Post-Encryption Security
But what about the shared file server where all the documents are stored? And what if someone decides to download those files or send those files to their home computer? Or worse, what if they hand those documents over to a competitor, unwittingly or otherwise?
It's not just the average consumer who can suffer privacy violations. Industrial espionage is a growing concern for many. Imagine your whole company's intellectual property open for anyone to use and pry with.
Companies have traditionally relied on perimeter security, namely firewall, IDS and other external devices to protect intellectual property but are just now discovering that it's not the only answer toward guarding a valuable IP.
Digg
del.icio.us
Newsvine
Facebook
Google
LinkedIn
MySpace
Reddit
Slashdot
StumbleUpon
Technorati
Twitter
Windows Live
YahooBuzz
FriendFeedFor example, it's one thing to send encrypted email but being able to keep the contents of that document encrypted after its been decrypted can pose a bigger challenge. I recently got to play with a new product that can protect documents and prevent those that shouldn't see it from seeing it. But before I get into the description of the product, I wanted to highlight some of the more common access controls that we run into in IT.
Identities and Roles
Mandatory access ensures that access is determined by a security policy set forth by the company. This is any administrator's preferred method since it centralizes the access to a resource and the permissions a user or process has over that resource, rather than allowing the individual owner of the resource determining access. The most common form of this is the smart card system that many companies use. Your card will determine what areas you can access.
On the other side of it, discretionary access control is probably the most familiar form. Access to a resource and what permissions a user or process has over that resource is determined by the owner of that resource. One of most common examples is sharing a document with anyone you decide should see it. Two variants of this are Identity-based Access Control and Role-Based Access Control.
Identity-based access control is entirely based on the identity of the user or process. For instance, an ID card or the security guard deciding whether you are allowed into a building or not, based on who you are (your identity). Role-based, on the other hand, is based on the roles that users have. For example, a manager will have a greater need and a valid reason to access sensitive documents versus the mailroom clerk. The permissions are not based on the identity of the manager but rather the actual managerial role.
So what does this have to do with anything? Well, SealedMedia has just introduced version 5 of their Enterprise DRM (E-DRM) product for documents specifically. This product goes beyond email. Rather than simply relying on encryption, this product further protects a document based on the access control used - most commonly RBAC.
