The case for enterprise rights management
Richard Clarke, former special advisor to the President for cyber security, sounds as if he feels sorry for the Veterans Affairs Department employee who lost records for 26 million individuals
when he took the data home, only to have his laptop stolen.
"Was he at fault or was the department at fault?" Clarke said today at a breakfast in suburban Washington.
While not excusing the VA employee--he did after all violate department policy, Clarke pointed out--the former White House adviser and current chairman of Good Harbor Consulting
, lamented the fact that the government had to fire someone who, in most respects, was the kind of employee it should encourage--one who wanted
to work overtime on a project and felt the need to take files home to do so.
Clarke was advocating agencies use the type of security tools that would allow that freedom while tightly controlling who can do what with which data--namely enterprise rights management software.
The breakfast was put on by Liquid Machines
of Waltham, Mass., which has an ERM suite and recently named Clarke to its public sector advisory board.
Clarke said that not long ago his consulting firm was working with a Boston-based firm that sent over a bunch of data. While trying to manipulate the data (Clarke went so far as to say his team was trying to "hack" the data), Good Harbor personnel discovered they could view the data on-screen, but they could not copy it, or print it, or control it in any other way. It was protected by Liquid Machines' technology.
ERM, or digital rights management as the music/video providers call it, will be a hot topic in the coming years as agencies such as VA try to find technology answers to questions like "How can I make is so an employee can't copy files to a laptop or thumb drive? And how can I keep track of where data goes?"
Liquid Machines software can work with Microsoft Rights Management Services, which is part of Windows Server 2003 and controls data in newer Office versions. And Adobe Systems has been out promoting its LiveCycle Policy Server
for controlling documents inside and outside the firewall. (LiveCycle Policy Server won a GCN Best of FOSE 2005 award.)
Going forward there will be several ERM solutions to choose from and challenges to overcome--from integrating them with current directory systems to making them work with HSPD-12 PIV cards. But we have to agree with Clarke when he says that years from now we'll wonder why it took us so long to build this kind of data security.
"We don't know how to control our data and the access to it," he said. And he likened information security to the auto industry. Today we'd never buy a car that didn't have seat belts, airbags, etc., but there was a time they didn't exist.
"Somehow government got around to regulation," Clarke said. "In that case we needed it. The pain got so much we even asked for it."
Clearly, agencies need greater control of their data. And soon they'll probably be forced to achieve it.Posted by Brad Grimes
Posted by Brad Grimes, Joab Jackson on Jun 20, 2006 at 9:39 AM