The control of sensitive information has been a concern of businesses for many years, including pre-internet and computers. The control of sensitive information has been made more difficult by the ability to access data via the internet and the advent of e-mail which allows for transmission of potentially sensitive data.
Although it is desirable to control access to data, it is also desirable that the access controls do not restrict productivity and authorized use of the data.
Some solutions to the data access problem include encryption of storages. This system uses encryption keys that allow for a storage to be decrypted so that the data records thereon can be accessed, viewed and edited. This solution is a relatively binary operation that may not work for network based systems, for example, access is either allowed to everything or denied for all.
Further, while encryption and access controls are interesting and valuable, the system that manages and or annotates the content for various access levels has traditionally been distinct from the data itself. By placing the wrapper of annotation and control data around the objects being managed themselves allows the data to move portably across systems and have adaptors that can understand these annotations and controls at each access point (to read, modify, write, delete etc.)
In some cases, it is desirable to allow certain employees to access data records based on their job, working group, project assignment and other criteria. At the same time, it may be desired to deny access to certain data records. Traditional encryption systems provide access to the decrypted storage, and it becomes very difficult if not impossible to keep track of what is on each storage and who should have access to the data records. Further, as data records are edited security concerns for particular records may change. For example, if a report is opened in Word® and sensitive information is added, the sensitivity and therefore the security protocols should change.
There are also problems surrounding transmission of the data records to other parties or other computers that may not be controlled by the enterprise which may include an employee's personal (home) computer/laptop. Although many enterprises may encourage employees to work remotely, if/when an employee leaves the enterprise, the data of the enterprise should not follow the employee to their new job. The traditional solution to this problem is to prevent transmission of data records all together or to require encryption of data records and specific decryption codes for each on non-enterprise computers. Tracking codes or preventing transmission becomes obstructive and makes it difficult for the employee to work remotely.
With the proliferation of networked devices, it is desirable to provide a system that allows for secure access to data without interrupting employee workflow.
Current methods of solving the security issues may be generally effective from a security standpoint, but in practice, there is a significant interruption in employee workflow. Consider secure electronic storage facilities or computers that are not connected to the internet. These systems may allow a user access to certain sensitive data in secure locations that are locked and use access keys or scanners to determine or verify the identity of a user and verify that the user is allowed to access certain storage locations. For example, imagine a company's most sensitive data being stored in a bank vault that may only be accessed by certain individuals. If such individual needs access to the sensitive information to do certain tasks on behalf of the company, the employee would need to walk down to the vault, open the computer, access the data. The issue then becomes one of whether the employee can transport the data out of the secure location, for example, with a flash drive. If the employee can transport data out on a flash drive, the security measures may require encryption or use of keys to actually be able to use the data. Once decrypted, another issue is that the data is now accessible in a decrypted format and it may be possible to copy the sensitive data to an uncontrolled storage.
As the prevalence of computing devices in businesses becomes greater and greater, data usage and transfer is rapidly increasing. Employees are given access to company data through numerous connections such as cloud logins, VPN connections, email and others whether through company devices or BYOD/BYOC devices. Much of this data is sensitive to the company and data breaches can cost companies a significant competitive advantage. In addition, numerous cloud storage, synchronization and backup systems make selective removal of sensitive data difficult.
There are a host of security concerns associated with this increased usage and access to company data. Many industries rely on proprietary data such as market research, statistics, product information, test results, pricing, contacts and numerous other categories of data. In addition, data analytics is increasingly becoming an important industry alone, and maintaining control over data access and proliferation is important to a data analytics business which relies on providing insight and recommendations through data analysis and/or reporting.
At the same time, many employees require access to sensitive data in order to perform day to day job functions. Therefore, although controls are desirable, valid access and use for authorized persons is necessary to allow employees to maintain an efficient workflow and to complete project tasks.
In addition, inadvertent disclosure of data can lead to liability, such as professional or contractual liability, therefore it is important that data security controls guard against inadvertent or unauthorized disclosure in order to avoid this liability.
Systems have been disclosed relating to Data Usage Analysis and Reporting (U.S. patent application Ser. No. 14/263,772) and Cost Allocation for Derived Data Usage (U.S. patent application Ser. No. 14/263,756). The content of these two applications is incorporated by reference herein. These applications disclose systems that identify data usage on a granular level to generate data transactions. These data transactions are then used in the generation of reports based on the data usage of the device, for example reports may allow for cost allocation of the data usage based on, the source or destination associated with data usage. These data transactions allow for a granular view of information which could include the purpose, content, source, destination or other information.
An enterprise may have shared network drives that are accessible from computers on a local network via user login. Such a system may allow the user full access to data stored on the network drives based on login controls at the initial access point (i.e. logging into a computer). Proper security management of data access in many cases cannot be adequately implemented based on the initial access point, because once an authorized login or password is used, data may often be saved and moved out of a protected environment. For example, if an employee has document(s) they are working on at an enterprise location that they would like to continue working on from home, they will often e-mail the document(s) to themselves and then save a local copy on a local machine. Although the employee was required to login to a computer system or company controlled database, the ability to email a document to themselves and then save a local copy makes it nearly impossible for the company to remove access to the local data copy when the employee leaves. This is even more problematic when the employee leaves for a competitor as the locally stored data may provide the competitor with an proprietary information.
In the initial access point security case, the employer is essentially relying on their employees to comply with security guidelines and not save data in unsecure locations. This system allows for a wide array of human errors and inappropriate uses of sensitive data even though the employer may be able to determine who accessed and transmitted the data.
Identification of data types, categories and content on various enterprise connected devices can allow the enterprise to better control access and proliferation of company data and to make sure appropriate security protocols are complied with.
Although one could theoretically implement controls that would prevent the practice of allowing logged in users to e-mail documents to themselves, this type of relatively binary control may have the undesired effect of making employees unable to work remotely. Many enterprises may encourage access over a VPN connection to allow for remote access and working, however sometimes an internet connection is not available, or working through a VPN connection and remote access application may be cumbersome and slow such that local storage and access to sensitive data is more efficient for the employee.
In addition, document(s) may contain data that is not extremely sensitive based on the content of the documents(s), the project or other. Accordingly, data security controls are less important as the sensitivity of the data decreases. However, many security protocols restrict access on a device by device or storage location by storage location protocol, and these data security protocols are sometimes insufficient to identify what data is flowing where and restrict certain actions or events based on the content or category of data.
Therefore, it is desirable to apply enhanced data security protocols based on the content, purpose or category of data, data access and/or data transmission where the security protocols allow adequate security controls to be implemented without overly restricting user productivity and access to the data when such access is proper.
The sensitivity of the data may also adjust over time based on the context. An exercise of research may start off be relatively low sensitivity but may lead to an NDA based effort (higher sensitivity) and further evolve into merger and acquisition activity (high sensitivity). It is important to note that even if the document has not changed, the documents relating to these efforts my evolve with the security context. In this case, the reading program that accesses the document would reassess the sensitivity level based on a dynamic set of rules and would adjust accordingly before presenting the user with the data contained within.