Companies and government agencies anxious to better protect sensitive documents are eager to try the SmartCipher system developed by Israeli startup Covertix.
Besides spilling the secrets of 100 empires, the Wikileaks scandal revealed to the world just how vulnerable “secure” data really is – and how ineffective traditional data protection methods, like firewalls, really are. After all, if an army officer armed only with a rewritable CD could manage to lift hundreds of thousands of sensitive and top-secret documents from a U.S. Defense Department server – which one would assume would enjoy full protection from intruders – what hope is there for the rest of us?
A great deal, says Alon Samia, CEO and co-founder of Covertix, an Israeli startup offering a product that might have prevented the mass revelations of diplomatic secrets by Julian Assange. The company’s document technology prevents unauthorized individuals from opening and reading files, alerting managers when a document’s security is compromised and automatically blocking usage if unauthorized use is suspected.
“With the growth of online information fencing, where it’s easy to sell credit-card and other data, the incentive to steal information is greater than ever,” says Samia. “The danger is just as great — perhaps even greater — from organization insiders as it is from outsiders.”
Using the Covertix SmartCipher system, Samia says, lets organizations keep track of documents and data that are at risk, even from employees who have physical access to servers and can copy whatever they want by attaching a USB drive to a data port. With SmartCipher, they may get away with copying a document – but they won’t be able to read it.
Playing by the rules
In a system protected by SmartCipher, documents get tagged with a small attachment containing a set of rules specifying who is authorized to access them. On servers where SmartCipher is installed, the systems keeps track of all document access – who read it, when, on what computer and whether any changes or copies were made. Outside the office, users authorized to read the document must first install a plug-in unique to the particular company. Samia likens this process to receiving a PDF and having to install a PDF reader.
In-house and out, the Covertix system can assign different rights to recipients. Beyond access, the Covertix rule-set can regulate just about any user action regarding the document, including whether it can be printed, copied or forwarded. And if those permits are in place, the Covertix plug-in will report back to the server that armed it with the rules exactly where the information went.
Those rights could vary by computer as well – for example, a rule could be implemented that would let laptop users view, but not edit, a document. The rules can also analyze content. For example, if a document contains one credit-card number, it could be assumed that the number belongs to an individual attempting to buy something online. But 10 numbers would indicate that the document is a record of company customers that has no business being in the hands of someone outside the organization, and the rules would prevent the file from being opened.
Depending on the level of security, the system could potentially even ban a recipient from accessing the document based on location. For instance, if the document rules expect a particular IP address on the recipient’s computer and a different one shows up, the system could assume that it is being accessed by an unauthorized individual.
‘Like a GPS for documents’
Despite the extensive authentication process, the security handshake process is invisible to users. As far as document recipients are concerned, they’re looking at a regular file.
“It’s like a GPS for documents,” says Samia. “Just like there are rules for network access, there are now rules for accessing documents, so you know that your information is being viewed by the right person, in the right place, at the right time.”
Covertix, established in 2007, has about 10 employees, mostly in development, but already the company has snagged some high-profile clients in Israel and France, Samia says. Headquartered in Kfar Saba, the privately held company has raised several million dollars from the Office of the Chief Scientist of Israel, the Iris Ventures technology incubator and private investors in two rounds of financing.
Samia says the company has gotten a lot more inquiries in the past few months – mostly because of Wikileaks.
“The Wikileaks scandal has raised a lot of questions among company directors who not too long ago thought they were immune to this kind of thing. For a long time, executives believed they were protected if they had a firewall and anti-virus system – keeping the bad guys out of their systems. But the perimeters are crumbling – firewalls don’t offer any defense from data theft by insiders. Covertix does,” Samia says.
Growing need for document security
The market for document data protection is expected to grow substantially. “With new methods of data retrieval, such as the ability of users to upload, read and edit documents on cell phones, there are new challenges. In addition, there is the issue of cloud storage security, with documents on even secure servers accessible on computer screens around the world. Now more than ever, solutions are needed for data control,” Samia says. Covertix is developing products for protection in those areas as well.
“Interest in our product has jumped in recent weeks, especially in traditional areas that require data protection, like finance and government security, but we are seeing interest from institutions in non-traditional industries, like education,” Samia adds. “More companies understand the problem, and many have, for the first time, begun budgeting for document protection.
“Because of Wikileaks, everyone today has the same question: ‘Can this happen to me?’ The answer is yes, but with Covertix, companies have a fighting chance,” he asserts.