Blog

The need for Secure Information Sharing

Feb 24, 2014
Martin Kuppinger

A while ago, I wrote about the changing market for Secure Information Sharing. I also recently published a report on Microsoft Azure RMS, one of the most important products in that market segment, and further reports will follow.

The first question is: What is Secure Information Sharing (SIS) about? It is about technologies that allow sharing information across the boundaries of an organization in a secure manner. Such technologies ensure encryption of the document both in motion and at rest. Furthermore, they apply and enforce access control, restricting access to the documents and (ideally) enforcing entitlements for editing, printing, forwarding, etc.

SIS has been a requirement of many organizations for years now, especially organizations that need to share information with a broad number of business partners and have complex supply chains. Some, such as the automotive industry, aerospace & defense, or life sciences, have been looking for such solutions for several years. In some of these industries, collaboration networks that enable SIS are established. These industries also are the ones who have been most active in demanding improved IRM (Information Rights Management) solutions.

So why do we need SIS? There are some reasons:

  • Agile, connected businesses lead to new requirements for collaboration. A good example is the life sciences industry, where success and time-to-market frequently depend on efficient collaboration with various external parties. Such collaboration, especially in a competitive environment with strong regulatory requirements and tough competition, requires the ability to securely share information.
  • Regulatory compliance is a strong driver for SIS. The ever-increasing requirements push the demand for SIS in various industries – again life sciences is a great example.
  • The fear of organizations regarding industrial espionage also increases the demand for solutions that seamlessly protect information at rest, in motion, and in use – and that’s where SIS comes into play.
  • Finally, traditional IT security such as firewalls and Data Leakage Prevention (DLP) are not sufficient to fulfill these requirements. New types of solutions are required.
From my perspective, the potential for Secure Information Sharing (SIS) technologies is based on these considerations and the fact that SIS focuses on the right perimeter. This perimeter is not the server system, it is not the end user’s device, and it is not the firewall. It is the information. Information Security, as the name implies, is about securing information – and that is what SIS does.

My next post on this topic will dive a little deeper into the strengths and weaknesses of various approaches.