Protect The Content, Not The Location: Anywhere

Transcription

Protect The Content, Not The Location: Anywhere
AIIM White Paper
Protect The Content, Not The Location:
Anywhere Security For A Hyper
Connected World
Sponsored by
About the White Paper
We are happy to extend free use of the materials in this report to end-user companies and to independent
consultants, but not to suppliers of ECM systems, products and services, other than Vera and its subsidiaries
and partners. Any use of this material must carry the attribution – “© AIIM 2015 www.aiim.org / © Vera 2015
www.Vera.com”
Rather than redistribute a copy of this report to your colleagues, we would prefer that you direct them to
www.aiim.org/research for a download of their own.
Our ability to deliver such high-quality research is made possible by the financial support of our underwriting
sponsor, without whom we would have to return to a paid subscription model. For that, we hope you will join us
in thanking our underwriter for this support:
Vera
318 Cambridge Avenue,
Palo Alto, CA 94306
Tel: +1 844.438.8372
Email: info@vera.com
Web: www.vera.com
About AIIM
AIIM has been an advocate and supporter of information professionals for nearly 70 years. The association
mission is to ensure that information professionals understand the current and future challenges of managing
information assets in an era of social, mobile, cloud and big data. AIIM builds on a strong heritage of research
and member service. Today, AIIM is a global, non-profit organization that provides independent research,
education and certification programs to information professionals. AIIM represents the entire information
management community: practitioners, technology suppliers, integrators and consultants. AIIM runs a series of
training programs, including the ERM Certificate course. www.aiim.org/training/Electronic-Records-Management
About the author
Doug Miles is head of the AIIM Market Intelligence Division. He has over 30 years’ experience of working with
users and vendors across a broad spectrum of IT applications. An early pioneer of document management
systems for business and engineering applications, Doug has produced many AIIM survey reports on issues
and drivers for Capture, ECM, Information Governance, Records Management, SharePoint, Big Data, Mobile
and Social Business. Doug has also worked closely with other enterprise-level IT systems such as ERP, BI and
CRM. He has an MSc in Communications Engineering and is a member of the IET in the UK.
© 2015
© 2015
AIIMVera
1100 Wayne Avenue, Suite 1100
Vera, 318 Cambridge Avenue
Silver Spring, MD 20910
Palo Alto, CA 94306
+1 301 587-8202
+1 844.438.8372
www.aiim.org
www.vera.com
© AIIM 2015 www.aiim.org / © Vera 2015 www.vera.com
Protect The Content, Not The Location: Anywhere Security For A Hyper Connected World
As the non-profit association dedicated to nurturing, growing and supporting the user and supplier communities
of ECM Enterprise Content Management, AIIM is proud to provide this research at no charge. In this way, the
entire community can leverage the education, thought leadership and direction provided by our work. Our
objective is to present the “wisdom of the crowds” based on our 80,000-strong community.
1
Table of Contents
About the White Paper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
About AIIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
About the author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Content in Motion
Content in Motion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Adding Protection to the File Itself
Adding Protection to the File Itself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Digital Rights Management (DRM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Information Rights Management
Information Rights Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Ease of Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
How It Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Factors to Consider
Factors to Consider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Conclusion and Recommendations
Conclusion and Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
UNDERWRITTEN BY
UNDERWRITTEN BY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
About Vera . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
About AIIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
© AIIM 2015 www.aiim.org / © Vera 2015 www.vera.com
Protect The Content, Not The Location: Anywhere Security For A Hyper Connected World
About the White Paper
2
Introduction
But suppose that instead of building protective walls around places where sensitive documents are held, we
embed security into the document itself? Suppose the document knows who is allowed to read it, print it,
copy it and share it? Suppose we could track where the document is being opened, respond individually to
requests to open it, and revoke rights at any time in the future? You may feel this is already achievable using
password protection on the document itself, along with standard encryption. But in fact, no, it isn’t. Firstly,
we have to rely on staff diligence to apply the password, the password has to be passed on securely to each
recipient, it has to be entered each time the document is opened, and should the password be compromised,
the document is vulnerable for all time.
Digital Rights Management (DRM) has been around for a long time, but mostly in the guise of copy protection
for paid-for content such as in iTunes, movies or games. The same ideas can be applied to protect the
everyday documents, contracts, images and drawings that we share internally and with external partners, but
the mechanisms and workflows that we use must be simple, reliable, effective and compliant. They must work
as easily on mobiles as in-house, and apply to cloud as well as on-prem. In this paper we discuss how such
systems work, what the implications are for our existing content systems, and how different approaches and
feature sets affect product selection and suitability.
Content in Motion
The need for collaboration has dramatically increased due to the way that business is structured, and
the revolution in communications. In a recent AIIM survey1 93% agreed that internal collaboration is very
important or crucial to what they do, and for 58%, collaboration with external partners is just as vital. Along
with collaboration goes sharing. Sharing of documents and content is fundamental to collaboration between
and within project teams and business partnerships. Starting with emails and email attachments, the ways
that we can now share content have exploded. Figure 1 indicates a range of ways to share content, and the
security dilemma this creates within IT departments.
Figure 1: Which of the following ways of accessing and sharing company content are against
official policy in your organization? (N=4171)
0%
Consumer cloud services, eg: Dropbox, Skydrive,
i-Cloud, Google Drive, YouSendIt
Copying content to USB-s­cks
File sync to laptops/remote desktops/tablets
Content capture services, eg: Evernote, OneNote
Mobile device access to content by emailing to self
Mobile device access to content via app or VPN
Emailing a—achments to mul­ple people
© AIIM 2015 www.aiim.org / © Vera 2015 www.vera.com
20%
40%
60%
Protect The Content, Not The Location: Anywhere Security For A Hyper Connected World
The failure of traditional end-point security to protect valuable documents and content is well known. Wellpublicized leaks of sensitive communications and valuable intellectual property regularly hit the news
headlines, and we know that many are a result of the failure of password protected repositories and firewalls.
Less well publicized, but just as damaging, are the everyday leaks where HR passwords become common
knowledge, documents are accidently sent to the wrong person, or former employees walk away with
valuable content. Once leaked into the public domain, content owners are helpless to prevent further copying
and sharing.
3
Email attachments, that most basic mechanism of content exchange, are fraught with potential security
problems — sending to the wrong person due to auto-prompting; a reply-all that includes the very person
0%
20%
40%
60%
who shouldn’t see it; picking the wrong document to send, and of course, the clumsy attempts to withdraw the
wronglyConsumer
sent emailcloud
which
simply eg:
alerts
the recipients
to the sensitive content.
services,
Dropbox,
Skydrive,
i-Cloud,toGoogle
Drive,amounts
YouSendIt
USB sticks have the capacity
store huge
of data – complete customer lists, sensitive R&D data,
full sets of financial reports, commercially sensitive tenders and bids – and we can see why otherwise diligent
Copying content to USB-s­cks
and honest employees may wish to have this data with them overnight or when travelling. We also know that
less honest employees can carry away such data at will, once they are past the login security.
File sync to laptops/remote desktops/tablets
Consumer file-share-and-sync services are a two-way risk. In share mode, the cloud repository is likely at
best to be only barely protected by a password; at worst simply the possession of the link will expose the
Content
capture
services,will
eg:become
Evernote,
OneNote
file. In sync
mode,
the content
available
on just about any device the user has set up – desktop,
laptop, tablet and phone, all of which will require effective end-point security if the document is to stay
Mobile device access to content by emailing to self
protected.
Mobile devices can collect corporate content in any number of ways. Even authorized mechanisms such as
Mobile device
access to files
content
appinorinsecure
VPN
email attachments
or OneDrive
can via
result
copies hidden only by a very simple PIN number.
Useful manager-support applications like Evernote and OneNote may stay permanently logged in on the
Emailing
a—achments
mul­ple
peoplecorporate systems will leave security wide open if they
device, and even
officially
sanctionedtoapps
accessing
do not use containerized storage or MDM (Mobile Data Management) infrastructures.
Unfortunately, those 28% of respondents in Figure 2 who say they provided no access to corporate content,
and probably the 28% who only sanction on-line browser access, are failing to see (or ignoring) the myriad of
other ways that employees are circumventing security in order to get their jobs done while on the move.
Figure 2: Do you use any of the following to secure content on the mobile
device or in transit? (N=3291)
0%
5%
10%
15%
20%
25%
30%
Dedicated mobile data management (MDM)
file-transfer system
Secure containerized access system
provided by third party
Secure containerized access system
provided by ECM supplier
File protec­on via Informa­on Rights
Management (IRM)
Basic app provided by collabora­on
system/ECM supplier
None of these – browser access only
(via VPN)
None of these - no access provided
In summary, content in motion has never been more at risk, and the security systems and firewalls that we
traditionally use to protect our content are being breached by our own employees on a daily basis.
© AIIM 2015 www.aiim.org / © Vera 2015 www.vera.com
Protect The Content, Not The Location: Anywhere Security For A Hyper Connected World
A characteristic of these mechanisms is that they represent “content in motion” rather than “content at rest,”
and we can see from the attempts of the IT departments to ban these content exchange mechanisms that
securing content in motion is becoming a huge issue. The explosive growth of consumer-grade file-shareand-sync services, most of which are used without official sanction, shows that when it comes to the choice
between facilitating collaboration, or complying with corporate security rules, most employees will use
whatever they need to get their job done in the simplest of ways.
4
Adding Protection to the File Itself
Encryption
Encryption is not new. Microsoft Word and Excel have had password protection since the very earliest of days
(although it’s less easy to find than it used to be - it’s under File, Info). So why is it so underused? Well the first
problem is that the user has to opt into using it. There is no context that says, “Before you send this there, using
that channel, you must encrypt it.” The second problem is that the recipient needs to know the password in order
to open the file. How often have we all seen the password to the attachment sent in the body of the email, or in
the next email in the hope that an intruder would not notice that one? The third problem is that once the recipient
has opened the file, they can re-open it any time they like, or pass it on to any other person. If a much-used
password becomes common knowledge, there is no way to revoke permissions, so all past documents are
vulnerable. The fourth problem is that if the password is lost, forgotten, or walks away to another employer, the
document is useless. Of course, the usual answer to this is to store an unencrypted copy on the server just in
case…
Once a document is encrypted it is not possible to do a free text search on the contents, but with simple, save-as
encryption, there is nothing to force any degree of metadata tagging around the document that would assist with
future search or e-discovery. A further major usability issue is that Word software, PDF software, CAD software,
and emails will all have differing ways to invoke protection, and this unfamiliarity makes users cautious in case
they permanently lock out the file.
Digital Rights Management (DRM)
Primarily introduced as a means to prevent copying of copyright material, particularly entertainment material,
one of the techniques used for DRM is persistent online verification, where connection to a web server is
required in order to open or play the content, which would otherwise be encrypted. Another technique, used
by Apple’s iTunes (and by some catch-up TV systems), is to pass the decryption keys to the local iTunes
software or app, along with the downloaded media, so that they can be played while offline. If the user needs
to set up or transfer their tunes to another device, this installation will have to be authorized over the web
against the original purchaser’s account. This obviates the need for continuous connection, but still allows copy
management (and revocation or expiry) from a web or cloud-based control system.
Information Rights Management
Variations of these techniques can be used to protect corporate content, and have given rise to the terms
Enterprise Digital Rights Management (E-DRM) or more simply, Information Rights Management (IRM). Most of
these systems will selectively extend rights control to prevent copy & pasting, screenshots, printing, and editing
of any given piece of content. One major advantage of protecting the file itself with an IRM scheme is that the
content is protected both at rest and in motion. This gives an added layer of security when stored on “open”
repositories within the firewall, such as file-shares, but also protects content that finds its way onto cloud-share
and cloud collaboration systems such as Office 365, Box and Jive. It also reduces dependency on VPNs during
transfers and downloads.
Ease of Use
As we discussed earlier, the prime consideration for the user is that IRM protection should not get in the way
of their normal tasks. The main consideration for the IT department is that managing the system, setting the
policies, distributing the keys, and dealing with end-of project, or ex-employee content should be as simple and
as automated as possible, whilst remaining totally secure.
Distribution of the system elements between on-premise and cloud will affect these issues to an extent, and there
can be sensitivity to where encryption keys are stored, and how the credentials of external partners are checked.
This may also reflect back on the ease-of-use for the end-user.
© AIIM 2015 www.aiim.org / © Vera 2015 www.vera.com
Protect The Content, Not The Location: Anywhere Security For A Hyper Connected World
So how can we add protection to the file itself, rather than the server or device it sits on? Well surely encryption
was invented for this very reason.
5
How It Works
During subsequent communication and intermediary storage, the document is protected no matter
how insecure the device or network is. When someone tries to open it, the encrypted document will
reference the policy to see if what rights that user has. If it is still within the company firewall, the
Active Directory will be interrogated to ascertain the user’s position or role, and the local copy of the
appropriate policy will be referenced as to their access rights.
If the file is in the hands of a “safe” recipient on a device that is outside the firewall, the document
will interrogate the cloud-based control system to see if secure user credentials have been
established, and what the policy allows them to do. If the user’s device is off-line, then the local
app needs to have been passed details in advance of what the credentialed user can do with the
document – and if the device cannot establish the user’s credentials, then the app can be instructed
to delete the document. It may even report to the control system the geographical location of the
device to facilitate tracking of leaked data.
Once the user credentials and the policy relating to the document have been established, the
encryption keys need to be passed to the user’s device in order to open the file. These keys may
be held in a cloud control system, they may be stored on-premise in the originating organization, or
they may be stored on the device itself if the document has been pre-authorized for off-line access.
The central control system is involved whenever an attempt is made to open the file, and this
is independent of any local device clocks or stored keys. Therefore, an audit trail of opens is
established, documents can be time expired, permissions can be revoked, and any major data-loss
incidents can be rapidly closed down.
Factors to Consider
There are obviously variations in function and facility between different offerings of IRM, and
evaluation should include scenarios such as:
n Will work be interrupted if I, or the intended recipient, have no internet connection?
n What happens when an employee leaves – at our end, or at their end?
n How can I reassure my legal team that they can still run e-discovery across our emails?
n Will our Enterprise Search system still be able to find any relevant document?
n What happens if I change device or PC?
n If I can revoke rights on a document sent to a third party, has it legally been delivered?
n Can encrypted documents be opened on all current and future devices?
© AIIM 2015 www.aiim.org / © Vera 2015 www.vera.com
Protect The Content, Not The Location: Anywhere Security For A Hyper Connected World
The first aspect of an IRM platform is that it needs to be invoked in a controllable and policy-based
way. In the simplest way, users can choose at save time how to protect the document. Better is
to build it into the users’ workflow, perhaps when a document is downloaded from SharePoint, or
when an attachment is added to an email destined for an external address, or when a key report is
exported from the core financial system, or when any document is saved by a C-level manager. At
this point, the document is encrypted, and referenced to a policy based on the content type, and the
context of the action, to define how it needs to be protected and for which people, inside or outside
the organization.
6
Conclusion and Recommendations
Developed from DRM concepts, Information Rights Management systems have come to the fore of late.
They are based on the encrypted file itself knowing how to validate who is trying to open it, and checking
what they are allowed to do with the content inside. Once credentials and rights have been established,
decryption keys can be picked up either from on-prem servers, or from the cloud. This sets up a content
distribution management and monitoring structure that can report on who is opening a document, what time
of day it is, and where they are geographically. It also allows rights to be revoked, either on a document-bydocument basis, or en masse in the case of a major data leak.
Recommendations
n Be aware of both sanctioned and un-sanctioned use by your employees of file-sync-and-share systems,
and other cloud-based services. Establish what types of sensitive content are regularly being exchanged
or duplicated. Do not assume that barred access or non-use policies are being effective.
n Do not exclude senior management from this investigation. They are often the biggest users (for
reasons of convenience or selectivity), and their content is likely to be the most sensitive.
n Look at where encryption is currently being used, perhaps in selective groups such as the legal
department or HR, and what issues they are facing.
n Engage with vendors of IRM systems, and ask difficult questions about ease-of-use and on-line/off-line
dependencies. Raise your specific concerns about cloud-stored and on-prem keys and policies.
n Take advantage of any trial offers, and be sure to include both internal and external users, as well as a
range of mobile devices.
n If all goes well, make the business case to the top-level users whose content exchange practices you
consider to be putting the business at most risk.
n For more general deployment, look to context-based and automated invocation based on content types,
communications channel and location of recipients.
References
1. AIIM Industry Watch “Content Collaboration and Processing in a Cloud and Mobile World.”
Nov 2013. www.aiim.org/research
© AIIM 2015 www.aiim.org / © Vera 2015 www.vera.com
Protect The Content, Not The Location: Anywhere Security For A Hyper Connected World
Sensitive documents, data and other content that relies on end-point security, or security based on
firewalls and password protected storage is under considerable threat of being compromised, not just from
determined intruders, but also by the actions of our own staff who place content in cloud systems, and
onto mobile devices with little thought to the vulnerabilities they are exposing. It has long been realized
that encrypting content at rest, and particularly content in motion, is the only way to secure sensitive and
potentially damaging content. However, this can create difficulties for users on the originating end, but even
more so for recipients, necessitating the secure transmission of passwords or decryption keys, and their
management across the whole lifetime of the secured content.
7
UNDERWRITTEN BY
A new kind of security solution that protects documents, regardless of how they are stored, shared, or
application used. Vera’s zero touch security platform enables business to get started in minutes to protect,
track, and control documents anywhere.
n Share securely via email, the cloud, or repositories like Box, Dropbox or Google Drive
n Data Loss Prevention (DLP) policies travel with your files at the data level
n Files will be unreadable to unauthorized users
n Unauthorized individuals who receive files may request access; the file originator can decide who is
authorized to view or edit
n Works with applications you use every day (Microsoft Word, Adobe PDF and more) and on both desktops
and mobile devices
For more information, please visit www.vera.com
© AIIM 2015 www.aiim.org / © Vera 2015 www.vera.com
Protect The Content, Not The Location: Anywhere Security For A Hyper Connected World
About Vera
8
AIIM (www.aiim.org) is the global community of information professionals. We provide the education, research
and certification that information professionals need to manage and share information assets in an era of
mobile, social, cloud and big data.
Founded in 1943, AIIM builds on a strong heritage of research and member service. Today, AIIM is a
global, non-profit organization that provides independent research, education and certification programs to
information professionals. AIIM represents the entire information management community, with programs and
content for practitioners, technology suppliers, integrators and consultants.
© 2015
AIIM
AIIM Europe
1100 Wayne Avenue, Suite 1100
The IT Centre, Lowesmoor Wharf
Silver Spring, MD 20910
Worcester, WR1 2RR, UK
+1 301 587 8202
+44 (0)1905 727600
www.aiim.org
www.aiim.eu
© AIIM 2015 www.aiim.org / © Vera 2015 www.vera.com
Protect The Content, Not The Location: Anywhere Security For A Hyper Connected World
About AIIM
9