Information within organizations and entities is often classified as sensitive either for business reasons or for legal reasons. This information may reside within documents, drawings, machinery, layout, use of equipment, text files, databases, images, pictures, etc. In addition to the potential threat of an unscrupulous party illegally accessing the organization from the outside via an electronic network, and then removing or disrupting the information, there exists the risk of intentional or inadvertent transmission of the sensitive information from inside the organization to the outside. For example, a disgruntled employee might send an image of a sensitive document to which he or she has access to an outside party via a mobile device, thus causing harm to the organization.
In addition to simple business reasons for not wanting sensitive information to be released, i.e., the desire to keep trade secrets secret, many new government regulations mandate controls over information (requiring the sensitive information not to be released outside the company) and companies must comply in view of significant penalties. For example, HIPAA regulates health information, BASEL II regulates financial information, Sarbanes-Oxley regulates corporate governance, and a large number of states have passed data privacy laws requiring organizations to notify consumers if their information is released. Companies are even subject to a regular information technology audit which they can fail if they do not employ suitable controls and standards.
Technology companies have reacted to this environment with a host of data loss prevention (DLP) products. These products are typically hardware/software platforms that monitor and prevent sensitive information from being leaked outside the company. These DLP products are also known as data leak prevention, information leak prevention, etc. Gateway-based DLP products are typically installed at the company's Internet network connection and analyze outgoing network traffic for unauthorized transmission of sensitive information. These products typically generate a unique signature of the sensitive information when stored within the company, and then look for these signatures as information passes out over the network boundary, searching for the signatures of the sensitive information. Host-based DLP products typically run on end-user workstations within the organization. These products can address internal as well as external release of information and can also control information flow between groups of users within an organization. These products can also monitor electronic mail and instant messaging communications and block them before they are sent.
But, sensitive information from within a company may be captured in the form of a picture, image or video, and then transmitted via a mobile device—making detection and prevention more difficult. For example, it may not be possible to apply a DLP policy to the captured image if an individual uses his or her own mobile device to take a picture. As mobile technology evolves, more and more mobile devices are equipped to take photographs and videos. Because of a mobile device's small size and high-quality imaging, unscrupulous individuals may use the mobile device to steal sensitive information. Corporations may establish a policy to prevent mobile devices with a camera capability from being brought into the corporation, but such a policy may not be easy to enforce. Another technique used is that some mobile device manufacturers require the device to produce a loud sound or flashing light when taking a picture. But, this feature can be disabled or could be circumvented by taking a video clip. Currently, there is no efficient and reliable technique for preventing the leakage of sensitive information through the use of a mobile device.
What is desired is an improved technique for preventing the loss of sensitive information through the use of mobile devices.