Besides spilling the secrets of 100 empires, the Wikileaks scandal revealed to the world just how vulnerable “secure” data really is – and how ineffective traditional data protection methods, like firewalls, really are. After all, if an army officer armed only with a rewritable CD could manage to lift hundreds of thousands of sensitive and top-secret documents from a U.S. Defense Department server – which one would assume would enjoy full protection from intruders – what hope is there for the rest of us?
A great deal, says Alon Samia, CEO and co-founder of Covertix, an Israeli startup offering a product that might have prevented the mass revelations of diplomatic secrets by Julian Assange. The company’s document technology prevents unauthorized individuals from opening and reading files, alerting managers when a document’s security is compromised and automatically blocking usage if unauthorized use is suspected.
“With the growth of online information fencing, where it’s easy to sell credit-card and other data, the incentive to steal information is greater than ever,” says Samia. “The danger is just as great — perhaps even greater — from organization insiders as it is from outsiders.”
Using the Covertix SmartCipher system, Samia says, lets organizations keep track of documents and data that are at risk, even from employees who have physical access to servers and can copy whatever they want by attaching a USB drive to a data port. With SmartCipher, they may get away with copying a document – but they won’t be able to read it.
In a system protected by SmartCipher, documents get tagged with a small attachment containing a set of rules specifying who is authorized to access them. On servers where SmartCipher is installed, the systems keeps track of all document access – who read it, when, on what computer and whether any changes or copies were made. Outside the office, users authorized to read the document must first install a plug-in unique to the particular company. Samia likens this process to receiving a PDF and having to install a PDF reader.
In-house and out, the Covertix system can assign different rights to recipients. Beyond access, the Covertix rule-set can regulate just about any user action regarding the document, including whether it can be printed, copied or forwarded. And if those permits are in place, the Covertix plug-in will report back to the server that armed it with the rules exactly where the information went.