Enterprise rights management and keeping data in-house

ERM locks down corporate secrets but still allows employees to do their jobs

Several years ago, Flextronics was struggling with a thorny security issue: figuring out how to prevent sensitive and proprietary information from going astray once it was in the hands of authorized users.

Like most large enterprises, the global manufacturing services firm had built strong defenses against attacks from the outside, according to Brian Bauer, who was vice president of global IT strategy at the time. (Flextronics' current CIO declined to speak on the record for this story.)

Even so, the company's defenses didn't necessarily apply to employees, customers and contractors.

One of the sticking points was ensuring that customers and contractors gained access only to the parts of Flextronics databases that applied to their projects. The company designs and builds products for some of the world's leading router, video game and medical device companies, many of which are rivals.

Bauer's group also needed a way to prevent, or at least deter, design engineers from leaking valuable and sensitive information, says Bauer, who is currently managing partner at information services consulting firm Bauer's; Associates. In his experience, about 70% of data losses are due to mistakes, not deliberate theft, he says.

Flextronics' IT group initially tried to "lock everything down" by prohibiting employees from including sensitive information in a wiki or blog post, bringing flash drives or cameras to work, or even using the Internet, says Bauer. Not surprisingly, this irritated engineers, who complained that they couldn't get the information they needed to do their jobs.

The company's ended up turning to an enterprise rights management (ERM) platform that combines a policy engine with data loss prevention and information rights management, NextLabs' Enterprise DLP.

Setting policies vs. assigning granular rights

Data loss prevention (DLP) software scans information being sent beyond the firewall and applies security policies to that data. Policies are typically content-based; for example, a rule might state that if information contains a certain key word or phrase, it doesn't belong on a specific type of device or can't leave the company unencrypted.

For its part, information rights management (IRM) applies granular, user-based access rights to digital data objects outside the corporate firewall. For example, an employee on the road might be able to read and change a file on his BlackBerry but not e-mail the file or download it to a USB device. A contractor might be able to read a document but not print it or send it to a colleague.

With enterprise DLP controls in place at Flextronics, design engineers can access information and collaborate with colleagues on the Web, and bring their USB flash drives (but not cameras) to work, Bauer says.

When NextLabs' Enterprise DLP software catches an employee attempting to share proprietary design information on a wiki, send it out via unsecured Web mail or download it onto a USB device, it either blocks the action or sends the employee a reminder of company policy. Often, the reminder is sufficient, Bauer reports. The product can also automatically create audit files that keep track of who complies and who doesn't.

IRM and DLP are complementary technologies that address two critical and connected security areas, says Jon Oltsik, a managing partner at Enterprise Strategy Group (ESG). "DLP allows IT to block all the stuff leaking out on e-mail attachments, mostly through human error," he notes. Once a document goes outside the corporate network, however, it's out of DLP's control. "If you want granular enforcement at the application, document and user level, outside the firewall you need IRM," says Oltsik.

Some DLP products can scan an organization's internal databases and storage devices, classify information according to preset policies and alert administrators about information that resides in the wrong place.

Tags Enterprise rights managementsecuritydata loss preventioninformation rights managementdata breach

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Elisabeth Horwitt

Computerworld (US)

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?