RSS Alerts

Share

More services

Related Stories

  • Keeping sensitive information secure when staff is leaving
    Career loyalty is an endangered creature. Unlike our predecessors, today’s workforce is unlikely to stay committed to a job for five years, let alone their entire lives. But with such a fluid stream of employees keeping human resources busy, and countless eyes being cast over company data, Rob Stringer investigates how sensitive information can stay faithful to its organisation, even if its staff don’t...
  • The Good, the Bad, and the Ugly Insider Threats
    Whether intentional or unintentional, insider threats take many forms. The (ISC)² US Government Advisory Board Executive Writers Bureau examines this dichotomy and how it is being affected by both regulatory considerations, and the rapidly changing technology landscape
    Members' Content
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • Interview: Hord Tipton of (ISC)²
    Within only a minute of sitting down with Hord Tipton, executive director of (ISC)², our own Eleanor Dallaway knew that the hour she had booked with him would not be adequate. You see, it’s impossible to capture the true essence of a man with a career that many can only dream of in 60 minutes. While they may have been short for time, Tipton certainly wasn’t short on stories
  • Interview: John Colley of (ISC)²
    You’d be hard pressed to find anyone in the UK infosec industry who doesn’t know of John Colley. He is to infosec what Simon Cowell is to the music industry – a true figurehead (albeit, less scary). He doesn’t attribute his high profile to his impressive CV though – instead, as Eleanor Dallaway finds out, he believes it to be the result of his networking with helpful peers over the years

Top 5 Stories

News

Renault Formula 1 deploy IRM to protect car designs

20 June 2007

At the British Grand Prix in 2006, over four gigabytes of data was created over the weekend, including 150 documents containing car designs, technical specifications and other important testing and race data. Under pressure to keep their sensitive information secure, the Renault Formula 1 team chose Oracle content management (formerly Stellent) to manage, share and secure critical documents and information across the organisation, remotely and trackside.

Alex Rigal, IT project manager for Renault Formula 1 says, “We are an information heavy organisation where the slightest bit of data can be the difference between winning and losing.  

“Renault needed a document management solution, which would unite documents and allow them to be shared securely in real-time between two factories, mobile teams, suppliers, sub-contractors and partners”, Rigal says.

IRM

The ING Renault F1 Team will also seal highly-confidential and sensitive documents using Oracle Information Rights Management (IRM) to ensure that only authorised individuals will have access.

“Renault has three main risk areas that need to be top security. Critical intellectual properties, merges and acquisitions, and board and executive communication. The latter can be an issue as often board members can be employees from other companies, which can result in information leaks”, says Martin Lambert, VP of software development (IRM) at Oracle.

The IRM server was configured in two days and is self-managed by Renault. “Oracle control the system, the rules and the classifications themselves, they wouldn’t trust anyone else to do it, not even Oracle”, says Lambert.

“They make the rules so that sealed documents can only be accessed in accordance with the rights. Even if a document with the most recent secure car design got into the competition’s hands, they wouldn’t be able to open it without the key. In that respect it’s more secure than a paper document”, confides Lambert, “It can’t be copied or scanned”.

And what about the insider threat? “Well, this is mitigated. An employee can’t send any outgoing emails containing sensitive information, because they can’t get hold of it and open it in the first place”.

Choosing Oracle

“Renault needed to store all of their information in one place, but they were also concerned with security. They knew their requirements, but not the technology they would need”, says Lambert.

“Protecting their sensitive information was certainly their number one requirement”, Lambert continues, “And fortunately, Stellent (who were acquired by Oracle in 2006) were familiar with this requirement”.

“Stellent had been surveying the market for companies that provided this kind of information rights management service. But all available products had short comings. PGP is one example of this. Their technologies were passive – sure, they could watch and audit what was going on, but not intervene”.

And while it’s essential that security should protect valuable data, it should not become a business disabler. “You can’t convince yourself that you don’t need security. But making it difficult for employees to do their job is worse than having no security at all. You’ve got to be practical”.

This article is featured in:
Application Security • Data Loss  • Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012