It’s a tough job today to build security around that which is most important: an organization’s data and information. In a world of mobile employees, this may seem like an impossible task. This is one reason why we suggest building security into the data/information rather than just around it.
While any number of security pundits proclaim “the perimeter is dead!” we say it must be redefined. We believe that content itself is the new perimeter.
An organization puts up firewalls at every ingress and egress point of the enterprise network but then opens up ports to allow certain traffic to flow through. For example, firewalls today aren’t very effective at blocking phishing email messages that carry malicious attachments or links that open the door to malware.
Another common layer of defense is identity and access management (IAM). The logic is, we will only allow authorized and authenticated people onto our networks to do their legitimate business. Everyone else will be kept safely outside the network perimeter, or the application perimeter, or whatever system the IAM solution is designed to protect.
There are two flaws in this defensive posture. One is the malicious insider who abuses his/her credentials and privileges, ala NSA contractor Edward Snowden and Société Générale rogue trader Jérôme Kerviel. Even the best IAM solution can’t block a legitimate user based on suspected motive. The second flaw in IAM defense is the increasing trend of outside actors using stolen credentials to access systems at will.
I could go on and on about additional solutions intended to put up a protective wall around the systems where data and information reside. This task is made infinitely more challenging when data and information can reside on premise, in the cloud, on mobile devices, and on the desktop, and also when the extended enterprise includes authorized users such as contractors, partners and third party service providers. The defensive walls are really a maze with those narrows paths that people pass through to get to the prize.
Bringing Protective Measures Much Closer to the Content
Enterprise customers want additional security solutions that bring the perimeter much closer to the information that must be protected. They are demanding the ability to:
- Control and secure enterprise information wherever it resides — in the cloud, on-premise, or in a hybrid environment, and whether the information usage and storage is local or international
- Seamlessly control and secure enterprise information regardless of how it is accessed — from the desktop, mobile devices or tablets
- Embed the control at the document level with granular permissioning for each user in order to control their ability to open, view, edit, delete, copy and print the information
- Grant and revoke access to information to ensure it is controlled, even if it has gone external to the network
- Easily deploy, install and use, without compromising security.
One of the most important ways to satisfy these enterprise needs is to apply plugin free Information Rights Management (IRM) to documents. IRM is a technology which protects sensitive information by embedding encryption and user permissions directly into the file containing the information. This is different from most other security technologies that build protections around sensitive files and the systems on which they reside.
With the security controls embedded inside documents, workers can freely share or UNshare those files at will, no matter where they reside. With plugin free IRM, recipients can access documents as freely as they would access any other document with standard applications such as Microsoft Office.
This layer of security puts the defensive perimeter inside the content itself, proving the perimeter isn’t dead; it’s just redefined — content is the new perimeter.