The need to protect sensitive data often limits an organization's ability to adopt collaborative practices. Without secure and sanctioned means of collaborating, individuals often create potential breach and non-compliance litigation risks by finding their own solutions. Meanwhile, allowing all users to see the entire body of information is neither appropriate nor necessary for them to fulfill their specific roles. Existing systems typically provide mechanisms for protection that are either based on tightening network security, which inhibits collaboration, or on multiple versions of the same document, which creates confusion and increases costs and risks of disclosure.
Known techniques for sharing secure information include creating multiple manually-redacted files, with each version of the file having different portions redacted depending on the security clearance level of the intended recipients. These techniques are manually intensive and prone to error.
Existing methods of encrypting documents typically operate by encrypting relatively large logical and physical structures. For example, whole disk encryption encrypts an entire storage device. Many tools also exist for encrypting whole files. Such techniques include the encryption schemes built into various versions of the Windows™ operations system, as well as third party tools such as Pretty Good Privacy™ and various compression tools. The primary limitation of these tools is that the entire document or physical device must be encrypted and decrypted as a whole. Using these tools, it is not possible to encrypt only a portion of, for example, a word processing document.
While techniques are known for manually encrypting portions of documents, there does not exist any tool for automatically managing partial file encryption in a way that preserves document integrity through format changes and scales at the enterprise level, and further allowing the secure copying of revealed data through non-protected shared system memory space.