The personal computer revolution has introduced a big challenge in protecting data in the corporate environment. In the past corporations were computerized by central mainframe computers or by mini computers. These systems had complete control of access to the data within them. Any attempt to access data was verified by the central computer and the central computer could prevent transfer of data to non-desired places. In contrast nowadays corporate data is generally accessed by personal computer networks, which are connected in many cases to external networks, for example the Internet. Each station generally stores data locally in various forms, for example as word processing files, spreadsheet files, emails and other forms. The end stations typically comprise less secure devices than the terminals that served the central computers, for example a desktop computer, a laptop computer or an external email account at an email provider. Data can easily be transferred out of the system with or without leaving information regarding the identity of the person that took the data, for example a person may copy the data to various types of removable media (e.g. a writeable CD, a writeable DVD, a floppy disk, or a disk-on-key). A person can also email data to an external email account and then access the data remotely.
The above described situation leaves the corporate data in a less secure state than in the past. Many scenarios can lead to information leakage either deliberately or accidentally, for example theft of a desktop computer, theft or loss of laptop computers, loss of a disk-on-key or other removable media. Additionally, an employee can easily send information to an external email provider and retrieve it using an external computer without any corporate limitations.
Various solutions have been suggested to tackle different aspects of protecting corporate information:
One method to tackle the problem is by installing network sniffers at strategic positions, for example next to a network firewall, to monitor content that leaves the corporate network. Typically a sniffer may reassemble TCP sessions and analyze the content to detect sensitive information leakage and trace it back to the sender. A few problems with this solution is that it is limited to information transmitted over the network and does not deal with other forms of information leaks such as copying information to a USB device. Additionally, the monitoring by the sniffer can easily be overcome by manipulating the data, for example by using encryption so that the sniffer cannot determine the content. Further additionally, since the method only detects data, which is detected by the algorithms implemented by the sniffer it does not detect all information leaks and is thus limited in its ability to enforce a policy.
A second method of tackling the problem is by installing an agent program on the computers of the corporate employees. The agent can monitor and control use of data, for example the copy and transmission of files from the computer, printing out content of a file, burning CDs and other actions. One drawback with this solution is that the agent may be circumvented by booting from a different operating system to gain control of the data on the disk without being limited by the agent program. Also once information leaves the employees station it is not protected.
A third method to tackle the problem is by implementing an enterprise digital rights management (E-DRM) system to provide persistent encryption to the corporate data. Typically all controlled data files are encrypted and they can only be accessed through the use of an application which runs in the background and enforces an access policy, for example requiring an access key or preventing a user from copying the data. The advantage of E-DRM over the use of an agent is that access policies can be enforced even after delivering the content to a recipient and stolen files cannot be accessed. However there are a few problems in implementing E-DRM in the real world:
1. Many systems need the information in its unencrypted form to function properly, for example relational data bases, tape backups, search engines, and applications which manipulate the data. Thus all these systems must incorporate the E-DRM application to function with the data. This puts a severe limitation on the hardware and software, which can be used and generally would increase their cost.
2. When dealing with external partners that need to access the information, for example an external corporate accountant or attorney or an outsourcing company, they too would need to implement the encryption system to access the data. However, it can be quite complicated to implement a key management system, which provides keys across multiple enterprises/bodies. Additionally, working with E-DRM puts a burden on the external entities. They may not be interested in installing specific software and/or implementing more complex procedures to deal with the data of the specific client.
3. In E-DRM and other persistent encryption mechanisms the author of a file is generally provided with the option to define, which policies to enforce on the file, for example to prevent printing or prevent copying excerpts (e.g. by cut and paste) from the file. Each author can implement different policies, which will cause confusion for the users of data in the corporation since they will not know ahead of time what actions can be applied to a specific data file.
Generally, systems for protecting data, protect data at a specific position in the network (e.g. preventing access to the content of a server by unauthorized users) or by applying protection when performing a specific action with the data (e.g. creating the data item and applying an encryption or transferring the data out of the network and applying an encryption).