5-Obligations weighing on businesses

As a general rule, the framework surrounding economic activity is becoming more structured and is producing numerous regulations, laws and obligations.
Following major scandals like Enron and Worldcom in the United States and Crédit Lyonnais in France, the number of obligations has increased significantly.
Most of the time, these obligations, whether issued by governments, corporations or companies, put in place one or all of the following components:

• Transparent business account management
• Transaction traceability
• Transaction recording and archiving

Obligations concerning the company’s behaviour in society :

• Sarbanes Oxley (Transparency): concerns all American companies and all companies traded on an American market and their subsidiaries
• The Financial Security Law (France): the French version of SOX, almost identical
• The digital economy trust law (LCEN): transparency and traceability of Web transactions; IAPs are required to keep connection logs and operators keep traffic logs
• The domestic security and anti-terrorist laws: operators are required to archive subscriber activity.

Obligations linked to business sectors

• Traceability in the foods sector: one of the leading sectors with strict obligations following the mad cow scare. This sector is composed primarily of small businesses which were forced to adapt very quickly.
• Banking sector: the Basel II agreements have restructured how trust ratios are calculated between banks. Banks must be able to view their customer and operational risk (including computing and even flooding of the Seine) then cover these risks with their equity capital. Primarily composed of large and very large banks, the banking world is definitely well underway in managing these obligations.
• Medicine: the search for civil and criminal liability includes increasingly strict penalties, leading to substantial increases in insurance premiums. Action traceability is subject to increasingly heavy regulatory pressure.

A number of professions are subject to information control obligations.
Most of the regulated professions (chartered accountants, auditors and bailiffs) have already dematerialised their archiving and procedures getting a significant head start in the area of electronic signatures and legal digital archiving.

Information control, a reality for everyone

As a general rule, few businesses, regardless of their size, can avoid at least some form of information control obligation. From accounting and financial acts to medical actions, recording, traceability and access are now realities which need to be organised to meet obligations or else be banned from the market.

• user authentication
• message confidentiality
• information integrity
• event logging

While very large firms have set up the procedures which take the onus off of the end user by automating the respect of obligations, medium, small and very small businesses expend a great deal of energy in ensuring they respect these obligations.

6-CONCLUSION: ERM, an answer to new security needs

The first security solutions proposed fill structural holes or weaknesses in computing. Perimeter tools (firewall, anti virus, IDS & IPS) defend companies against attacks and external threats, while communications security tools (VPN) secure links outside the company.

New corporate behaviours associated with new transparency, traceability and information integrity requirements give new meaning to the circulation of information within the company.

Rather than a standard exchange, file and data communication inside the company becomes a transaction where:

• the sender and recipient are known, referenced and authenticated,
• content is locked, protected and verified,
• the exchange is recorded and protected by central tools.

• Identity and access management solutions (IAM) manage senders and recipients.
• Data encryption solutions protect confidentiality and integrity as messages circulate.
• Centralized administration solutions distribute certificates and encoding keys.

7-ZoneCentral by Prim'X: an ERM information management solution

APPLICATION

• Protecting fleets of laptops
ZoneCentral protects laptops by encrypting file systems. It is totally integrated in the system core and transparent. Its original and flexible approach is easily integrated in the company’s logistics, and provides services which are indispensable for good security. Thanks to the spaces partitioned by ZoneCentral, the computer can be administered or repaired by a third party (internal or external), or even used by a “guest” without any secrets being given away (passwords, confidential codes).


• Protecting desktop terminals
ZoneCentral can also be used on desktop terminals, with ‘terminal on’ security features: the computer does not need to be turned off to close encrypted spaces and keys, and network access to terminals is also encrypted (only those with the correct keys can read the content).
ZoneCentral can also encrypt users’ “personal” network units.


• Protecting file servers
ZoneCentral can also be used on file servers to provide encrypted sharing for users or user groups. The spaces can be partitioned based on rights, and encryption is totally transparent for the servers, which can be of any type (Windows, Novell, Linux/Samba, filers) since no software is installed on the servers.
This service is very useful when servers are used by third parties (internal, service providers, outsourcing), to partition departments (HR, information security, GM, R&D), and manage the ‘right to know’ in house. Even backups are encrypted.


• Securing an infrastructure
By combining its ability to encrypt workstations (laptops or desktops) and share files on networks or servers, ZoneCentral can fully encrypt the file infrastructure of a department, division or entire company, with maximum transparency for users AND operators.
ZoneCentral is compatible with advanced infrastructures, such as roaming profiles, public terminals, "off-line" files, ActiveDirectory or Novell networks, remote installation, central ‘policy’ administration (GPO), etc.


• Securing USB memory keys
The contents of USB memory keys can also be encrypted spaces. ZoneCentral proposes different management modes for these very useful, but also very dangerous, objects: full or partial encryption, encrypted or read only, etc.


• Exchanging confidential documents
ZoneCentral integrates the companion product Zed! invented by Prim'X Technologies, which creates encrypted multi-access containers (passwords and/or certificates).
These containers are extremely simple and intuitive, and are used exactly like zip files in Windows XP. They quickly become ‘diplomatic briefcases’ for internal exchanges and especially for exchanges with third parties (partners, subcontractors, customers). A free and free-use module lets correspondents access and modify content. This lets correspondents modify existing documents or add new ones.

• Transparency for the user
ZoneCentral is invisible. Users don’t need to change their habits or reorganise their work space (files, folders, networks): the product is quickly forgotten.
The user now works in a fully encrypted space, everything is automatic, systematic, transparent and… secure.
Thanks to this transparency, users quickly accept the security. Deployment and training costs are reduced.


• Encrypted work spaces
Users’ entire work space can be encrypted, including their Windows profile (desktop, "My Documents", etc.), temp files, system swap, Internet cache, and all their folders, on all local disks and on the company’s networks.


• Shared encrypted spaces on file servers
Shared spaces on all types of file servers (Windows, Novell, Linux/Samba, filers) can be encrypted for work groups with different encrypted access rights (right to know), in a way which is transparent for users and for server operators.


• Extended compatibility with network infrastructures
ZoneCentral is compatible (and cooperative) with advanced Windows services: roaming profiles, off-line folders, redirected folders and smart card login. It also works in a TerminalServer or Citrix environment.
ZoneCentral can also use existing logistics to facilitate deployment and administration: remote installation, policies (GPO), ActiveDirectory, LDAP directories and remote control.


• Partitioning with technical departments
On the terminals, common system and network administrator interventions (internal or service providers) require no key or the user's presence. However, this does not mean that network administrators have the right to know and to understand the content of the folders which remain encrypted.
In the same way, operating tasks on the servers do not need keys (or even software!) and do not change. Even backups are encrypted.


• The Encryption Plan allows central administration
The Encryption Plan is composed of instructions which define what needs to be encrypted. It is defined centrally and then automatically and systematically applied by ZoneCentral. This plan frees users from all "application procedures".


• Free choice of authentication methods and PKI compatibility
ZoneCentral accepts all types of authentication: passwords, smart cards or RSA tokens (major market manufacturers), and biometric tools.
If there is a PKI, ZoneCentral knows how to use this infrastructure (keys, certificates, CRLs). If there isn’t one, or if it is only partially deployed, ZoneCentral can also apply password-protected access.
So, the choice of key logistics is not structuring; it can evolve over time, and can even be heterogeneous.


• Encryption adapted to the business
ZoneCentral integrates all services indispensable to the implementation of encryption in the company, in particular for user recovery and rescue services.
Prim'X is publisher of confidence products. A certification procedure “Common Criteria” (EAL2+) of the entire product is in progress.
See DCSSI website (French)

 Download the .pdf file (ENGLISH)   Download the .pdf file (FRENCH)