Protecting and sharing sensitive information

As more and more information within organisations is created, stored and shared electronically, the issue of protecting, sharing...

New Asset  
As more and more information within organisations is created, stored and shared electronically, the issue of protecting, sharing and archiving sensitive information has become a major concern.



But for many organisations, protecting vital company information is not given as high a financial priority as perhaps it should. This is possibly due to the fact that a great deal of companies find it difficult to enumerate the need to protect business-critical data.

Even information that is not typically deemed as sensitive could become harmful to a business if it becomes available to competitors. Companies need to identify and assess any vulnerable information their business has stored, and put protective measures in place to keep it from being compromised. This is especially important in a business climate where broad online access to company data has increased so markedly.

The first consideration for any organisation is to ascertain which information is sensitive and in need of protection.

Company strategies, business operations and financial information are just some of the kinds of information that are critical to the prosperity of a company. But it is surprising how many organisations do not take the necessary steps to protect them, even though the advantages for their competitors of gaining insight into their business plans can be substantial – and sometimes devastating.

In many cases the sharing of private information is the subject of legislation (eg the European Union Directive on Data Privacy) or legislation is under consideration to establish protocols for topics as diverse as the widespread availability of patient medical records. In some cases the sharing of certain types of information is prohibited by regulatory bodies, as in the case of the recently introduced SEC regulation RIN 3235-AH82 on Selective Disclosure and Insider Trading - exacerbated by the Enron affair.

Customers are struggling to comply, and to be seen to comply, with such initiatives as those mentioned above, and are increasingly looking to technology to help them solve some of the problems introduced by that same technology.

Better information protection

The examples featured here highlight only some of the types of sensitive information every business and institution holds. Protecting this information is crucial to the overall success or failure of an enterprise. Particularly in the business sector, collaboration strategies are becoming the means by which companies can increase their efficiency, responsiveness and competitiveness.

The need to ensure these new business freedoms to share and collaborate must also be carefully monitored and protected. Businesses store considerable amounts of data, so what steps do they need to take to protect their most sensitive information?

The Microsoft solution 

Windows Rights Management Services and Office System 2003 Information Rights Management provide a safe and secure solution for the authoring and sharing of sensitive information. These solutions are simple to use, work well across unstructured data (documents, spreadsheets and presentations), and integrate well with the tools already familiar to knowledge workers.

Information Rights Management features integrated with Office System 2003 allow companies to apply organisation-wide policies on how the various degrees and classes of sensitive information can be used and shared. The multiplicity of permissions that can be applied to documents provides companies with a very reliable means of controlling access to and the sharing of business-critical documents.

Various levels of access can be granted to personnel, from full editorial control of the document, through restricted abilities to view, save, print or even cut and paste portions of the document to other sources. Additionally, by providing accesses to an internally hosted DRM server, organisations can safely extend this control to documents made available to third parties such as customers or trading partners.

Case study

"By using .NET it was much more straightforward to integrate existing systems than it would have been with Linux because of .NET’s native support for web services."
Geoff Gudgion, Chief Executive, Quantiv

Find out how Personal Medical Advisor puts the patient in control

Read more on IT strategy