Network World | Linda Musthaler - For some time now we have been reading about highly organized cyber criminals and professional hackers targeting companies for their intellectual property. Those who haven't experienced this nightmare may think of it more as a plot for a modern day spy novel rather than a real business threat. Allow me to relate a real-life story to you, and how the targeted company shut down the threat with a simple bit of technology.
There is a car manufacturer in Europe that designs its products using computer-aided design / computer-aided manufacturing (CAD/CAM) systems. Once a design is developed, the CAD/CAM files are sent to contractors to manufacture the prototypes. Time after time, the car company would find their designs turning up in Chinese cars before the European cars even hit the market. It was obvious that Chinese hackers were stealing the design files, not from the car company itself, but from the contractors it did business with. The company sought a way to shut down this data theft and protect its intellectual property and its business as a whole.
The solution the manufacturer found comes from Covertix, a file-level protection company. Covertix takes a unique approach to data loss prevention for a company's most sensitive files.
Traditional DLP solutions attempt to scan data going out of a network in search of specific phrases or data strings such as credit card numbers, social security numbers, or intellectual property. This security guard approach means that everything going out has to be scanned and scrutinized—a process that has the risk of not catching everything. Covertix has developed a body guard approach, where security is embedded into specific documents and files when they are created. The body guard has policies that determine explicitly who can access the file and what those authorized users can do with the file, even after the file has left the organization.
In the case of the car manufacturer, Covertix was able to protect the CAD/CAM design files by embedding restrictions that specified that the files could only be viewed on specific workstations at the contractors' locations, and opened only by specific applications on those workstations, and accessed only during specific hours of the work day. Oh, and the files were marked to expire on a specific date so no one can open them after that. With these restrictions in place, any files that were stolen by were useless to the illicit recipients.
At the heart of the Covertix solution is SmartCipher, a technology used to attach a set of user-defined policies to any type of file. The policies stay with the file for life, no matter how it is transmitted or where it goes, inside or outside of the originating organization.
The policies allow a document owner to share the file with a third-party with confidence by setting who can do things like open, view, print, copy from or paste to the document. Use of the document can be tied to a specific domain, location, device and/or context. SmartCipher permits 22 types of activities that can be monitored and controlled after the document leaves the organization. What's more, there are unique watermarks for each person who views the document.
Although the SmartCipher technology is essentially modifying the file with a 16k envelope containing the policies, a protected file is still able to fly under the radar of anti-virus programs that might accuse the genetically modified file as being a Trojan horse or malware.
Obviously this type of file-level protection doesn't need to be applied to every document. Covertix customers tend to use this solution on their most sensitive documents where the distribution and use is very well defined. For example, an investment company that is intimately involved in mergers and acquisitions uses Covertix to protect highly confidential documents that should only be viewed by a handful of people.
Other customers secure documents that are going to be shared with outside members of their Board of Directors. A university uses Covertix on professors' laptops to protect the tests that they administer to their students to prevent opportunistic (or desperate) students from stealing the exams. Another example is an HMO that uses Covertix to protect Electronic Medical Records (EMRs) and malpractice information from unauthorized internal and external users. The use cases are limitless and are spread across virtually every time of industry.
To use Covertix to create protected documents, a company creates folders that have the protective attributes assigned to them. Then every file created with that folder inherits those attributes—the who, what, when where and how of accessing a file. The file protection process is transparent to the end user; the attributes are simply assigned without any intervention on the user's part.
Covertix offers two levels of file use by recipients. In one instance, the recipient must install an agent on his device in order to open and act on the file according to his permissions. The agent can be downloaded from designated locations on the Internet or it can be sent via email from a document originator. So, for example, the investment company doing M&A's wants its external legal team to edit various documents. The attorneys would be required to download the Covertix agent to their workstations in order to properly access the documents.
The second level of file use does not require an agent download, but in this case all files are restricted to view-only. The recipient can annotate the files with comments but cannot otherwise change the files. Files can be viewed on any type of device, including smart phones and tablets. This mode would work well for the European car manufacturer that wants its contractors to create the prototypes from the designs without the ability to alter the designs in any way.
The SmartCipher technology works on any type of files, not just your typical Microsoft documents and PDFs. The agentless solution works on any type of client device. Covertix has a cloud-based solution that can automatically upload and protect information in a transparent way as the file goes into services like Box.net, Dropbox and Skydrive.
There is a growing need for solutions like Covertix as cyber thieves increasingly target companies' intellectual property. Even if hackers are able to steal the files, the tight user-defined restrictions make the files beyond use.
Linda Musthaler is a Principal Analyst with Essential Solutions Corporation. You can write to her at LMusthaler@essential-iws.com.
Essential Solutions Corp. researches the practical value of information technology, and how it can make individual workers and entire organizations more productive. Essential Solutions offers consulting services to computer industry and corporate clients to help define and fulfill the potential of IT.
The Daily Maily 28.6.2012
קוורטיקס מאבטחת מידע רגיש ב-Vente-privee.com
Globes 5.4.2012, Brett Kline, Paris
|Ynet: 7.1.11 By Elytzaphan Rosenberg
זליגת מידע מחשבון העו"ש: מי מגן עלינו? המידע אודותינו בבנק, בבית ההשקעות, בחברת הביטוח או בחברת כרטיסי האשראי עשוי להגיע לידיים זרות ולאו דווקא בכוונת זדון. כיצד החברות הפיננסיות מתמודדות והאם החוק הישראלי שומר על הכסף שלנו?