Renault Formula 1 deploy IRM to protect car designs

Alex Rigal, IT project manager for Renault Formula 1 says, “We are an information heavy organisation where the slightest bit of data can be the difference between winning and losing.  

“Renault needed a document management solution, which would unite documents and allow them to be shared securely in real-time between two factories, mobile teams, suppliers, sub-contractors and partners”, Rigal says.


The ING Renault F1 Team will also seal highly-confidential and sensitive documents using Oracle Information Rights Management (IRM) to ensure that only authorised individuals will have access.

“Renault has three main risk areas that need to be top security. Critical intellectual properties, merges and acquisitions, and board and executive communication. The latter can be an issue as often board members can be employees from other companies, which can result in information leaks”, says Martin Lambert, VP of software development (IRM) at Oracle.

The IRM server was configured in two days and is self-managed by Renault. “Oracle control the system, the rules and the classifications themselves, they wouldn’t trust anyone else to do it, not even Oracle”, says Lambert.

“They make the rules so that sealed documents can only be accessed in accordance with the rights. Even if a document with the most recent secure car design got into the competition’s hands, they wouldn’t be able to open it without the key. In that respect it’s more secure than a paper document”, confides Lambert, “It can’t be copied or scanned”.

And what about the insider threat? “Well, this is mitigated. An employee can’t send any outgoing emails containing sensitive information, because they can’t get hold of it and open it in the first place”.

Choosing Oracle

“Renault needed to store all of their information in one place, but they were also concerned with security. They knew their requirements, but not the technology they would need”, says Lambert.

“Protecting their sensitive information was certainly their number one requirement”, Lambert continues, “And fortunately, Stellent (who were acquired by Oracle in 2006) were familiar with this requirement”.

“Stellent had been surveying the market for companies that provided this kind of information rights management service. But all available products had short comings. PGP is one example of this. Their technologies were passive – sure, they could watch and audit what was going on, but not intervene”.

And while it’s essential that security should protect valuable data, it should not become a business disabler. “You can’t convince yourself that you don’t need security. But making it difficult for employees to do their job is worse than having no security at all. You’ve got to be practical”.

What’s Hot on Infosecurity Magazine?