Companies can now protect e-mails sent from employees’ PDAs
Sarah Staples
Sun
CREDIT: Richard Arless Jr., Montreal Gazette Dr. Joseph Yermus is the inventor of a database for hand-held computers that lists typical dosages and possible drug interactions of over 30,000 medications.
Two new software products that safeguard e-mails sent via BlackBerry are being called the first in a slew of upcoming releases aimed at curbing the growing threat of theft and misuse of company information by employees wielding PDAs (personal digital assistants).
BlackBerry Gateway, launched in Canada and the U.S. this week by Waltham, Mass.,-based Liquid Machines, Inc., and Secure Mobile Mail, a competitor by Authentica, Inc. due to make its North American debut later this month, both tout the ability to lock down messages after they’re sent over Research in Motion’s popular hand-held devices.
Users draw up rules for their BlackBerry, not just encrypting sensitive missives, but setting them to expire by a specific date and time and preventing e-mails and attachments from being opened, copied, printed, edited or forwarded by individuals lacking proper authorization.
The software — the first of its kind for mobile devices — is part of the emerging “Enterprise Rights Management” industry projected to be worth $634 million US in global revenues next year.
ERM adapts technology originally created to restrain illegal movie and music downloading, to the task of giving businesses tighter rein over their electronic communications.
The technology acts as a kind of digital watermark — imprinting documents and data with invisible layers of access privileges so that the data is safe from prying eyes, no matter which desktop or portable device is used to relay it.
The software for BlackBerrys is being launched at a time when studies show fraud perpetrated by employees is on the rise, and there is concern over the potential for hand-held gadgets — including PDAs, camera-loaded cellphones, iPODs and mini-computer hard drives embedded in watches or pens — to be used to conveniently squirrel away company secrets.
“Twenty, 30 years ago, if you wanted to take sensitive documents you had to back up a truck and load up physical paper,” said Ed Gaudet, VP of product management for Liquid Machines.
“Now, it’s as easy as walking in with an iPOD [that] can basically download 60 gigs.”
Both software products let managers remotely control e-mails of their employees, and delete messages by remote if the BlackBerry is ever lost or stolen.
And they keep a backup copy of all messages on company servers so that compliance officers or forensic auditors can follow the digital equivalent of a “paper trail” for the BlackBerry in case of an investigation.
Liquid Machines’ software can also sift through BlackBerry messages looking for keywords, patterns — like customer account numbers — or IP addresses, and block or reroute those messages before they reach unintended recipients.
“So if I want to set up a ‘Chinese Wall’ [separating salespeople from investment bankers in a brokerage firm], my BlackBerry can do it,” said Gaudet.
There is “definitely a need to tighten the security” around new generations of digital devices that are becoming ubiquitous in offices, and aren’t always carefully monitored, according to Robert Castonguay, VP and national director of Forensic Technology Services for KPMG Canada.
Castonguay, whose team has investigated several cases in Canada where removable thumbnail drives were used to download confidential work information, said before ERM there wasn’t the means to apply an audit trail to data that flows over portable gadgets if things went awry.
“More companies will come out with [ERM software), they’ll improve in their functionality, and obviously it’s positive for corporate security,” he said.
Mark Overington, VP of marketing for Lexington, Mass.,-based Authentica, said the Canadian-made gizmo’s ubiquity in financial, government, manufacturing and defence circles made it a logical choice as the first portable device to load with ERM.
One client, a California investment bank, has used ERM for regular desktop and laptop computers to prevent valuable sales leads from being taken and used by employees who leave the firm.
Individual leads are e-mailed to salespeople for client meetings, but the information can’t be copied or pasted anywhere else.
Clients including computer chip manufacturers and the U.S. Department of Defense have begun using ERM on top of other secure arrangements — such as confidentiality agreements with customers and outside suppliers — they already have in place.
“Of course you could photocopy your laptop screen — there are always physical ways to break [ERM] if you have the patience, but it’s less likely,” Overington said.
© The Vancouver Sun 2005
