Fighting the enemy within
Workshare Protect keeps good people from doing bad things with agency data
- By John Breeden II
- Sep 14, 2006
YOU SENT WHAT? Workshare's dashboard shows network admins and security officers what data breaches have occurred and what was done about them.
Sometimes keeping data safe is a bit like a cartoon in which the hapless character boards up all his windows and piles furniture against the doors only to find his nemesis standing behind him in the room.
Most network defenses are pointed toward the outside world and assume everything within the network is safe. During the Spanish Civil War, nationalist Gen. Emilio Mola was asked how he expected to besiege Madrid with only four columns of soldiers. He answered he had a secret fifth column of supporters within the city. There may not be subversive elements your agency, but the point is that most security breaches are accidental and come from the inside, and government IT shops need to address them.
The Workshare Protect Enterprise Suite is network security that looks at what's going on inside a network to help stop both purposeful and accidental information leaks. In addition, it can educate users when they're violating policy so they learn from their mistakes and don't send sensitive data outside the agency.
Installing the program is not difficult, though it requires a bit of sneaker work by the network admin. You need to install the software on your policy server first, then point each client back to the server for installation. After that, the clients will automatically contact the server at regular intervals to check for policy or program updates. You need about 50MB of free space on each client machine.Highly restrictive
When first installed, the program's default policy is highly restrictive. For example, you can't send a Word document to an outside source. Administrators will need to delve into the program and configure it to match their individual security policies. Workshare can scan any document created with Microsoft Office, including Excel, Word and PowerPoint. It also works with Lotus Notes 6.0 or higher and, of course, with Microsoft Outlook.
The interface is easy to use and highly detailed. For example, you could allow the word 'salary' within a Word document, but flag it if found inside a cell on an Excel spreadsheet. And because most federal agencies put classification levels in the header, you can set up policies based on the individual document type as defined by the header. Any file listed as top secret may have all routing possibilities disabled, for example, while lesser classified information might be sent to certain people but not outside the agency. This level of detail is surprisingly easy to configure, either from scratch or by modifying the default policy.
Beyond setting conditions and setting universal rules based on content, there is also a routing table that lets administrators define actions. These are commands the program will follow when specific conditions are met.
When sending an e-mail with a Word file attached, you might want Workshare to warn users if the document contains metadata while giving them the option to send it anyway. However, if that same document were to be sent outside the agency, you might want to force the sender to either scrub the document and convert it to .PDF, or not allow it to be sent at all. Clients will find several buttons added to their Word and Excel toolbars to initiate a document scan prior to attaching a file, which can help find and fix issues before sending. Regardless of the action taken, the Workshare server records that a policy was possibly breached and the steps the user took to remedy the situation.
In our testing, Workshare did an excellent job purging metadata from documents. It detected, for instance, that highlighting or overstriking a sentence in Word and then converting the file to .PDF did not actually remove the data. And it was able to find hidden 'track changes' in Word and warn us when sending e-mail on the lab network while blocking it altogether when we addressed the file to an outside account.
It isn't quite perfect, though. For example, Workshare did not catch a document where we had 'accidentally' moved a photo outside the visible margins of a file without actually removing it, a fairly common mistake. The nonvisible data might not be approved, but tech-savvy recipients can easily find it. Company officials said they were aware of that particular problem and were working on a fix.
Still, Workshare did catch almost everything else we threw at it. And at just $30 a seat for pricing, which decreases at higher volumes, it's inexpensive protection that can help eliminate the fifth column'even the accidental kind.
John Breeden II is a freelance technology writer for GCN.