracle. Oracle IRM 11g is the result of over 12 years of development and innovation to allow customers to provide persistent security to their most confidential documents and emails. This latest release continues our refinement of the technology and features the following;


  • Continued improvements to the web based Oracle IRM Management Website
  • New features in the out of the box classification model
  • New Java APIs improving application integration support
  • Support for DB2 as the IRM database.

 

Over the coming months we will see more releases from this technology as we improve format support, platform support and continue the strategy to for Oracle IRM as the most secure, scalable and usable document security solution in the market.

Want to learn more about Oracle IRM? View our video presentation and demonstration or try using it for your self via our simple online self service demo. Keep up to date on Oracle via this blog or on our Twitter, YouTube and Facebook pages.

Monday May 03, 2010

Oracle Database Security Protecting the Oracle IRM Schema

Acquiring the Information Rights Management technology in 2006 was part of Oracle's strategic security vision and IRM complements nicely the overall Oracle security set of solutions. A year ago I spoke about how Oracle has solutions that can help companies protect information throughout its entire life cycle. With our acquisition of Sun this set of solutions has solidified and has even extended down to the operating system and hardware level. Oracle can now offer customers technology that protects their data from the disk, through the database to documents on the desktop!

With the recent release of Oracle IRM 11g I was tasked to configure demonstration and evaluation environments and I thought it would make a nice story to leverage some of the security features in the latest release of the Oracle Database. After building these environments I thought I would put together a simple video demonstrating how both Database Advanced Security and Information Rights Management combined can provide a very secure platform for protecting your information. Have a look at the following which highlights these database security options.

  • Oracle Advanced Security Network Encryption protecting the communication from the Oracle IRM server to the Database server. Encryption techniques provide confidentiality and integrity of the data passing to and from the IRM service on the back end.
  • Transparent Data Encryption protecting the Oracle IRM database schema. Encryption is used to provide confidentiality of the IRM data whilst it resides at rest in the database table space.
  • Database Vault is used to ensure only the Oracle IRM service has access to query and update the information that resides in the database. This is an excellent method of ensuring that database administrators cannot look at or make changes to the Oracle IRM database whilst retaining their ability to administrate the database. The last thing you want after deploying an IRM solution is for a curious or unhappy DBA to run a query that grants them rights to your company financial data or documents pertaining to a merger or acquisition.

 

 

Tuesday Apr 20, 2010

Content Encryption Options in Oracle IRM 11g


Another of the innovations in Oracle IRM 11g is a wider choice of encryption algorithms for protecting content. The choice is now as illustrated below.

11g-crypto-choices.png

As you see, three of the choices are marked as FIPS options, where FIPS refers to the Federal Information Processing Standard Publication 140-2, a U.S. government security standard for accreditation of cryptographic modules.

Wednesday Jan 06, 2010

Solving the data loss prevention (DLP) puzzle and using IRM for encryption

InfoWorldLogo.gif
An interesting strategy guide was published recently from InfoWorld. Titled "Strategies for endpoint security", it addresses concerns and challenges businesses have regarding the protection of endpoints, namely laptops and desktop computers.

One section of the guide which caught my eye was "Five technologies that will help solve the DLP puzzle." The article discusses the following areas where "before embarking on a data loss prevention program, enterprises must first determine the essential technical ingredients.".

The first subject tackled is that of classifying information in the first place. DLPs most valuable functionality is the ability to monitor many points in the enterprise and detect the storage or movement of documents, emails and websites that contain sensitive or classified data. However one problem with DLP is how do you configure it to reflect a well designed and understood information classification policy? William Pfeifer states that "You cannot protect everything, Therefore methodology, technology, policy and training is involved in this stage to isolate the asset (or assets) that one is protecting and then making that asset the focus of the protection." Nick Selby, former research director for enterprise security at The 451 Group and CEO/co-founder of Cambridge Infosec Associates, then goes onto say the key is to develop a data classification system that has a fighting chance of working. To that end, lumping data into too few or too many buckets is a recipe for failure. "The magic number tends to be three or four buckets--public, internal use only, classified, and so on," he says.

So the recommendation is that DLP should be configured with a simple and easy to understand set of classifications. Keeping things simple in the complex world of security dramatically reduces chance of human error and increases usability. Oracle IRM is a technology that has had this message designed within its core from day one, it has a very powerful and yet simple to configure and deploy classification system. This is what makes the union of IRM and DLP such a compelling story when it comes to a comprehensive data loss prevention solution that can actually be deployed and used at an enterprise scale.

The second subject approached in the article is encryption. It's worth repeating the full statement here...

"This is a tricky one [encryption], as some security pros will tell you encryption does not equal DLP. And that's true to a point. As former Gartner analyst and Securosis founder Rich Mogull puts it, encryption is often sold as a DLP product, but it doesn't do the entire job by itself. Those polled don't disagree with that statement. But they do believe encryption is a necessary part of DLP. "The only thing [encryption doesn't cover] is taking screen shots and printing them out or smuggling them out on a thumb drive. Not sure I have a solution to that one."

No worries Rich, Oracle and Symantec have exactly the solution you are looking for. DLP detects that a document or email contains sensitive information and IRM encrypts and secures it. IRM not only encrypts the content, but it can limit the ability to take screenshots, stop printing, manage who can edit the content, who can see formulae in Excel spreadsheets, even allow for users to search across hard disks and content systems for information inside encrypted documents to which they have legitimate access...

The article continues, "Stiennon says that while all encryption vendors are not DLP vendors, applying encryption is a critical component to DLP. "It could be as simple as enforcing a policy," he says. "When you see spreadsheets as attachments, encrypt them."

Or more specifically, when you see any sensitive document or email, seal them with Oracle IRM! For more information on how IRM and DLP technologies can work together, have a read of this.

Saturday Nov 14, 2009

Encrypted Document Ownership: Whose File is it Anyway?

A frequently asked question is: "What happens when the person who encrypted a number of files leaves the organization?". The concern behind the question is that an organization might find itself locked out of its own information assets, with critical business processes being held up while administrators figure out how to regain control so that policy can be amended as required.

A related question is: "What happens when an author changes role?". Most IRM solutions reserve special privileges for the original authors of documents, such that they may retain access after moving away from a particular project or role, creating security and compliance issues. They may also continue to be called upon to modify policy for those documents long after they have moved out of the relevant position.

With most solutions, the reponse is not to worry because a superuser can always identify all of the documents owned by the outgoing user and transfer their ownership to someone else. Unfortunately, this means that IT override of access rights is a matter of routine, as staff turnover is an ongoing process. It also means that the new owner suddenly becomes responsible for, potentially, a large number of documents protected in a variety of ways by someone who can no longer be referred to for clarification.

With Oracle IRM, the answer is much cleaner. In standard deployments, the solution places no particular significance on who authored a document - documents belong to their classifications rather than to the individuals or applications that created them. If an author leaves the organization or the project, their documents continue to be protected according to classification policy. The author himself may well lose access rights because his account has been deleted, or because his rights have been updated to reflect a change of responsibilities within the organization. a_man_throwing_papers.jpg
The focus shifts, therefore, to the classification or context managers. What happens when they move on? In most cases, the role of classification manager is shared by a small number of business users, so the depature of one has no impact. If not, the departing user simply transfers their responsibility to an appropriate successor. This is a simple task that does not involve IT intervention and does not involve revisiting each of the individual documents.

And what of the admin burden for the incoming classification manager - suddenly responsible for managing rights to, potentially, thousands of documents? Well, one of the key benefits of the classification model is that the new manager can think in terms of policy for one classification rather than for thousands of distinct documents.

So, Oracle IRM does not suffer the administrative overhead that staff turnover creates for rival solutions. The overall policy set is small, it is managed by a small subset of users, and the responsibility is easily transferrable without IT intervention. There is no need for IT to be granted rights to override policies defined by the business.

About

Oracle IRM protects and tracks your sensitive information no matter where it goes. It combines business friendly encryption with role based usage rights and auditing.

11g quick guide

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today