Information rights management helps L&T protect its knowhow

By Dhwani Pandya, Principal Correspondent 04 Mar 2010 | SearchSecurity.in

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

Tags: Data loss prevention technologies,  Identity management, authentication and access control solutions,  Enterprise risk management strategies,  Network and endpoint security tools and technologies,  Hacking countermeasures,  Business compliance management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data loss prevention technologies How to use Windows Group Policy to secure and restrict USB devices How to use a PDF redaction tool with a redacted document policy Looking to better manage insider security risks? Try compliance DLP solutions: Evaluation tips and more IPR protection : Six crucial steps to safeguard your organization HPCL ensures security at database levels for e-tendering application Cleartrip.com's methodology for risk management: A detailed overview Disaster recovery security considerations for financial services Database activity monitoring (DAM) software deployment issues to avoid How good is your mainframe at data security? Not as good as you think. Identity management, authentication and access control solutions Using the Microsoft Sysinternals suite for a computer systems audit Inhouse IAM system streamlines Yes Bank's identity management IP based CCTVs = Better RoI on security compared to analog Second factor authentication (2FA) solutions: Evaluation, FAQs & more Two-factor authentication options How two-factor authentication and layered authentication differ How hackers can bypass two-factor authentication systems Is the use of digital certificates with passwords considered two-factor authentication? The pros and cons of PKI and two-factor authentication methods Second factor authentication on Lakshmi Vilas Bank's online plans Enterprise risk management strategies First DSCI security framework pilot underway at TCS BPO Security preparedness starts with self-assessment best practices Tools aim to help banks and others tackle insider fraud Buying an IPS: Determine your performance requirements WNS' SIEM tool boosts inhouse incident management capabilities Demystifying WAF solutions: A Web application firewall evaluation guide How to use a PDF redaction tool with a redacted document policy How to foil ATM card skimming Man in the middle attack prevention strategies PCI-DSS compliance best practices

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

owhow created by our engineers, can include things like the care to be taken during plastic design, or the ways to achieve a particular quality (such as strength or performance) in plastic moldings. Although we didn't file patents for this knowhow, it was critical enough to be protected from going out of the organization." explains P V Shrungarkar, the head of IT for L&T EBG. Earlier, this knowhow was generated and captured in text or Microsoft Word documents which provided limited protection through passwords. The company wanted to make this knowledge widely available to internal users across business units—but only on a need-to-know basis.

In 2009, when L&T EBG started evaluating solutions, it realized that the information rights management concept was not yet well developed. Later, when the company failed to get Gartner's magic quadrant and white papers on information rights management, it decided to conduct an in-house strength and weakness analysis of several DRM solutions (including Microsoft's and Symantec's products).

L&T EBG then came across Seclore's FileSecure solution, which enables enterprises to retain control over the usage of a document even after it's shared. This document rights management solution helps an organization to control the copy, print, edit and forward rights on any kind of document. It also helps an organization to create granular rights for controlling the document with features like Who, What, When and Where. The document rights management solution supports over 115 document formats including Microsoft Office, Open Office, image- and text-based formats.

Once protected, the documents can be distributed by any means such as CDs, email, pen drives, messengers, FTP and shared folders. The file security features provide file protection wherever the file goes. The information rights management protection is provided by the document owners or by the administrator, and the document rights are managed centrally.

L&T's in-house experts began the information rights management solutions's evaluation process by undertaking a first-hand analysis of the Seclore document rights management (DRM) solution. EBG already had SAP's document management system (DMS), which offered similar rights-based control over documents. Hence certain people within the organization felt that there was no need to invest in a new document rights management solution. However, after further analysis and a drilling exercise, the R&D experts at EBG realized that the SAP DMS was not able to provide all the required information rights management features. So the team ran a small pilot project of Seclore's DRM solution. Satisfied, the company went live with this information rights management solution in the month of October 2009, within a short period of 10 days. Since L&T EBG had already undertaken data classification under SAP's DMS solution, the only addition that EBG had to make as part of the new information rights management requirements was to create and add certain rights such as who would be allowed to copy, print, edit and forward.

The power users have been very carefully selected in order to avoid any misuse of owner rights. The DRM solution's client has been installed in around 200 machines.

Initially, around seven key personnel from L&T EBG's R&D department were trained as power users and document owners. These people were given rights to edit documents, while the rest of the users were given rights on a need-to-know basis. Although the company has not yet created any policy on information rights management, it is planning to formulate policies as quickly as possible. "Knowing that the people who started using this DRM solution are not always going to be there, we need a proper documentation of processes on the solution's usage," says Shrungarkar.

Shrungarkar feels that the information rights management implementation has helped to protect the confidentiality of the company's precious knowhow and expertise. "The expiry date feature is very exciting, especially when I share documents with outside entities like vendors—the documents automatically lock themselves after a certain date."

L&T EBG has also started using this solution on a large scale to secure tender documents in the projects department. Earlier, request for proposals (RFP) documents were physically sealed. Now, with the DRM solution, EBG can send RFPs months in advance, but the documents will open only on a specific date and time. The DRM solution also helps EBG to revoke document rights at any point of time, even if it is already distributed.

Shrungarkar finds this information rights management arrangement is more cost-effective than other similar solutions. L&T had to buy just a few creators' licenses from Seclore; if it had to go in for another information rights management solution, it would have needed to buy a user client access license (CAL), server CAL, etc. As the Seclore DRM solution is based on open source technology, L&T had to develop a multilayer architecture where it uses a Microsoft server and runs an Apache server installation on top of it. The IRM implementation is limited to the L&T EBG's R&D department at the moment. However, L&T EBG plans to extend its use to other divisions such as marketing, production and consumer focus application.