New tools tackle damaging data breaches

Coming just days after US identity verification firm ChoicePoint was fined $15 million for illegal distribution of consumer credit information, document management software specialist Workshare has released new tools designed to help firms ensure they do not distribute sensitive information.

The updated version of Workshare Protect Enterprise Suite extends the products' ability to monitor, manage and modify electronic documents that leave the company to include data distributed via network channels, including webmail and mobile devices.

A new Policy Manager also provides a central dashboard for creating and distributing policies including those governing which personnel are authorised to send certain documents; whether hidden meta data such as changes to word documents should be removed; and which documents should be converted into secure PDFs. The module features customised policy packs delivering out the box enforcement for common security and compliance concerns.

Ken Rutsky of Workshare said high profile data breaches, such as that experienced by ChoicePoint where financial data about more than 163,000 consumers was sold to companies that lied about their credentials, are driving demand for such document management systems.

"Cases like ChoicePoint and the Australian bank WestPac [which sent out a PDF to analysts with sensitive data blacked out that could be recovered] means the potential financial and reputational cost of data breaches is becoming more apparent," he said.

Drawing up staff policies governing document use fails to fully protect firms, according to Rutsky. "The NSA [National Security Agency] recently issued guidelines on how to securely publish a document, but it contains 20 different steps," he said. "Firms aren't going to be able to enforce and audit that complex a process. They need an automated way to protect themselves."

The launch was welcomed by Geoff Kuenning, a computer scientist at Harvey Mudd College in the US. "I certainly believe that this sort of software, if well written, could be enormously useful in preventing data breaches," he said. " There is a limited number of ways in which data can leak, and once a particular path is known, it's usually not difficult to write software that can eliminate that path."

Sarah Kitmmer of analysts Ovum agreed there would be demand for the new solution, but added that it would be mainly confined to heavily regulated sectors such as financial services and government where firms are less willing to accept the risk of inadvertent data breaches.

In separate news, security giant Symantec has released the results of a research study claiming the average corporate laptop stores over half a million pounds of intellectual property or commercially sensitive information. The survey of 1,700 companies found that 45 percent of firms leave it to the users to back up this data, while 80 percent of those users are under the misconception that their employer had a copy of emails on their laptop.

Guy Bunker of Symantec said IT managers should not leave it to users to back up such valuable data. "The technology is there to back this data up automatically and also encrypt it so only authorized personnel can see the data, " he said.