Share Documents Safely


Information security has traditionally been handled at the network perimeter, its focus on defending the edge of the organization with firewalls and hardened servers. Cyber-Ark's Inter-Business Vault takes an alternative approach, storing sensitive data in digital vaults that -- by limiting data access channels and encrypting data on disk and in transit -- provide extraordinary security.

A bank, for example, could use Inter-Business Vault to share lock-box, automated clearing house, and account reconcilement processing records with its commercial customers. These processes have traditionally been done using homegrown applications that integrate FTP with encryption, couriers, faxes, VPNs, and leased lines. Not only are such solutions difficult to deploy and hard to automate, but they're also difficult to analyze and, hence, to trust. [Full story at InfoWorld...]

This is not the usual kind of product I review. Wayne Rash asked me to do it and it sounded interesting. What I got was an education in Windows security and that was well worth the price of admission. The first part of the installation, and indeed the part that consumes 90% of getting the product running, consists of updating Windows, uninstalling things from Windows, turning off services, and making registry changes. When you're done, you've got a very locked-down box. Installing the Inter-Business Vault adds just those services that the vault controls.

A word of warning: this product takes a dedicated machine. Nothing else runs and any network communication with the machine other than that supplied by the vault is verboten. Even the CD is disabled. In a production environment, this is exactly what you want, but it had some unintended consequences for me. First, I started working on this review in July and then got interrupted by some other things. As a result, the laptop I used for the testing was completely unavailable to me for the better part of six weeks. The other problem I had to solve was getting the screen shots off the machine. I had to stick the JPEGs in the vault and use the vault's Web interface to transfer them to my Ti-book.

Of course, security comes through process, not products:

With so many ways to access and modify files in the Vault, and the ability to delegate authorizations, Inter-Business Vault makes file sharing much easier. In fact, the hardest part of using Inter-Business Vault isn't deploying and operating the product -- it's creating an identity management strategy that correctly accounts for documents and other resources in need of protection, for the people who will access them, and for the authorizations that each person has with respect to the resources. Installing the Vault will only make data more secure if the right data is kept in the vault and users are permitted access only to the data they need. If an enterprise understands how it will manage resources and users, and puts useful policies in place, Inter-Business Vault can be a critical piece of infrastructure for securely sharing files with employees, customers, and partners.