By Ariel Avitan, Industry Analyst

Many organizations understand that one of the primary threats to their data is internal fraud and theft. This has led to the creation of a variety of solutions to address the problem. Two notable solutions to this challenge are Data Leakage/Loss Prevention/Protection (DLP) and Enterprise – Digital Rights Management (E-DRM). Both of these solutions attempt to prevent internal data from leaking out of the organizations' control.

These two approaches to protecting data have a variety of inherent, challenges but there is one overarching obstacle that is a key restraint to the success of both products – managing the rights and processes associated with the vast amounts of data and people in the enterprise.

DLP solutions implement policies that enable them to take an action based on detection. This means that if a DLP solution has a policy to block the movement of credit card numbers and one of the sensors detects that there is an attempt to move a file with credit card numbers in it, the DLP solution will not approve this attempt and will block it by controlling the enterprise infrastructure. Due to the fluid nature of data and the variety of definitions as to what data should be protected, this method is hard to implement and can negatively impact business continuity of organizations as the reliance on polices makes the data mobility very difficult.

On the other hand, E-DRM solutions do not block the movement of documents but enable or disable the rights to view, copy, or edit data elements. The key challenge of E-DRM is the ability to manage the rights within the document- if one should limit the viewing rights of a legal document to the legal department, then a manager of another department in the organization that may have a legitimate need to access the document would not be able to see the document. Additionally, the only person that could change this limitation would be the author of the document or the administrator.

Understanding that neither of these two existing solutions were meeting the market's needs, Secure Islands - an Israeli based startup - developed an Automated Data Centric solution based on an E-DRM solution that tackles the process and role management while protecting data on all platforms and applications.

The Secure Islands solution - IQProtector - combines three different components that give a comprehensive solution to data loss in organizations. The first component is the classification engine. The classification engine runs in correlation with a policy that defines the security needs of every data element. This ensures that the most sensitive data will be most secure and will be approachable by a limited number of personal while less sensitive data will be secure by "normal" security standards.

The second component is the Protection Engine. Here IQProtector enforces different security policies according to the classification. IQ protector can use either Microsoft Rights Management Services (MS-RMS) or a 3rd party encryption/ E-DRM solution that the organization already has.

These two components will not be sufficient without the main component that manages the policies. The management console learns the different behaviors of each entity belonging to certain information profiles in the organization, hence understanding the different data elements that each entity uses. This is done in silent mode prior to lunching the IQProtector’s enforcement in the organization. The solution then issues a list of processes and recommends access rights to each information profile in the organization in correlation with the information profile’s behavior and company policy.

A key technology achievement in the solution is in the process of the data classification and detection. This data identification technology classifies the data in the transition point (Nexus Point) in which the data transfers from its structured form to its unstructured form – ensuring deterministic classification with a very low false-positive and false-negative results.

The data enforcement technology enforces protection into the data in the transition point (Nexus Point) in which the data transfers from its structured form to its unstructured form – providing an integrated solution that addresses the three different aspects of IPC – data at rest, data in motion, and data in use.

Secure Islands is one of many companies addressing the key challenges of DLP and E-DRM solutions. The new approach to the management issue along with the innovate technology that enables the classification and protection with low false positives makes IQProtector a new and refreshing solution in the data protection world.