Guarding corporate documents from the inside out

Alchemedia’s software is designed to protect sensitive documents from theft from inside companies, which is accounting for a rapidly rising share of information security losses.As corporations make more and more information accessible to more and more people, breaches of information …

Alchemedia’s software is designed to protect sensitive documents from theft from inside companies, which is accounting for a rapidly rising share of information security losses.As corporations make more and more information accessible to more and more people, breaches of information security, mostly from insiders, are becoming an increasing concern.

A simple click on the send mail button can now send sensitive information outside the company, as can commands that allow users to copy documents onto a floppy and print out hard copies.

“All knowledge management systems give employees more information at their fingertips in a digital format so that all they have to do is press forward and send it to their brother-in-law… to whom they invariably owe greater allegiance than they do to their current employer,” said Daniel Schreiber, chief executive of Alchemedia Technologies, a startup that has developed a solution to the problem through software it has developed in Beit Shemesh, Israel.

In 2000, the FBI found that theft by insiders accounted for 25 percent of all information security losses. In the fall of 2001, that number jumped to 40 percent of every dollar lost. After tracking the trend for five years, the FBI found that such losses were increasing at a compounded rate of 49 percent each year and a survey of 500 companies in 2001 found that insider theft cost an annual average of $4.4 million compared with $450,000 for outsider theft.

Alchemedia’s Mirage software stands watch over a company’s intellectual property by encrypting corporate information as it leaves the server, monitoring all screen-related activities and limiting access to prevent unauthorized saving, copying, forwarding, e-mailing or printing of the material.

With Mirage in place, unauthorized readers trying to access corporate information will get encrypted code instead of a document on their screen, Schreiber said. Others with limited access will be able to read documents on their screen, but will get only nonsense when they try to print, copy and paste, send, or save to a disk.

Joshua Duhl, an analyst for IDC, agreed that Mirage was unique in its ability to encrypt data while maintaining the format of the rest of the document. He noted, however, that there are other companies that have software that stops printing, screenscraping, and printscreening operations, among them SealedMedia, Microsoft, Intertrust, IBM, and Authentica.

All these companies’ products solve the problem of internal security violations, which, according to Schreiber, are usually generated by law-abiding citizens with no computer expertise and who are not benefiting financially. The majority of the leaks come from employees who are not acting maliciously, although the damage they cause their companies is often measured in the tens of millions of dollars.

One Alchemedia client, for example, was experiencing constant leakage of confidential information that only a small group of employees had access to. The problem was solved only after a prolonged investigation found that one group member had been sharing information with a friend who in turn was passing it on to the media.

“This type of thing is much more common than people being paid $10,000 for (a) drawing,” Schreiber said.

Alchemedia, based in Dallas, Texas, is privately held and backed by Israeli venture capital investors Israel Seed, as well as STI Ventures and The Carlyle Group, a worldwide VC firm.

Regulations in the United States and Europe that require pharmaceutical companies to provide evidence that the “right people are using only the right documents” are creating greater opportunities for Alchemedia. In the United States, the FDA requires the pharmaceutical industry to institute reliable and stringent controls over electronic documents to ensure that only up-to-date and properly authorized documents are used.

A white paper written for Alchemedia by the Hollis Group, a consultant for regulated industries, names Mirage as a way for pharmaceutical companies to meet regulations.

“While allowing users to access documents in the normal manner, (Mirage) effectively stops the unauthorized creation of electronic copies,” the report said. “It also controls and audits who is allowed to print what documents, how many times, with what watermark, and on which printer.”