1. Technical Field
The present invention relates to a system and method of enforcing a computer policy.
2. Background Information
Corporate Security Policies (SPs) are a vital part of corporate security governance. Such policies are put at serious risk when employees are allowed to roam with an organization's most vital asset—information. This is an extremely important problem that is also very difficult to satisfactorily address.
For example corporate policy might require any corporate laptop to protect any data stored on it even it is stolen, i.e. even if an adversary has physical access to the laptop and it is taken outside the corporate boundary (within which policy is typically enforced). Similarly, corporate laptops taken home in an authorized way by employees should still be governed by corporate policy, even though the laptop is outside the corporate premises.
Existing Security Policies are typically complex and time-consuming to manage due to the need to replicate encryption keys as employees move between offices and work on a variety of different computing devices both within and outside the corporate boundary. When an employee leaves employment, all of the corresponding encryption keys need to be revoked. These issues of key-management represent significant costs to companies attempting to enforce security policies on a mobile and ever-changing workforce.
It is an object of the present invention at least to alleviate these difficulties.