By Tim Draper
We’re all occasionally guilty of ignoring the traditional ‘old school’ way of doing things in favour of modern methods and technology; but just because something has been around a while it doesn’t always mean that it is out-dated or irrelevant to the modern day. In fact many traditional methods can sometimes significantly enhance the way we use our modern technology.
One example of this can be found in the world of document security. Whilst I am the first to sing the praises of document rights management for protecting sensitive information inside and outside of an organisation, my own experiences have proved that deploying the software is only half the solution. If you don’t provide guidelines on how and when to apply security to documents and also communicate why a document has been protected then you are destined to fail. This is because technology is not good at handling the human element of a problem, and this is where we can turn to the past for help.
Document security is not a new problem; in the days when all documents were paper a very efficient system was developed to handle confidential information. Anyone who has watched a Bond movie will be familiar with the “Eyes Only” system of marking secret documents; well this system is not a product of Ian Fleming’s imagination, it is a very real and effective system still used by Governments, security services and organisations the world over. By combining such a protective marking system with document rights management technology we can very clearly communicate that a document is protected by DRM and also indicate exactly why and who will be able to access it. Further more, by insisting that all documents are protectively marked we can provide users with a framework for ensuring that the right level of DRM protection is applied to each document and that they understand fully what they are personally accountable for.
Need to Know Principle
The ‘need to know’ principle is fundamental to the security of all protectively marked assets – casual access to protectively marked documents is never acceptable. I have developed a simple light-weight protective marking system, based on a traditional government model that can be used in conjunction with document rights management in a commercial environment. The scheme comprises three markings. In ascending order of sensitivity they are: PROTECTED, CONFIDENTIAL and SECRET. Unmarked material is considered UNCLASSIFIED, this term is used to indicate positively that a protective marking is not needed. The methodology used to select the correct level of security is expressed in terms of Business Impact levels as illustrated in the chart below:-
These markings can be applied to any company asset, and would be applied to electronic documents in the form of a file name suffix, watermark or document header/footer.
Supplementary markings can also be applied to protectively marked material. This is known as Compartmental Handling and is used to indicate additional information about the contents, sensitivity and handling requirements of an asset. These markings are added to the marking as a suffix and typically comprise one of the following:-
* Function name e.g. Technical, Customer, Supplier, Finance, Human Resources, Information Management, Legal, Executive
* A project name
* A code-word
* Other relevant descriptors
The compartmental label is an additional qualification of the asset mark and should never be considered in isolation. Compartmental handling, in most cases, is only applied to highly sensitive material (e.g. material marked Confidential and above) and is used to provide more precise named access on a “need to know” basis.
The marking system requires that all users and external recipients of information are assigned a security clearance level before they can access marked assets. In simplest terms to access a marked asset the following relationship must be true:-
Person’s Clearance >= Asset Mark
E.g. an employee who has Secret clearance can access a document marked Confidential, however an employee cleared to Protected cannot access a document marked Confidential.
When Compartmental Handling is used, the compartmental label is appended to the asset mark to create a separate and unique combined clearance level. An individual MUST be cleared specifically to this combination in order to gain access.
Combining with Document Rights Management
When protective marking is combined with DRM, discrete rights management policies are created that represent each clearance level. Further specialist polices are created on an as required basis to reflect special circumstances that require the use of compartmental handling. In effect each DRM policy becomes a complete definition of a clearance level. As users are granted new clearance levels they are added to the relevant DRM policies. The corporate Protective Marking procedure and related guidance chart then becomes the point of reference used by employees when applying DRM to a new document.
The secret to successfully combining DRM and protective marking is to keep it simple and abide by the following guidelines:-
* Minimise the number of clearance levels
* Try to set a default level for internal assets
* Develop corporate document templates that include the standard clearance levels
* Make use of DRM functionality such as dynamic watermarking
* Make the clearance levels specific and relevant to your business
* Educate and train your people
* Foster a security aware culture