Securing access to enterprise resources is a balancing act between usability and control. It requires vigilance, persistence, care, and effort. The process starts with risk and vulnerability assessment of the enterprise's assets followed by the security policy definition. When business needs require dispensing data to the Internet and sharing information with partner networks, a unique set of security challenges that cannot be solved by the traditional solutions of firewalls and virtual private networks is presented. In addition to other characteristics, enterprise security policies determine what resources must be available, to whom, and under what circumstances. A related concern deals with the privacy matters, where more information might be dispensed by the computer systems than necessary. In some cases, there may not be sufficient control over such data, which might be supplied by third party providers. In other cases, it becomes costly to alter the systems without significant time and money.
A typical scenario would be a call center setting. The call center employees view and process data provided by third party institutions that include health care and financial institutions. In most cases, the data includes very sensitive information such as social security numbers and credit card numbers. The call center employees do not need such information for the purpose of performing their daily duties. However, having such information available makes it susceptible to theft and can lead to identity fraud.
It is desirable to have control over such data, where the information could be dispensed on an as-needed basis. Ideally, it needs to be controlled based on the role of the user, as well as the source of the data. Such a policy is referred to as “redaction rule” in the context of this document and the process of removing such information is referred to as information redaction. Enforcement of these redaction rules is extremely desirable but no easy implementation exists without a massive investment in resources that ends up altering the original system.
In order for such a system to be effective, the information redaction must take place as close to the information source as possible. Some prior art systems try to perform redaction close to the destination. While such a solution would work for ordinary users, they do not protect from the savvy identity thieves. In Patent Application Publication Number US 2004/0015729 A1 by Elms et al, published Jan. 22, 2004, the system relies on detecting a client's presence and redacting information from the display. In this scenario, the information has already made its way to the computer system and is simply being obscured from the viewer. A packet sniffer or a Trojan horse running on the system will easily compile and reveal this information. As an option, Elms et al provide a mediator that is configured through a browser. The mediator provides the advantage of redacting information before it makes it to the computer but it can easily be bypassed by anyone with the knowledge of configuring a proxy. Such an action would result in full display of the information. Finally, the cited solution is limited to systems that only display information through a browser and is not applicable to either machine-to-machine information exchange such as the case with legacy electronic data exchange (EDI) and modern web services where machines exchange information using legacy or modern protocols or to terminal emulation programs and thick client desktop applications.
It is desirable to have a cost effective, easily configurable system that enables granular redaction control over multiple applications. Prior art access controls do not provide sufficient granularity and also do not work across multiple application protocols. Accordingly, a new data access control methodology and system is needed that must (a) provide information redaction based on a client's role and application being accessed (b) redact information in transit close to the origination source without requiring application alteration and (c) work across multiple application protocols.