Most people get a shock when they’re shown just how much sensitive data is stored insecurely on their computers. Naively, many think that a log-on password is sufficient to protect their sensitive data. It’s not. The most obvious reason is that such security is irrelevant if a sensitive document is sent to another person; the original author has to rely solely on that person’s undertaking to preserve its confidentiality. There’s little to prevent the recipient from copying the document and forwarding it or part of it to someone else. The document’s security is at additional risk if any other person has access to the recipient’s computer. There is a better way. It’s called information rights management (IRM).
Information rights management operates on the basis that access to the document is only possible if the user’s identity and level of permission are first verified via a separate rights management server, irrespective of whether or not the user has access rights to the computer on which the file resides. IRM controls both file access and file usage. The permission granted may allow the user to open the file but disallow alterations, printing or forwarding, or it may grant full rights just like those of the original author. Furthermore, access and usage rights can be time limited, so that the file can no longer be opened after a specific date and time. On some systems, an unauthorised person attempting to open a restricted file may be given the option of requesting permission to use it from the author whose contact details are provided. If contacted, the author may choose not to allow access, in which case the file will be of no use to the unauthorised person.
Some people argue that protecting a document with a standard password is just as secure. It’s not for two reasons. First, the security of a password-protected file is far from impossible to breach. Second, nothing stops an authorised user from passing the document to an unauthorised third party against the wishes of the author, or without the knowledge of the author. With IRM in place, the third party could not open the file unless the right to do so had been granted specifically to that person by the author and the user’s identity authenticated by the IRM server.
An obvious downside of IRM is that the initial opening of protected files relies on the user having access to the IRM server over a network and that the server is functioning properly. Since the reliability of most network systems is very high, this is not a huge concern. Another drawback is that most IRM systems require special software to be installed on each user’s computer. For most users these are minor inconveniences and are a price worth paying for the additional security of sensitive data.
Yet, no procedure guarantees 100% security; systems fail and humans are adept at circumventing corporate rules. Even with IRM, nothing prevents a legitimate user from employing screen-capture software to take a picture of a restricted document and forwarding the resulting graphic file to someone else. It’s a clumsy solution perhaps, especially for multi-page documents, but it does work. Regardless of the downsides, IRM makes document security considerably more robust and thwarting it that bit more difficult. But as WikiLeaks has shown, any information that’s recorded in an electronic format risks being copied and falling into the wrong hands. Perhaps the only foolproof solution would be a system like the one used by Jim Phelps in “Mission Impossible:” once the document is read or viewed, it self-destructs in five seconds.