Gotcha! Secure Information SharingBy Sean Gallagher | Posted 2003-09-10 Email Print
Tightening access to information.Did you know that:
The main problem is sharing, at all
Security and government regulations are driving law enforcement and intelligence agencies to share sensitive information over great distances, instantly.
But sharing data effectively means sharing it safely. One way is with replication, creating a constantly updated copy of information on the computers of a trusted partner.
A replication server monitors the changes made to a database, for instance, and automatically transmits approved changes to a second database that can be accessed by outsiders. This enables the original owner to share information without compromising sensitive data.
The challenge here is when data to be replicated are in different formats than that used when actually sharing the data. Project managers need to establish a common data model, then match the pieces of data in the different databases to that model. Then information should be converted to the common format.
Tighter security means tightening access
An additional way to prevent prying eyes from seeing things they shouldn't is to apply a security model to the data itself. Assigning a sensitivity classification to the information and setting parameters for user access can be done by using "field-level" security in applications. This means controlling the access to data down to the individual elements of information within a database record. For instance, replication tools like Sybase Replication Server can screen out columns of information or even individual fields in records before transmitting them to a remote database. On top of that, applications and portals can limit what a particular pair of eyes sees.
The biggest enemy to security is "cut and paste"
Even selectively shared information can be compromised. You need to tightly control what users can do with the information once they see it. Particularly worrisome are features such as screen-printing and cut-and-paste.
If a user can save a graphical representation of the data using the screen-capture functionality of most desktop operating systemsor use copy-and-paste functions to move the information into a nonsecured application like Microsoft Word and save it to a file on a floppy disk or other unsecured storagethe information isn't secure. The same is true if the user can print the data and walk away with it.
Most corporate-class operating systems (such as Windows 2000, Windows XP Professional and most versions of Unix) can be configured to limit a user's access to these functions, either through built-in administrative tools or with add-in security software.
Even if the network is private, the data may not be
Using a private network to transmit data adds some security. Encrypting the data does, as well. If the computers viewing the data are connected to the Internet as well as the private network, the "secured" data, just like any information on the Web, can be compromised through intentional hacking or malicious software programs that can corrupt data.
The risk can be managed by aggressively monitoring computers and networks through firewalls, strict download policies, and frequent security audits. But the only way to completely ensure data in transit is to keep it away from any public network connection.