ORACLE DATA SHEET

DATA LOSS PREVENTION SOLUTIONS

WORKING WITH ORACLE
INFORMATION RIGHTS MANAGEMENT
KEY FEATURES

Organizations face the ongoing challenge of protecting their most

 DLP discovers, monitors
and blocks sensitive data sensitive information from being leaked. Two of the most popular
 IRM encrypts and controls
access to that data
solutions used to address this problem are Data Loss Prevention
 DLP is excellent when and Enterprise Rights Management. This datasheet explains how
location of data is not
known, but DLP can be these technologies are highly complementary and advises how they
disruptive to collaboration
can most effectively be used together to provide a complete data
 IRM is excellent with
defined business leakage solution. It also describes the integrations today between
processes, but IRM may
not reach all sensitive data Oracle Information Rights Management and the DLP products
 Sensitive data can be from Symantec, McAfee, InfoWatch and Sophos.
found using DLP
monitoring and detection,
then persistently protected
with IRM
Data Loss Prevention
 Oracle is building joint
solutions with leading DLP
Data Loss Prevention (DLP) technologies aim to prevent leaks of sensitive
vendors: information. They do so by discovering sensitive information at rest, and monitoring
Symantec and blocking sensitive information in motion, using content-aware scanning
McAfee
technology. The discovery, monitoring and blocking DLP components run either on
InfoWatch
the network (servers reaching out to scan repositories or intercepting network
Sophos
information flows) or on endpoints (end user computers or laptops).

Information Rights Management

Information Rights Management (IRM) also aims to prevent leaks of sensitive
information. It does so by encrypting and controlling access to sensitive documents
(and emails) so that regardless of how many copies are made, or where they
proliferate (email, web, backups, etc.), they remain persistently protected and
tracked. Only authorised users can access IRM-encrypted documents, and authorised
users can have their access revoked at any time (even to locally made copies).

Complementary Solutions to Similar Problems

DLP and IRM address very similar problems, but in different and complementary
ways:

 DLP is well suited to situations where an organisation doesn’t know where its
sensitive information is being stored or sent. Content-aware DLP can map the
proliferation of this sensitive information and direct remedial efforts, such as
tightening existing access controls using blocking, quarantining or encrypting.

 Out-of-the-box DLP remedial actions often prove to be disruptive to business

workflows. Sensitive information is required for collaboration with certain
third parties; configuring DLP to permit only the desired collaboration whilst

1
 ORACLE DATA SHEET

DLP customers are looking preventing other data loss proves to be almost impossible.
for a technology to allow
secure collaboration  Also DLP provides decisions about content at a point in time, e.g. can this user
triggered by their DLP
solution.
email this research document to a partner? However, 6 months later the
organization may sever ties with the partner at which point the DLP rule may
IRM customers are looking change; but this doesn't affect all the information that has flowed to this partner
for a technology to detect
over the past 6 months. DLP cannot retroactively block access to information
sensitive data and trigger the
IRM encryption process. that it has previously been allowed to pass beyond its control to third parties.

 Thus DLP customers are looking for a technology to allow secure collaboration
triggered by their DLP solution.

 IRM is well suited to situations where an organisation has relatively well

defined business processes involving sensitive information, e.g. sharing
intellectual property with partners, financial reporting, M&A, etc.. IRM-
encrypting sensitive documents or emails ensures that all copies remain
secured, regardless of their location.

 IRM continues to work beyond the enterprise firewall or enterprise endpoints,

so authorised end users on partner or home networks or endpoints can use
IRM-encrypted documents without being able to make unencrypted copies.
This access can be audited and revoked at any time, leaving previously
authorised users with useless encrypted copies. IRM provides persistent
protection, which means that you can revoke access to information at any time.
One simple change in an IRM system can stop access to millions of documents
shared with partners, customers or suppliers.

 IRM protection requires any document to be encrypted. This can be manually

actioned by an end user according to a corporate policy, but this reliance on a
manual process may result in reduced uptake. To aid uptake and enforce policy
many organizations automate the process via integrations with content
management systems and enterprise applications. However many other
sensitive documents are collaborated with that fall outside these perimeters.

 Thus IRM customers are looking for a technology to detect sensitive data and
trigger the IRM encryption process.

After DLP has found Integration Use Cases

sensitive information it can
From the above it should be clear that the combination of DLP and IRM will be
trigger IRM to encrypt it.
more effective than either solution in isolation.
Similarly, DLP can inspect
1. DLP-discover and IRM-encrypt data at rest
IRM-encrypted information to
ensure it has been correctly DLP is used to discover the proliferation of sensitive information (on endpoints
classified. and servers) and classify it in terms of its relative sensitivity. Sensitive
classifications can then be IRM-encrypted to have persistent access rights in
These processes can be
applied on the network or on
line with enterprise information security policy. For example DLP discovers a
endpoints and for data at rest set of financial documents stored in a public file share and automatically
and data in motion
protects them against an IRM classification that allows only the finance group
to open the documents. The documents stay where they are, but IRM enforces

2

Oracle is actively
collaborating and integrating
with the leading DLP
vendors.
This datasheet defines the
functionality available today.
But future integrations will
enable the two technologies
working even more closely
together.
ORACLE DATA SHEET
the access controls.
2. DLP-monitor and IRM-encrypt data in motion
This time DLP monitoring is used to detect sensitive outbound information
flows and to add IRM encryption as a remedial action for policy violations.
For example a user attempts to email a sensitive document to a supplier, DLP
detects this and uses IRM to protect the document but allows the email to
continue onto its destination.
3. DLP discovery of IRM-encrypted information at rest
It is important that DLP scanners be enabled to scan IRM-encrypted documents
and emails. This can be shallow scans (which verify the document is IRM-
encrypted and check the IRM classification) to enable controlled sharing of
suitably IRM-encrypted documents, or deep scanning (which temporarily
decrypts the IRM-encrypted content) to verify that documents are encrypted to
the correct IRM classification.
4. DLP monitoring of IRM-encrypted information in motion
Shallow scanning of IRM-encrypted documents could be used to ease
potentially disruptive DLP blocking of sensitive outbound content. Certain
IRM classifications could be allowed outbound while others could be blocked.
Deep scanning could be used to add in content-aware policies and ensure
consistency between DLP and IRM policies.
Integrating with DLP Vendors
Oracle has been requested by several customers and partners to integrate Oracle
IRM with the leading DLP Vendors’ solutions. Whilst all four of the above
integration use cases are being scheduled on both Network and Endpoints, work has
already been done today to support the following functionality.
Symantec DLP and Oracle IRM
Oracle and Symantec have collaborated to provide a solution that allows DLP to
discover and automatically call IRM to encrypt data at rest. This results in sensitive
documents being identified by DLP and then automatically encrypted with IRM.
The encrypted files can then remain in their original location rather than being
quarantined, but can only be opened by authorized users. The DLP product can also
discover and monitor IRM-encrypted documents and then audit, quarantine or take
no action depending on policy and context.
McAfee DLP and Oracle IRM
McAfee’s Data Loss Prevention quickly delivers data security & actionable insight
about the data at rest, in motion and in use across your organization. Protecting data
requires comprehensive monitoring and controls from the USB drive to the firewall.
The powerful combination of McAfee DLP and Oracle IRM automates the process
of protecting your data, giving you confidence that policies are enforced consistently
wherever your data needs to travel.
InfoWatch DLP and Oracle IRM
Oracle and InfoWatch have collaborated to provide a solution that controls
3
 ORACLE DATA SHEET

information transferred via removable storage, optical media, web uploads and
emails with attachments; as well as inspects contents of IRM-encrypted files and
messages. The solution applies policies to prevent sensitive information leakage.

A flexible policy can be configured to enforce IRM-encryption of sensitive emails.

Digital fingerprinting of the IRM-encrypted content ensures that no parts or quotes
of IRM-protected documents can leak outside the corporate network.

Sophos DLP and Oracle IRM

Oracle and Sophos have collaborated to provide a solution to control the transfer of
IRM-encrypted information via removable storage, optical media, web uploads and
email attachments. A policy can be configured to simply audit the transfer of IRM
protected files or, if required, authorise the transfer of IRM protected files and block
the transfer of non-IRM protected files.

Contact Us
For more information on Oracle Information Rights Management, call
+1.800.ORACLE1 to speak to an Oracle representative or visit
oracle.com/products/middleware.

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

This document is provided for information purposes only, and the contents hereof are subject to change without notice. This
document is not warranted to be error-free, nor is it subject to any other warranties or conditions, whether expressed orally or
implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We
specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or
indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or
mechanical, for any purpose, without our prior written permission.

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their
respective owners.