Thursday Feb 19, 2009

Email circular exposes sensitive board minutes

Having just read Simon's comments on securing email, I can't resist mentioning a recent report in the UK press about a company that accidentally exposed its board's thinking on how to cope with the current economic downturn.

According to the Daily Telegraph, an up-market estate agency accidentally included its board minutes in an internal email. Employees got to read about cost cutting proposals and a "final solution" that might be called for if things get really bad in the housing market. Attempts to recall the email were doomed, as some employees had already forwarded it beyond the company network.

Using Oracle IRM to secure your sensitive emails

Email is a very useful technology. It allows for people to easily and quickly communicate with vast numbers of people over great distances within minutes. However there is a downside to the ease of use, sensitive information can be broadcast with little effort and sometimes by mistake. How often have you been writing an email, filling in the "To" list and have allowed the email client to search through your history of previous emails and suggest the right recipient? Only to find that just after you've sent the email, you realize it went to the wrong person? I have heard all sorts of horror stories of sensitive documents, sometimes containing mergers and acquisition information being sent to the wrong people at the wrong company. Worse there have been reports of documents being sent to entire distribution/mailing lists of people by mistake.

 

Sealed email

 

So no surprise that we on the Oracle IRM team have a solution for protecting email communication. Oracle IRM supports a lot of formats, from Office (2000-2007, wider support than Microsoft's own IRM technology), PDF (Acrobat Reader 6.0+), HTML, JPEG, GIF, XML and others which allows people to protect documents that are attached to emails but we also support the ability to secure the content (body) of the email.

This is an area that comes with many different methods of creating, sending, receiving and reading the information. Some also regard their email client to be the most important tool in the workplace, so when integrating with this environment, especially from a security perspective, you need to be very careful and ensure you do not disrupt end users day to day activities.

 

Oracle IRM ensures the best user experience when protecting sensitive emails


When the Oracle IRM team decided to include email as part of the solution, we thought long and hard about how to address the issue of multiple email clients and servers. The decision was to be as agnostic as possible to the underlying platform so that we could ensure users could consume sealed information via as many clients and servers as possible. Nothing worse than a vendor trying to tie you into their way of doing things.

 

This led to the creation of the .seml format and the method of taking the body of an email, sealing it and then attaching that file to an ordinary email message. This means that the resulting email package can be sent via any of the usual email mechanisms. What did do on the client side was write some simple plug ins for the most common email clients to automate the above process. The email clients we current support are;

  • Microsoft Outlook 2000-2007
  • Lotus Notes 6.5-7.0
  • Novell GroupWise 6.5-7.0

Sending a secure email with Oracle IRM

When using one of the email clients above it is very simple to send a secured email. Simply start a new email as you would normally and the Oracle IRM Desktop will insert a small button in the email window. This allows you to mark the email as one which you wish to be sealed. Upon sending of the email the IRM software will ask you what classification (context) the email falls under and will list all the contexts to which you have the rights to secure information. This is exactly the same dialog and selection a user makes when sealing any document with Oracle IRM, consistency with the end user is important to reduce any confusion in the process. After choosing the classification the email is then sealed and sent onto the recipients.

Context selection dialog
It is still possible to send a sealed email if you don't have one of the supported clients. But it requires the end user to create the sealed email attachment manually like any other ordinary sealed file and attach that to the email. Future support of new email clients is however possible as we have an API exposed specifically for integrating with email. This API has already been used in Oracle to develop an integration with the open source Thunderbird email client.

 

 

Receiving a secure email with Oracle IRM


The beauty of the Oracle IRM solution is that receiving and opening a sealed email doesn't require any specific email client. Because the file is an attachment to the email, you just double click on the attachment and, assuming you have rights to the content, open the message.

 

There are some advantages with using a client that we've integrated with. For instance to reply to a sealed email is much easier with Outlook, Notes or Groupwise because we again insert a button behind which some logic automates the replying. But it is still possible to do this from any email client it just requires some manual effort on the end user.

 

Your email is secure and persistently under your control with Oracle IRM


Email extends the Oracle IRM format base to an area that is crucial for effective secure communication. It not only offers powerful protection using industry encryption algorithms to secure the information in transit, but it enables you to have total control over the email even after delivery. So even when your sensitive information goes out to thousands in the organization and is forwarded onto more, you still have the ability to audit and revoke access to every single copy of that communication, no matter where it resides.

 

About

Oracle IRM protects and tracks your sensitive information no matter where it goes. It combines business friendly encryption with role based usage rights and auditing.

11g quick guide

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today