web_header
Aviation Dichroic Glass Affluence GRIPP - Data Theft ICT services
Home Products & Services Research & Development News Investors About Us Contact

GRIPP - Data Theft

DATA THEFT - ARE YOUR STAFF STEALING YOUR INTELLECTUAL PROPERTY?

-23 April 2007, by Kobus Veldsman

 

Lots of companies tend to have little in terms of physical assets.  Most don’t even own the premises they occupy.  Aside from their fee-earning consultants, the data they have is their biggest asset.

 

Firms make it far too easy for staff to access data, and although this is a fully understandable practice, one have to point to the growing use of devices such as iPods and USB memory sticks, which can store megabytes of data.

 

One might wonder if too much fuss is being made over the threat posed by these types of media devices. It is not new, but simply an improved method of walking data out of an organization. Years ago employees could easily download documents to portable Zip drives, but with our increasingly dependence on digital data as well as devices with much greater capacity are becoming ever-more-present, and that worries some security experts.

 

The advice to ban the use of this sort of equipment on company computers is not always feasible, nourishing the possibility for it to become widely used by employees to fool security officials and breach data security rules.

 

Staff who have been fired or missed out on promotions are the most likely to turn to this type of fraud, wanting to punish their employer.  Similarly, staff leaving to set up their own business may also present challenges. A consultant may feel that his own efforts, rather than anything his firm has done, have helped attained the information, entitling him ownership.  Criminal gangs who use employees as insiders to extract information may also pose a threat.

 

Giving the facts, what can companies do to protect valuable information and ensure that when employees leave, client lists, sensitive documents, and even databases will not go with them?

 

Two South African engineers seem to have a solution.  The Globally Regulated Information Protection Program or GRIPP provides protection through a unique use of real-time encryption in conjunction with a new technology called supervised-processing. 

 

With a nominated application for each protected data type (MSWord -> *.doc, MSExcel -> *.xls, etc), GRIPP will only allow access to the data through these applications, providing all other access with an encrypted copy.  Because the data is encrypted at all time, it can be copied, e-mailed, and even published on the Internet, and still only be useful to the owners, using GRIPP to enforce the copyright.  This process is totally transparent to the user and requires no interaction, eliminating password leaks as well as insider theft.

 

A current alternative is to make use of software that restricts USB and FireWire bus usage, preventing end users from connecting portable storage devices to their office PCs.  However, if an attacker is determined, chances are he'll figure out how to bypass the third-party software. For instance, as long as attackers have physical access to the machine containing data, they could use a live CD to bypass the OS altogether, or simply remove the machine's hard drive.

 

GRIPP uses a normally close rather than a normally open method of encryption, making it impossible to circumvent.  Files are stored encrypted onto the hard disk drive and are decrypted in real-time as opened by an nominated application on an authorized machine – any changes get re-encrypted.  This is all made possible by Supervised Processing, the technology used to oversee the process of reading and writing data to permanent storage. 

 

Gallery

 

For more information - download PDF