Inexpensive and ubiquitous access to the Internet, websites, extranets and intranets have revolutionized the way that most reorganizations communicate and do business with one another. Information of all types now flows much more freely and is far more available. However the ease of access to these network-centric information resources also threatens the security of any system connect to it. By implication, almost all sensitive data in an enterprise is now at risk of exposure, since placing information on line means losing at least some measure of control over it.
Security continues to be a significant issue facing data processing system administrators. It is now almost a certainty that the most valuable assets of a company, its intellectual property, will be stored in some manner in digital form. These digital assets can include documents of many types, such as product plans and designs, customer data, customer and vendor correspondence, contract terms, financial data, regulatory compliance data, custom software applications and the like.
Further complicating matters is the fact that the managers at the highest level of responsibility in organizations, including even Chief Executive Officers and Directors, are now held legally and financially accountable by regulators and shareholders alike for maintaining the confidentiality, security and integrity of sensitive information.
Many different solutions already exist to protect an organization's data processing infrastructure from certain outsider threats. These include physical access control, firewalls, sniffers and other network monitors, intrusion detection systems and other solutions. These techniques can be effective against attacks by unauthorized outsiders in most instances.
However, there is a second class of computer users that also pose a security threat. Protection from these unauthorized insiders requires a different approach, but one that is also well known. Almost since the inception of disk-based storage systems, the concept of access control has been applied to limit the ability of certain users to access certain important files. Using these techniques, now a universal feature of almost every Operating System (OS), a desktop and/or network file server can provide for limited read, write, public, private and other types of access to files, directory structures and the like, depending upon permissions granted to particular users. Permissions can be attached to user accounts by a system administrator, based on the need to know, the departments in an organization of which a user is a member, and so forth.
Even when users obtain access to only a portion of a system, however, they can still use a variety of techniques to steal and/or damage information. These can include simple browsing for unsecured information in a network, and/or removal or deletion of information made available as a result of poor security practices. More sophisticated rogue insiders will employ network packet sniffers and/or spying software.
Encryption techniques such as those employing a Public Key Infrastructure (PKI) enable an enterprise to provide authentication, access control and confidentiality for its applications and data. PKI systems can be used to protect the security of e-mail and other communications, business transactions with customers, as well as to protect data stored on network servers. PKIs typically require the issuance and tracking of digital certificates, certificate authorities, and public key cryptography elements in an enterprise wide network.
A variety of PKI-based approaches couple centralized document storage with so-called Digital Rights Management (DRM) tools to provide some measure of control over digital assets. In these systems, a policy enforcement process running on a file server, or even on a separate policy server, enforces encryption policies on file usage. In such systems, access to files on the file server is controlled first by the policy server, which uses centrally managed keys for encryption. The policy server is not itself responsible for storing and retrieving information, but is typically responsible for keeping lists of access policies (i.e., which users are authorized to access which types of documents), managing user authentication, securing client-to-server communication, and distributing encryption keys. Before accessing any information, the recipient must first authenticate with the policy server. The policy sever then issues copies of required keys to permit the recipient to decrypt the information.
For example, U.S. Pat. No. 6,510,513 issued to Danieli and assigned to Microsoft Corporation describes a security and policy enforcement system that utilizes a series of transactions between a server and a client using electronic security certificates. A first client generates a request for access to data by submitting a security certificate containing a digest to a trusted arbitrator server. The trusted arbitrator authenticates the first client's credentials and returns the security certificate. The data and security certificate are then combined to create a distribution, which, in turn, is acquired by a second client. The second client extracts the security certificate and generates a digest from the data in the distribution. If the digest from the second client matches the digest from the first client, then data is considered to be valid. Depending upon the certificate type and a policy level, the trusted arbitrator server can provide services such as notification of improper usage.