Data leaks are one of the chief threats facing enterprise IT managers today.
Information Rights Management (IRM) technologies are perfectly designed to protect
the enterprise by effectively reducing and/or eliminating the risk of accidental
IRM solutions based on software-as-a-service (SaaS) delivery models offer three
major advantages over in-house implementations when it comes to securing information
in use. First, IRM is non-intrusive since it is enabled through viewer extensions
or plug-ins (rather than the host-based agents that in-house products employ).
Second, version updates of extensions require little or no IT staff involvement.
Third and last, SaaS-based IRM solutions have the flexibility to cover most
popular file types used in productivity applications (e.g. Excel, Word and PDF
formats) without being limited to any one vendor.
Despite these benefits of SaaS IRM solutions, there are, however, some potential
weaknesses that are common to all IRM solutions, whether they are in-house or
Traditional methods of protecting information within well-established perimeters
often fail because the data from a larger enterprise is dispersed all over the
business and documents need to be accessible 24/7. While most existing products
consistently protect from accidental or unintentional document leaks, protecting
against data theft comes down to the best approach for protecting the information
being regularly accessed from various points across the enterprise, or "information
in use." Let's take a closer look at ways this can be achieved:
Most organizations can easily protect information in transit by securing browser-to-server
communication via SSL with strong encryption. Protecting information at rest,
however, requires a few more steps. First, developers need to centralize the
storage of critical information and build-in authorization for every access
Second, the appropriate cryptographic protection needs to be developed through
strong algorithms and long keys. A very interesting problem is presented by
the requirement to protect the information in use. Here the decryption process
itself must be portable and available at the point of viewing.
Data ownership and access
Some vendors have developed proprietary viewers for files to protect their
information in use -- a version of "security by obscurity" -- while
others implement extensions for browsers or productivity tools, such as document
editors and electronic spreadsheets, which are able to decrypt file content
as needed. Many of these solutions have additional features allowing data owners
to apply centralized policies or user rights to individual files, where each
file can have permissions setup for "view-only," "view and print"
or "disable printscreen" and combinations of those functions.
In the best of these solutions, the encryption keys and permissions are stored
on a proprietary server and get securely downloaded on demand. Those permissions
can be removed even after the document has left the enterprise perimeter and
changes take effect immediately, allowing the owners to maintain control of
However, IRM alone does not provide protection from data thieves who use video
equipment or screen capturing techniques to get illegal copies of documents.
IRM needs to be combined with robust watermarks where it can enforce read-only
access to the file content. This type of digital watermarking has proven to
be an effective deterrent against data theft with in-house as well as SaaS solutions.
Other vendors have recently started offering technologies that obscure the
document view so only a small area around the mouse cursor is visible. This
type of functionality might also close a curtain over the browser when the focus
is lost to protect from screen capture or what some call "shoulder surfing."
While the curtain is useful against older screen capture technologies and is
not as intrusive, it does not always protect from newer screen capture products
that have built-in capturing delays. From a user perspective, curtain technology
obfuscates your view to the point it is either annoying or even unusable (in
the case of complex diagrams). This kind of protection often punishes legitimate
users and is doing very little to protect the data, so it should be implemented
with care and at least be configurable.
In conclusion, good IRM deployment will protect against all accidental document
leaks both inside and outside the enterprise with on-the-fly decryption of files.
Robust watermarking combined with granular access control and auditing capabilities
will deter most data thieves.
A preferred IRM solution will cover close to 100 percent of the document types
used in everyday business activities across two or three vendors (and also offer
easy conversion utilities for unsupported document types). It will have not
only modern cryptographic protection (including tiered key management), but
also will have externalized the encryption algorithm and key strength, allowing
for quick changes to cryptography. In short, IRM must be easy on the user, creating
as little footprint as possible.
IRM makes sure there are no unprotected copies of the documents left on client
machines, and how well it does this -- not how well it showcases the product
-- should be the main criterion to judge this technology.
About the Author
Mush Hakhinian leads the application security practice at IntraLinks, a leading critical information exchange solutions provider. Prior to IntraLinks, Hakhinian held security leadership positions at ACI Worldwide, an online banking software company, where he managed the application development security lifecycle and relationships with customers’ security departments. He also led the Electronic Security Department at the Central Bank of Armenia. Hakhinian has been managing security initiatives for the past 16 years and is an active member of OWASP Boston Chapter. For more information about IntraLinks, please visit http://www.intralinks.com/ and http://blog.intralinks.com/.