RSSEgress debuts fresh data-security model
By Angela Gunn | Published March 16, 2009, 6:08 PM
Operating on the theory that data at rest isn't a problem until it becomes restless, Egress Software Technologies on Monday debuted a security system designed to protect data in motion -- over the net, on a thumbdrive, in the cloud, or what you will.
Bob Egner, US president of the UK-based Egress, notes that practically speaking you can't not share data these days; the ways we all work with partner firms and third-party vendors dictate it. The problem is that as your data gets further from you, its primary keeper, it can become increasingly hard to make sure that only the right people can access it. The ubiquity of cheap, capacious data containers (DVD-Rs, thumb drives, even MP3 players) adds another layer of complexity, making it even easier for large masses of data to go on walkabout.
Egress' gordian-knot solution is to simply "not tangle much with transport," as Egner puts it. Instead, the company's offering a s Software-as-a-Service-style take on enterprise rights management: Wrap the data securely, set access and security parameters, and let 'er rip -- damn the transport mechanisms.
The product's called Switch, and it requires a bit of software on both owner and recipient sides. On the information owner's side, the drag-and-drop client lets the user add files and set permissions and policies (view for 14 days only, no printouts, changes okay, no duplications? no problem!). As the package is created, the software passes along to the Switch server the information on security policies as well as package and audit information. When it's ready, send it away -- e-mail, USB, or whatever.
The recipient will need the Switch package viewer to open the package; the software checks with the cloud to ascertain security policies and so forth, and it's off to the races. As the data's used, the service (which can even check in every few minutes to be sure that, for instance, your recipient didn't leave the file open on her machine and go to lunch, if that's a problem for you) logs information on the package's continued history to your library (shown in the screen capture below). If the file's stolen, the data's still PKI-protected; if relations between owner and recipient change, rights to the data can be changed to reflect that.
Egress has been testing Switch for a while with, among other clients, the Royal Bank of Scotland. RBS has a lot of data-requiring partners, including investors and the government, so they've looked at a number of potential solutions over the years. Switch met their hopes for cutting down on end-user education and amping up control of data in distribution -- handily met, since the Switch software even includes a "select data exchange mechanism" that'll burn the DVD or compress the file or prep the e-mail. But there were also some nice surprises: real-time policy control led to better-than-expected security, and the receipt-tracking feature came in unexpectedly quite handy under certain circumstances.
Egress is using the sender-pays model for Switch, offering either subscriptions (for individuals, starting at $9.49; for business, starting at $34), or there's a five-credit pack for those with limited need. (A credit equals one user opening the file once.) There's also an enterprise hosting model available -- and, until April 15, a 30-day trial offer for your testing delectation.
Digital Rights Management may sound like a great way to handle sensitive data, but in reality DRM has failed to catch on in scores of other applications. This (DRM) approach might be a good individual tool to add to your arsenal of weapons, but the fundamental basis of a good data breach prevention strategy lies in protecting your entire organization through ongoing training, cross-departmental policies, and compliance. I recommend visiting Identity Force (www.identityforce.com) to learn more.
Remember that most breaches are not caused by hacks or cyber attacks.
Score: 0
|While Egress Switch has some features like enterprise rights management (ERM) products, it is different in two important ways.
First, Switch places no user management tasks on the information owner (or their IT department) compared to ERM products which require the owner to manage user info for those outside their domain.
Second, Switch will protect any files by encrypting them compared to ERM products that incorporate complicated and labor-intensive data classification schemes to selective protect just the sensitive files.
You don't have to look very far to see that ERM has not gained great acceptance in many markets. Our objective at Egress is to build a high value data security service that is easy to use and cost effective - even if it happens to have some ERM-like features.
Score: 0
|I wonder how they propose to stop people taking screen shots? Or simply remembering what they read?
At most this product make copying the data more difficult. If they are determined to do so they will, and it's quite possible that the software will irritate them into doing so!
Score: 0
|