By: Will Ackerly, CTO, Virtru
This year is already demonstrating that it isn’t always the most sophisticated attacks that cause significant data compromises. Following revelations earlier this week that a 20-year old stole credentials to compromise massive amounts of German politicians’ data, another security failure has emerged, this time linked to cutting and pasting. Court filings by Paul Manafort’s defense lawyers quickly revealed that seemingly redacted content could be disclosed by cutting and pasting the content into another document. While those in security view this as a major rookie mistake, it is not uncommon and definitely is not partisan.
In fact, this latest security error reveals a common challenge businesses of all kinds encounter when trying to create distinct access privileges within documents. How can documents be shared confidently while ensuring certain portions of content are accessible only to those with specific access privileges?
The open data standard, Trusted Data Format (TDF), was created almost a decade ago to solve this problem and provide a consistent, reliable way to mark and protect content that contains a rich mix of different sensitivities. Since then TDF has been adopted across commercial enterprises and across the government. In the U.S. Intelligence Community, TDF-marked data has been powering inter-agency data sharing with highly reliable need-to-know evaluation on each atomic piece of a document, whether it is an image or a paragraph. Multi-classification and multi-agency sharing environments, such as those at the Library of National Intelligence (LNI), would not be possible without these capabilities.
Despite its proven ability, TDF is often overlooked when exploring solutions to this error-prone redaction problem. In discussing this most recent redaction failure, scanning and screenshots apparently remain the state-of-the-art solution. It’s time we move past these piecemeal solutions and implement a data-centric access control approach less prone to human error and manual intervention.
TDF provides a wrapper that allows data authors and owners to tag and protect their data regardless of format or location, and enables customizable access policies that vary across documents and within documents. Need to limit access to certain portions of a document? TDF was made for that! Created and implemented across the government, TDF can automate portion marked data controls. In addition, by preventing access to the content that is not meant to be shared to any given person or environment, TDF facilitates data sharing by providing the flexibility to share some data while keeping other data private. TDF is now an open standard and used by small businesses and Fortune 500s alike to maintain access control over their most sensitive data.
At Virtru, we have integrated TDF into Virtru’s data protection platform to further protect sensitive data from these error-prone and ineffective approaches to access control and portion markings. Virtru includes the ability to scan PDF documents for data that should not be shared, and terminates access to email and files that should never have been sent in the first place. Importantly, these features are seamless within the normal email workflow, amplifying data privacy and business productivity through an easy and accessible workflow.
Privacy does not need to rely upon sharpies and scanners or blacked out content that can easily be read when pasted in a new document. TDF helps keep private data private, while allowing data owners to share data with confidence that they won’t be the next major news headline of an epic security fail. Over the next few months, I’ll be discussing the impetus for TDF almost a decade ago, contrast it with other forms of privacy technologies, and introduce new innovations for how Virtru is implementing TDF enhancements to ensure the privacy of data while making sharing easy and seamless within daily workflows. We’re really excited to break new ground on data privacy, and to help make true data privacy as easy to implement as a sharpie.