Page 52 - CDM-Cyber-Warnings-March-2014
P. 52
Acrobat Reader, etc., will see that the files are protected with DRM. The DRM metadata will also tell those applications which server to check for authorization. If the server is not reachable then the documents will not be opened, as would definitely have been the cases with Edward Snowden, and also Spc. Bradley Manning, since those files were on a classified network unreachable from the Internet; at least we hope it isn’t reachable via the Internet. Not only can viewing the documents electronically be restricted but also printing them and taking screenshots. Yes, someone could use a camera to take a picture of the monitor’s screen but facilities such as those where Edward Snowden worked have policies against bringing cameras into the work area. Even if cameras are allowed, sitting in front of one’s computer taking pictures for hours is not likely to go unnoticed. Another feature is that files can be set to expire after a certain date similar to what you may remember from the old show (and movies starring Tom Cruise) Mission Impossible, but without the data going up in a puff of smoke. Still without the pyrotechnics, an effective data leakage deterrent is to set the files so that they are not viewable by anyone after a certain period. Separation of duties Unfortunately, it is still possible for system administrators to view DRM protected documents in some cases because the certificates controlling access to the files are also maintained by the same administrators. Many years ago I worked on a project and the requirements were that only two or three high ranking people would be able to view certain documents. Ironically, the mechanisms and procedures selected to, theoretically, meet these requirements gave several system administrators and clerks complete access to these files. Complete data leakage would still have been possible if the lower ranking minions decided to extricate the documents. This brings us to one of the basic security principles: separation of duties. DRM should be managed by someone, or better yet, a small team, that does not have system administrator access. In other words, the keepers of the keys shouldn’t also have the ability to export large amounts of the protected information. There is a much, much smaller chance of exfiltration if multiple staff members have to work together in collusion to extract data. Cost of Digital Rights Management As previously mentioned, one of the deterrents to DRM is the perceived cost. In the case of RMS many organizations already own the necessary licensing so there is not a significant expense to getting started. However, having the expertise to architect and properly implement DRM is not a skillset many organizations already have. This brings up the question of how much is your data worth, and how much impact would it have if your information was leaked to competitors and the rest of the world? Conclusion " # % " $ " # ! !
