Management BYOD Infrastructure IoT Storage Security Privacy

Current Filter: Network>>>>>Case Study>

PREVIOUS

Filtered Articles:1 of 34   Current Article ID:4706

NEXT



The human security sensor

Editorial Type: Case Study     Date: 09-2014    Views: 2126   







TITUS secures documents for Morpho - and takes employees with them as part of the solution

In his Comment piece in the last (July/August) issue of Network Computing, Editor Ray Smyth observed that good IT security requires two elements: sound technology, combined with security-aware end-users who play their part.

It's a challenge made much tougher by increasing mobility, which breaches the traditional corporate boundary, making data the new, fluid edge of the enterprise network. Javvad Malik at 451 Research's Enterprise Security Practice has looked closely at this. He says a document may circulate among dozens of staff members within an organisation and each one might have a legitimate business reason to email it externally. While legitimate in intent, the sender may not know that the document contains intellectual property or that they are mistakenly causing a regulatory compliance breach which can damage the company's revenues and reputation. As Malik explains, "Once unstructured data has gone wild it cannot be herded back", but he does have a suggestion. At least in part, because he adds that, "Part of the answer is to deploy classification tools that support staff in being human security sensors."

Laurent Porracchia is a Paris-based Chief Information Officer for SafranMorpho, a company that provides identification, e-document, and threat detection solutions to governments and corporates around the world. Morpho's US operation needed to comply with the Export Administration Regulations, but there was also a company-wide mandate to improve intellectual property protection. Their response was the deployment of the TITUS Classification solution to 3,000 members of staff.

Porracchia explains, "People wear an ID badge when they visit a company. The badge can determine where in the building the wearer is authorised to visit." A classification label works in the same way for data, except rather than a building, it embraces the entire cloud. It can ensure that information is only sent to, read by, and printed by authorised recipients. As you can see, this quickly closes the gap.

The ability to control intellectual property is critical, Porracchia adds. "Over 20 per cent of our staff work in R&D. We develop solutions for governments and enterprises, including biometric recognition, e-documents, and explosives, narcotics and chemical detection systems, so we have a acute sensitivity to the need to protect our intellectual property, and that of our customers. If we don't, the consequences could be significant."

TITUS Classification resides on Morpho desktops, presenting users with an embedded drop-down menu when they save a new file or send an email. It prompts them to select a classification level for the file and whether a visual watermark should be applied. Porracchia says the creators of information are best able to judge its value and the classification level that should be applied.

Thereafter, subsequent users of the file attempting to use it in a way that is not compliant are immediately shown a TITUS alert window that tells them why their action could infringe on company policy. Porracchia enthuses that, "TITUS lays an audit trail so that we can prove compliance to regulatory authorities and to our customers."

As opposed to being a threat, TITUS is designed to be simple to use, providing staff with constant guidance, and reminders of their need to be mindful of the value of the organisation’s intellectual property. Porracchia gets the final word, saying that, "The deployment was trouble-free, partly because the solution is so easy to use, but also because we prepared staff for the transition. Communication is the key. You need to discuss and share the 'why' behind the policy with employees. With classification deployed we are now well positioned to go to the next step and implement a complementary document leakage prevention solution." NC

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT