1. Field of Art
The present invention generally relates to the field of information management technology, and more specifically, to the field of enterprise document management for protecting sensitive information.
2. Description of the Related Art
As computers and networks become more proliferated, powerful, and affordable, a growing number of enterprises are using both to perform critical tasks and manage sensitive information. However, the convenience provided by computers and networks is leading to easy duplication and distribution of sensitive information. Often, multiple copies of documents containing sensitive information (also called sensitive documents) find their way to endpoints of the network, for example in CD-ROMs, in memory sticks, and in other media. The proliferation of information makes it harder to protect sensitive information, and gives people with malicious intent more opportunities to access such sensitive information and leak it out to unintended parties.
This information leakage problem is also highlighted by regulations such as the Sarbanes-Oxley Act. Besides the significant accounting and control requirements imposed on publicly owned companies, the Act created a new oversight board for accounting firms auditing publicly traded companies (PCAOB). The PCAOB established auditing standards, including Standard 2, which recognized that senior management cannot simply certify controls on the system. Rather, controls also have to track and manage the way financial information is generated, accessed, collected, stored, processed, transmitted, and used through the system. As a result, there are high demands for enterprise document management for protecting sensitive information.
Highly sensitive information is traditionally stored in an isolated and secured computer, accessible only to authorized personals. When documents containing such information need to be duplicated or circulated, those seeking access typically follow a secure administration procedure (or policy) to prevent unauthorized access. By keeping such documents out of computer networks, it limits remote access of the sensitive information by the authorized personals. However, documents stored offline are unable to leverage other benefits provided by the networks, such as online file system backup. Moreover, conventional isolation-type security techniques are not reliable, since the access control relies upon people following the secure administration procedure. This administration procedure is difficult to manage with respect to education and enforcement of such security policies, and also can be quite costly to implement and monitor.
One conventional approach to prevent sensitive information leakage from endpoints of an enterprise network is to enforce a file based access control policy. This approach restricts access to certain sensitive documents to authorized users, while other users can access documents other than the sensitive documents. This approach is insufficient because it lacks deep inspection of the document content. Any intentional scrambling of the sensitive documents content can create documents not subject to restriction, causing the sensitive information to be leaked to unauthorized users.
Another general approach to prevent sensitive information leakage from endpoints is to enforce a user-based or application-based access control policy such as complex Access Control List (ACL) policies and firewalls against users and applications. In some instances, the ACL policies may be combined with local storage encryption. One shortcoming of such approaches is the difficulty in maintaining and managing different users and their corresponding privileges. This is particularly problematic when combined with local storage encryption, because such encryption also requires a complex key management system. Further, such approaches lack the deep inspection of the document content, and cannot prevent sensitive information leakage caused by intentional scrambling of sensitive documents.
One conventional approach to prevent sensitive information leakage from an enterprise network is to monitor network traffic within the network. A network sniffer or monitor device is attached on a router within the network, and analyzes network traffic. Sensitive data content is then identified and filtered out by the network sniffer. This approach is inadequate in that it cannot analyze encrypted network traffic. For example, any network traffic using the Hyper Text Transfer Protocol (HTTP) over Secure Socket Layer (SSL) protocol is encrypted for security, and cannot be monitored for sensitive information. Also, because information inspection by the network sniffer takes time, data going through the router is slowed down, affecting the network performance.