Bill Blake, President, and Ron Arden, Vice President and CMO of Fasoo USA, presented on August 12, 2014 at a forum for local businesses in Columbus, OH on “Defending the Enterprise Against Insider Threats”. Sponsored by Fasoo and partner The Dayhuff Group, the session provided business and technical leaders with an understanding of the threats to intellectual property and other sensitive information posed by trusted insiders.
Bill focused on the problems of malicious or accidental disclosure of confidential information by trusted insiders as a major threat to any organization. This includes employees, contractors, consultants and business partners that have access to sensitive information. Bradley Manning and Edward Snowden may be the most famous of this lot, but even just recently, more revelations are emerging on additional threats to the US government.
Ron talked about how Fasoo EDRM can protect sensitive information by controlling access and use at the data level through continuous encryption and persistent security policies. A major focus of this discussion was how Fasoo can protect files as users download them from IBM ECM products, including FileNet and Content Manager. He presented two case studies that illustrate how Fasoo customers have met these challenges.
A demonstration of Fasoo followed after lunch, as Ron showed attendees how users can protect files as they create them and ensure only authorized users can access them. One of the attendees asked about integrating with a records management system, since they store a lot of legal information in FileNet. Ron mentioned a customer who used IBM Records Manager to change the permissions on a file when they put it on legal hold. This restricted access to a records manager and someone in legal, even for files already downloaded and distributed.
One area that was top of mind for attendees was how to start the process of classifying what information needs this level of protection. Bill mentioned that they should look at the information that is worth the most to the company and begin there. This could be product designs, formulas, legal contracts, customer information or financial items. Ron mentioned one company that categorized all files by how much they were worth or what they would cost the company if they got into the wrong hands. This company had three categories: $100 million and above, $1 to $100 million, and under $1 million.
While most companies think they are protected against external threats, many are not aware of the risks posed by malicious or accidental behavior by employees, contractors and other trusted insiders. Fasoo data-centric technology can reduce the risk of insider threats by encrypting and applying a security policy to files as they are downloaded from IBM ECM, FileNet and other content management systems. Providing this control regardless of file location is the best way to eliminate these threats.