OVERVIEW
"The Core Competencies of the Corporation" a seminal article by Gary Hamel and C K Prahalad, appearing in May-June 1990 issue of Harvard Business Review, argued that corporations best serve their interest by concentrating on their competencies.
What the strategy of identifying and concentrating on core competencies also implicitly implies is that corporations may want outsource activities that are not part of their core competencies.
It is hence that enterprises outsource peripheral processes like data entry, printing, application management and payroll management to specialist service providers. Of course such outsourcing could require one to share confidential information with external agencies.
In some cases, data is generated within enterprise and shared with external agencies. In some other cases data itself may be generated by external agency and then become part of enterprise's transactional systems. In both cases risks associated with information breaches are high and can cause loss of reputation apart from monetary losses as also put risk of enterprise not being compliant with regulations.
Encrypting data during transit solves part of the problem, but typically encryption technologies do not cover the lifecycle of the data i.e. creation – storage – transmission – use – archive – destruction . This means that risks of information breaches persist even after deploying encryption technologies at each stage.
Seclore InfoSource eliminates the risks of information breaches during the process of outsourcing. This is done by applying persistent controls on information throughout its life cycle within and outside the enterprise. The controls implemented ensure that data is being used only for the purpose it is intended for by the external agency. Seclore InfoSource extends the scope of enterprise IRM – information rights management - to the context of outsourcing.
Seclore Infosource offers a lot more than vanilla encryption tool. Seclore Infosource protects information for a wide range of file formats. Seclore Infosource defines usage rights and not merely access rights to information. Seclore Infosource restricts usage of information to specific computers, servers, users and applications, thus preventing access to information outside permissible infrastructure. Seclore Infosource's protection is persistent; it protects information throughout lifecycle necessariy require ongoing connectivity between service provider and client's infrastructure. Hence information is protected even during blackout or network outage while ensuring that work can be done without breaks. Seclore Infosource does not restrict mode of information sharing – FTP, CDs – since protection is within information.
Using Seclore InfoSource, enterprises can:
1. Define Information Usage Policies
A usage policy defines:
WHO can use the information i.e. people / groups within or outside of the enterprise
WHAT can each person do with the information i.e. read / edit / print / distribute / copy
WHEN can each person access the information i.e. within certain dates, within a timespan
WHERE can the information be accessed from i.e. specific computers, within the office.
2. Attach Policies To Individual Pieces Of Information
There are various events which can "attach" policies to information and thereby protect it.
Information can be protected:
Manually
'As soon as' it is exported from transactional systems like core banking, ERP, HR, ...
'As soon as' it is placed in a certain location e.g. folders / file shares
'As soon as' it is uploaded to a document / content management system
'As soon as' it is "discovered" or "tagged" by a content discovery or a DLP system, Just before information leaves your network ( via email / web)
3. Control Usage Of The Policy Governed Information
Information which is protected using Seclore InfoSource can be controlled for usage independent of its location or mode of transport.
Using the policies attached to the information Seclore FileSecure ensures that usage of the information is in compliance to the policies.
The policy attached to the information can be even changed post distribution i.e. the "owner" can change WHO/WHAT/WHEN/WHERE without requesting or resending the information to the recipients.
4. Audit The Usage Of The Information.
Information protected with Seclore FileSecure can not only be controlled for usage, it can also be audited.
WHO used the information, WHAT did he/she do, WHEN & WHERE is captured from distributed usage environments and reported centrally.
These audit reports can be sliced and diced using a report builder and can be used in compliance reporting for frameworks like ISO 27001, Sarbanes Oxley, GLBA, PCI DSS & HIPA
For a detailed view of the way Seclore InfoSource can be used to protect information shared with external agencies, please click on the related links on the side.
