Egress debuts fresh data-security model

Operating on the theory that data at rest isn't a problem until it becomes restless, Egress Software Technologies on Monday debuted a security system designed to protect data in motion -- over the net, on a thumbdrive, in the cloud, or what you will.

Bob Egner, US president of the UK-based Egress, notes that practically speaking you can't not share data these days; the ways we all work with partner firms and third-party vendors dictate it. The problem is that as your data gets further from you, its primary keeper, it can become increasingly hard to make sure that only the right people can access it. The ubiquity of cheap, capacious data containers (DVD-Rs, thumb drives, even MP3 players) adds another layer of complexity, making it even easier for large masses of data to go on walkabout.

Egress' gordian-knot solution is to simply "not tangle much with transport," as Egner puts it. Instead, the company's offering a s Software-as-a-Service-style take on enterprise rights management: Wrap the data securely, set access and security parameters, and let 'er rip -- damn the transport mechanisms.

The product's called Switch, and it requires a bit of software on both owner and recipient sides. On the information owner's side, the drag-and-drop client lets the user add files and set permissions and policies (view for 14 days only, no printouts, changes okay, no duplications? no problem!). As the package is created, the software passes along to the Switch server the information on security policies as well as package and audit information. When it's ready, send it away -- e-mail, USB, or whatever.

The recipient will need the Switch package viewer to open the package; the software checks with the cloud to ascertain security policies and so forth, and it's off to the races. As the data's used, the service (which can even check in every few minutes to be sure that, for instance, your recipient didn't leave the file open on her machine and go to lunch, if that's a problem for you) logs information on the package's continued history to your library (shown in the screen capture below). If the file's stolen, the data's still PKI-protected; if relations between owner and recipient change, rights to the data can be changed to reflect that.

Egress has been testing Switch for a while with, among other clients, the Royal Bank of Scotland. RBS has a lot of data-requiring partners, including investors and the government, so they've looked at a number of potential solutions over the years. Switch met their hopes for cutting down on end-user education and amping up control of data in distribution -- handily met, since the Switch software even includes a "select data exchange mechanism" that'll burn the DVD or compress the file or prep the e-mail. But there were also some nice surprises: real-time policy control led to better-than-expected security, and the receipt-tracking feature came in unexpectedly quite handy under certain circumstances.

Egress is using the sender-pays model for Switch, offering either subscriptions (for individuals, starting at $9.49; for business, starting at $34), or there's a five-credit pack for those with limited need. (A credit equals one user opening the file once.) There's also an enterprise hosting model available -- and, until April 15, a 30-day trial offer for your testing delectation.