Picture this - you are the CIO at Fort Knox plc (a large financial services organization) and you reckon you’ve got this security thing sussed.
You've just spent millions on a Virtual Private Network. You have passwords on all
your computers. Your comms room has two locks and CCTV. You have an expensive content management system that provides an audit trail of everyone who has been in contact with any internal file. You are backing up all your data in a data center an hour's drive away, just in case a bomb decimates everything within a ten-mile radius of headquarters. You have anti-virus software, and an unimpeachable firewall that ensures intrusion
detection and prevention. You are invincible.
Or perhaps not...
That's because some of the biggest security threats actually stem from the humble document, since it is at the document interface, be it electronic or paper, where the human factor needs to be taken into account.
This may involve a deliberate breach of security (e.g. a disgruntled employee or a rare instance of industrial espionage) or it may be an accidental breach (e.g. forgetting to log out of an intranet). Either way, the resulting leaked information can have disastrous effects - witness the incident involving a press release purporting to be from Emulex, which drove the company's value down by $2 billion in one day.
By looking at the central role the document plays in four of the biggest threats to security - laptop theft, unauthorized user access, information theft, and sabotage - we can see what technologies are available to mitigate the risks, and how best to apply them:
Threat number one: laptop theft
The old favorite, this is the one of the most common computer-related crimes, affecting 55 percent of businesses (according to a recent survey from the Computer Security Institute). The loss of the laptop itself is inconvenient. The financial loss it represents is little more than petty cash, but the danger lies in the documents on that laptop being leaked or, worse still, altered and then represented as having come from the original owner.
One way to combat this hole (and others) in the organization's defenses is to use digital signatures so that anyone receiving documents can feel reassured that the source of the document is exactly who or what they present themselves to be.
The reverse is also true - when sending documents, organizations may need a guarantee that it arrives at the intended recipient without being intercepted (for instance if that person had a laptop stolen). Digital certificates may be used to confirm receipt as well as authorship.
Threat number two: unauthorized user access
This may come from inside or outside the organization. To combat the external threat, a common approach is the "secure pipe" method, where the information is transferred by a secure network. However, often people forget about what happens once the document has passed through the pipe and is no longer protected by it.
Passwords go some way towards protecting documents, both internally and externally, but these can be shared, stolen or lost without too much difficulty. It is safer to allow access only to named individuals, identifiable by a digital or PKI certificate such as a USB thumb drive.
Threat number three: proprietary information theft
This is the sixth most common computer-related crime, and the most expensive, costing US business $171 million in 2002. This is because much of an organization's value is stored within its intellectual capital. Ferrari was a
prime example of this when it recently accused a Formula 1 rival of stealing design data on some of its models.
Digital rights management technologies are the first line of defense against this threat, since they can eliminate practices like forwarding confidential documents outside the corporate firewall. It can also ensure that certain
documents expire when a person leaves the company.
Embedded print instructions are also a good defense tool, for example, someone with PKI-certified access to a document may decide to print a copy out to proof-read (most people prefer to proof a paper document). A hard copy can never be password protected, and it is not unheard of for industrial spies to reassemble a shredded copy. Restricted printing can render a document incapable of being printed, or ensure that it can only be printed once by one person. Even screen capture tools can be made to become ineffective.
Threat number four: sabotage
This criminal offence has affected just under ten percent of firms. However, sabotage does not necessary mean tampering with the servers (besides, you have those locked away safely in the comms room, remember?). It could involve an unhappy employee from within the organization copying text from a loan agreement, changing the address it should be returned to (which would not radically alter the appearance of the form) and then putting the form into general circulation. Alternatively, someone outside the organization could tamper with a form posted online - an act of sabotage which can be done without much technical expertise if your defenses are down.
Remember that a significant proportion of the information flowing through an organization is made up of forms; sometimes numbering several thousand. It is possible to make minor amends without it being noticed for a while. In a regulated industry like financial services or pharmaceuticals, this can often result in the industry watchdog imposing a large, up to seven-figure fine. A determined saboteur will often succeed - the trick is to make sure that it is as difficult as possible, that the damage is confined to as small an area as possible, and that the perpetrator can be caught quickly and easily after the offence has been committed. Digital signatures, audit trails, immutable file formats such as a PDF and PKI certificates all protect against sabotage.
Cultural acceptance of security measures
One of the biggest barriers to new security measures being adopted is getting users accustomed to the changes, such as accepting new processes and learning new pieces of software.
This can be particularly awkward when it comes to customers and partners. After all, why should they have to splash out on expensive new packages just to comply with security measures, from which they don't see much benefit? One way around this problem is to look at the dormant features of existing desktop software. If security comes with a package users are already familiar with, winning cultural acceptance becomes less of a challenge. This has the added advantage of being easier to get past the finance department, since these days even security items need to have proven ROI.
Another way to ensure that security measures are adopted across the organization is to make sure that the technology is more than just a bolt-on, that it is tightly integrated with existing desktop systems. In an ideal situation, it will look as though it has become part of the package itself, for instance, taking the form of an icon on a tool bar which just needs to be clicked on once to protect the document. It is this kind of user-friendliness
that guarantees cultural acceptance.
Recent high-profile security lapses, such as the government form that a UK Member of Parliament tampered with to help a Brazilian male escort flout immigration laws, have put document security into the spotlight. Organizations today need to address security in a way that looks beyond the enterprise infrastructure and instead focuses on the documents themselves.
The way that humans interact with documents is key to this since they are both the problem and the solution. Through error or wrongdoing, they cause these breaches but they also have the power to ensure that any policy you implement is successful. This is why usability is essential if you are ever to ensure that a company-wide document security policy works.
Mark Wheeler Is enterprise product manager at Adobe Systems
