Article provided by Sergey Voynov. G-71 Inc.
Over the past decades, the development of the Internet and social networks, in particular, have led generations of people to metamorphoses. The ease of finding and obtaining any information, as well as the opportunity to share it (and sometimes an obsessive desire) unwittingly formed the culture of disregard for confidentiality.
At the same time, there are still many situations where it is necessary to keep information confidential, such as in business, government, and personal relationships, but it is becoming increasingly difficult to protect. And I’m not talking about ways to control unauthorized access to this information. I am talking about the preservation of confidential information by those to whom this information has been entrusted, although sometimes it can be controversial and raise issues around freedom of speech and the freedom of the press.
Back in the 18th century, Benjamin Franklin said: “Three can keep a secret if two of them are dead.” However, neither in those days nor today, humanity has found an effective way of communication without the need to entrust secrets to at least someone. Let a limited circle of people, but someone still needs to know them.
The effective way to protect confidential information is a combination of technology, policy, and education to create a culture of confidentiality and security that can adapt to changing technologies and social norms.
If you ask most cybersecurity experts a question on the topic of ways and technologies to protect confidential documents from leakage, then most of the answers will focus on the means of protection that somehow control or restrict unauthorized access to these documents. However, according to statistics, 3/4 of all leaks are not hacking – this is a leak by those who had authorized access to documents. That is, access control tools do not work here. The only way to force those who have been entrusted with documents to comply with their non-disclosure obligations is to ensure a guaranteed determination of the culprit of the leak. Only the inevitability of disclosure and an understanding of responsibility can ensure compliance with the security requirement and radically reduce intentional leaks.
Thus, it becomes obvious that in these cases we have to talk about detective solutions, which can be divided into two non-interchangeable principal approaches. The first is the classification of document files and the addition of metadata to files containing information about who this file belonged to when it was merged. But the metadata disappears as soon as the document ceases to be a file and becomes an image on the screen or a paper document. The screen can be photographed, a paper document can be copied. Therefore, a second approach becomes necessary – the marking of documents should be used. It can be visible, in the form of static or dynamic watermarks, or more resistant to removal and more user-friendly – invisible Anti-Leaks marks based on a steganographic approach to labeling.
You can easily find information about specific vendors of these solutions on the Internet, or by contacting multi-vendor system integrators. Each of the security systems has its strengths, but it’s important to note that these technologies are just tools and require specialized knowledge and expertise to use effectively. Additionally, unmasking anonymous leakers can be controversial and raise issues around privacy and freedom of speech, so it’s important to carefully consider the potential consequences before taking any action.