Enterprise Rights Management and Keeping Data in-House

Several years ago, Flextronics was struggling with a thorny security issue: figuring out how to prevent sensitive and proprietary information from going astray once it was in the hands of authorized users.

By Elisabeth Horwitt
Mon, April 26, 2010

Computerworld — Several years ago, Flextronics was struggling with a thorny security issue: figuring out how to prevent sensitive and proprietary information from going astray once it was in the hands of authorized users.

Enterprise Data Security: Definition and Solutions

Like most large enterprises, the global manufacturing services firm had built strong defenses against attacks from the outside, according to Brian Bauer, who was vice president of global IT strategy at the time. (Flextronics' current CIO declined to speak on the record for this story.)

Even so, the company's defenses didn't necessarily apply to employees, customers and contractors.

One of the sticking points was ensuring that customers and contractors gained access only to the parts of Flextronics databases that applied to their projects. The company designs and builds products for some of the world's leading router, video game and medical device companies, many of which are rivals.

Bauer's group also needed a way to prevent, or at least deter, design engineers from leaking valuable and sensitive information, says Bauer, who is currently managing partner at information services consulting firm Bauer & Associates. In his experience, about 70% of data losses are due to mistakes, not deliberate theft, he says.

Flextronics' IT group initially tried to "lock everything down" by prohibiting employees from including sensitive information in a wiki or blog post, bringing flash drives or cameras to work, or even using the Internet, says Bauer. Not surprisingly, this irritated engineers, who complained that they couldn't get the information they needed to do their jobs.

The company's ended up turning to an enterprise rights management (ERM) platform that combines a policy engine with data loss prevention and information rights management, NextLabs' Enterprise DLP.

Setting policies vs. assigning granular rights

Data loss prevention (DLP) software scans information being sent beyond the firewall and applies security policies to that data. Policies are typically content-based; for example, a rule might state that if information contains a certain key word or phrase, it doesn't belong on a specific type of device or can't leave the company unencrypted.

For its part, information rights management (IRM) applies granular, user-based access rights to digital data objects outside the corporate firewall. For example, an employee on the road might be able to read and change a file on his BlackBerry but not e-mail the file or download it to a USB device. A contractor might be able to read a document but not print it or send it to a colleague.

With enterprise DLP controls in place at Flextronics, design engineers can access information and collaborate with colleagues on the Web, and bring their USB flash drives (but not cameras) to work, Bauer says.

1 2 3 4 5 next page »

Originally published on www.computerworld.com. Click here to read the original story.

You are here: Technology Topics » Security » News

Most Recent Data protection Stories

White Papers »

Top Ten Security Topics

The topics span attack categories, trends and priorities, with a short synopsis of the topics, various use cases, key concepts, and providing references to our Security Connected Reference Architecture.

The New Reality of Stealth Crimeware (McAfee Labs)

With cybercrime on the rise, McAfee and Intel researchers believe that we need to re-envision how to detect and block stealthy malware.

2012 Threat Predictions Report (McAfee Labs)

As they have done for the past several years, McAfee Labs is ready to dust off their crystal ball and offer their fearless predictions of the threats of the upcoming year and beyond. We urge you to consider these ideas to prepare for the ever-evolving threats of the future.

McAfee Security Connected - Mitigates Risk, Maximizes Business Efficiency

McAfee Security Connected framework integrates potentially disparate security technologies. Learn how it enables technologies to work together through collective intelligence, while enhancing each solution's individual security capabilities, efficiencies, and effectiveness. This integrated framework delivers real-time visibility into the security and risk management profile of your business.

From the Frontline - Preventing APT

Is your company's network secure? Are your endpoints and servers secured? Before you answer, read this case study on a US Military Command that discovered no matter how much you educate users, hackers can get through traditional defenses. This targeted attack blew through all layers of their security, except one: Bit9 Parity's advanced threat protection.

Protecting Point of Sale Systems from Targeted Attack

If you are responsible for protecting retail systems, download this case study to learn how this retailer eliminated the threat of malware on their POS systems using Bit9's award winning solutions.

Webcasts »

Spear Phishing and the Modern Cyber Attack

Learn how IT teams can protect against spear phishing tactics. Harry Sverdlove, chief technology officer of Bit9 offers a frank discussion about spear phishing - the most common technique used in today's advanced attacks. Learn how spear phishing works and three recommendations for IT to protect against modern threats.

McAfee Continuous Compliance

3 minute Flash video - overview of the need for and value of Configuration Control.

Gartner Next Generation Network IPS Webcast

Learn how Gartner's criteria for next generation IPS helps organizations achieve effective threat prevention despite changes in network communications, new applications, and changes in the threat landscape.

Taming the Wild West: How to build a strong cloud security strategy

Cloud deployments are playing a critical role in propelling innovation for many companies. At the same time security has become the #1 one of the top concerns for IT and business leaders as they migrate into the cloud. In this webinar, learn from Accenture discusses how to recast the cloud as a "fresh chance to rethink your approach to security."

Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on Vmware

Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn about VMware customer, Navicure, and their experiences testing and evaluating the recovery manager, their progress in implementing it in their environment and their advice other customers considering using vCenter.

Quantifying the Business Value of VMware View - Webcast

Many enterprises have discovered that the use of virtualization to support desktop workloads creates a range of significant benefits. These benefits include price efficiencies, improved IT management and greater agility and choice for end users.

This VMware sponsored webcast with IDC will provide both quantitative measurement of the business value -- defined as the expected ROI -- and qualitative analysis associated with the use of VMware View™. IDC will also provide an analysis of the View Composer and ThinApp™ features of VMware View, including the business value of these solutions and an overview of how they work.

Attend this webcast to learn about:
- Challenges and barriers that might impede the adoption of desktop virtualization
- Navigating roadblocks to facilitate a strategic implementation
- Optimizing qualitative and quantitative benefits to IT and your business

Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter

CIO Leader
CIO Security
CIO Data Center
CIO Enterprise
View all Newsletters | Privacy Policy

IT Jobs »

See All Jobs » Post a job for $295 »

Jobs powered by SimplyHired

White Papers » All White Papers