Aren’t classified files encrypted?

Here is a frustrating one for me, a break-in on a defense contractor’s network results in the theft of 24,000 files.  There are Information Rights Management (IRM) products such as Microsoft’s AD-RMS that can be used to essentially encrypt individual files and allow only authorized users to access them.  And while AD-RMS doesn’t directly provide protection for all the file types that appear to have been compromised, there are partners who do.  So what is frustrating is that while using commercially available IRM technology would not have prevented the theft of the 24,000 files it might have rendered them useless to the thief.  I say “might” because assuming a government stole the files they may have the resources to break the encryption.  In any case, the best practice would certainly be to use IRM.

So, is this information being reported as compromised because they weren’t using IRM or because IRM doesn’t work?

About these ads
This entry was posted in Computer and Internet, Security and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s