Data Security: How secure is your data?

6 07 2012

Enterprise environments have historically focused on network security, authentication security, and data in transit security – and felt secure. The focus was on securing the access points to applications and data, not really the data itself. In a world of disparate cross functional business process, cross device mobile access requirements, and structured and unstructured data, securing enterprise data has become a real challenge. Corporate objectives for financial gain create business processes that tie together resources and execution to reduce operational costs and increase speed to delivery. Security is generally an afterthought and viewed as an inhibitor to progress.

Enterprise data is created to support business process. Enterprise business process often involves many nonexclusive individual disparate processes, steps, teams, resources, and systems, and may even include other corporations. Enterprise environments operate with a combination of systems that range from insecure legacy mainframe systems to modern client-server web applications that are considered secure. Data resides across the systems landscape with little time to structure into a cohesive hierarchy that mimics an end-to-end business process. Continually changing enterprise environments inhibit the complete restructuring of data and supporting systems. Changes include business process, technology, systems, requirements, operating locations, corporate partnerships, and industry threats. Most business processes require the support of many systems to operate, forcing data transformation in some way – from one format to another.

Enterprise data is intellectual property that can be file based or internal system based, like a database of organized textual fields. In this context, data defines file based and information defines internal system based. Information is always structured within a system and data can be structured or unstructured from a controlling perspective. Information and data are not mutually exclusive, driving controversial implementations of the words. Many information systems have the ability to report on information and generate reports that are saved as unstructured data for use externally. Structured data can reside as an attribute (BLOB) within an information system, yet be exported as unstructured data for use externally. Regardless of design intent, information or data, structured or unstructured, most businesses require transformation across the spectrum creating unstructured data throughout the enterprise.

File based data can be structured within a system that controls access to the data, maintains external file information about the data, and graphically manages user display – e.g., Microsoft® SharePoint®. Business process often requires structured data in an unstructured environment. To provide data to partners that do not have access to internal corporate systems to directly access the data would require data to become unstructured for transport and sharing. Converting structured data from one format to another often requires the data to be exported into an unstructured environment to be translated. Structured design data may need to be exported, translated to a legacy format, and ingested by a legacy manufacturing tooling system within another corporation. Regardless of the driving business process, exporting information or structured data to be utilized externally or while off-line creates more unstructured data. Unstructured data is not under system control and stored anywhere the user feels it necessary to be productive, regardless of the security aspects.

With mobile technology prevalent within the consumer market, user demands set expectations for the same level of technology within the enterprise. Multi-device data access has further scattered unstructured data on a wider range of media and insecure locations. Insecure corporate and personal device access to corporate IP has made strictly securing system access less effective at protecting the unstructured data itself. Data residing on multiple devices is often the same data. Business process objectives drive this behavior for efficiency. Laptops, tablets, smartphones, desktops, and workstations, both corporate and personal, are used to access applications and store unstructured data. To be fully functional in a connected and disconnected network reality, each device requires the ability to store data locally as well as in back-end systems.In a perfect world, all data would have a single copy with ubiquitous access to all device types. Data required in a disconnected state would have further protection to ensure the data is protected, regardless of where it is stored. Access and network security would continue to be a focus, but the data itself would have protection of its own. Securing actual end-user devices would become less of an issue, because the data itself is protected. Architecting an ecosystem with access to internal systems and data from insecure devices has many other challenges. Implementation of stringent virus, threat, and access solutions to keep the back-end environment clean and secure would need to be enforced – but the real issue of uncontrolled IP would be addressed.

Unfortunately, the world is not perfect – yet. Combining the power and security of a cloud storage solution and an Information Rights Management (IRM) solution (a.k.a. DRM – Digital Rights Management), there’s hope. [5] Cloud storage solutions hold a promise to solve ubiquitous data access to all connected devices and the ability to sync data locally for disconnected access. IRM solutions encrypt and decrypt data from end-user applications upon access and leverage a back-end rights management system to apply rights to the data itself. Regardless of where the data is stored, it is encrypted on disk, encrypted in flight, and requires authentication and authorization upon each access or to perform data manipulation functions. [5] IRM solutions with application integrations to keep the data secure at all storage points are required to be effective. IRM solutions include a complete audit trail of file access to add security tractability. [4] IRM solutions secure unstructured data security. Cloud storage solutions provide ubiquitous access. Cloud storage with enforced IRM is the ultimate combination to secure accessible unstructured data.

The cloud storage IRM combination is slow to be adopted, why?

Cloud storage solutions lack industry standard adaption, driving different implementation requirements from cloud storage suppliers. Although there are standards organizations working on cloud standards, adaption is not as far along. [1] Among others, the Open Cloud Computing Interface (OCCI) working group created a standard API, but it lacks adaption. [2][3] Cloud storage solutions use proprietary API’s (Application Programming Interface) and create lock-in to a single vendor. Proprietary API’s and the lack of standards shy commercial application integration support. Supporting a multitude of cloud storage vendor solutions is costly, causing slow adaption by many commercial application vendors. [3] If the storage cloud is a public cloud there are additional security concerns, from off premise corporate IP storage to access rights. [3] Although a technical architecture could define all access through on-premise security solutions that perform authentication, authorization, encryptions, and decryption, it weakens the solutions attractiveness.

Similarly, Information Rights Management solutions lack common adopted industry standards; driving different implementations among IRM solutions. Without common standards, application integration would require various integrations to support multiple IRM solutions. Without widespread application integration across the enterprise, enterprise data will be left insecure at many points throughout the business process. IRM solutions require authentication upon access per a policy and user effort to function – further limiting user acceptance. [5]

The key to solving any problem lies in the understanding of the problem to be solved. In a world of complex business process, ease of user use, user performance, and the need for unstructured data stored on insecure devices, a combination of cloud storage and IRM solutions holds promise. Strictly securing access to systems and data is not enough to protect the actual data. Enterprise technologies are created to solve problems created from ever changing enterprise process and derived problems – and generally lag behind. There is evidence that the technology industry understands the problem and is working on integrated solutions to address it. Once cloud storage and IRM security technologies are fused, easy to use, and do not interfere with efficient business process they will be embraced. Once embraced, data security will no longer be an afterthought, yet common practice. The key unknown is if enterprise environments will implement a cohesive business process that can leverage integrated technical solutions to keep all unstructured data secure.

______________

[1] Cloud Standards Coordination. (6 June 2012). CloudStandards. In cloud-standards.org. Retrieved 24 June 2012, from http://cloud-standards.org/wiki/index.php?title=Main_Page#Cloud_Standards_Coordination.

[2] OCCI-wg. (2009-2011). Occi. In Open Cloud Computing Interface. Retrieved 24 June 2012, from http://occi-wg.org/.

[3] Chua, Melissa. (May 25, 2012). Lack of stringent industry standards hamper cloud adoption among SMBs. In SMBWORLD. Retrieved 24 June 2012, from http://www.smbworldasia.com/en/content/lack-stringent-industry-standards-hamper-cloud-adoption-among-smbs.

[4] EMC. (2010). EMC Documentum Information Rights Management Services. In EMC2 were information lives. Retrieved 24 June 2012, from http://www.emc.com/collateral/software/data-sheet/h3112-irm-services-ds.pdf.

[5] Horwitt, Elisabeth. (27 April 10). How enterprise DRM works. In Computer World. Retrieved 24 June 2012, from http://www.computerworlduk.com/how-to/security/3280/how-enterprise-drm-works/.

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: