All I want for Christmas...
Security wish list
3. Permission please (document permissions, retention and destruction)
One of the biggest problems for IT and legal staff is the fact that document destruction and retention policies simply don't work. This is because there is currently no available technology to effectively enforce them. The problem is part legal, part administrative, and part technological.
First of all, there is the old adage that delete doesn't and restore won't. Thus, to some extent deleting documents compounds the problems related to discovery and disclosure, and doesn't solve them. You see, if a document or record exists, it is discoverable. If you simply delete the document, but fail to wipe it (or if you only delete some but not all copies of the document) not only is the document still discoverable (because it exists), but you have increased the cost of recovery and therefore disclosure of that document at a cost that you may be responsible for (although new US federal e-discovery rules have had some marginal impact on this). When we are talking about electronic communications (including documents transmitted electronically) it becomes very difficult for a company to effectively enforce a document retention or destruction policy (well, really it's just a document destruction policy), unless every copy of the communication and document remains within the enterprise. You can only delete your copy of the document.
Thus, what I would love to see is something whereby, with no intervention on the part of the user, the document (or communication) is automatically assigned both permissions and embedded with some document destruction rules (such as, "Good morning, Mr. Phelps.. this document will self-destruct in five minutes..."). The document permissions would control things like who had rights to read, forward, print, view, and edit the document. It could also know whether the document related to corporate trade secrets or privilege (based upon the identity of sender, recipient and subject matter), or other protected matter. It would know if it was required to be kept for 30 days, 3 months or 6 years based on the same things a human (remember humans?) would do, such as its subject matter and regulatory requirements and document retention policies. Sure, we could set such permissions right now but most of us don't.
These permissions would need to be embedded at the file level so that no matter where the document was sent, it couldn't be misused. And upon expiration, the document would die (or irreversibly encrypt itself). Thus, your document destruction and retention policy would enforce itself even on stored or sent documents irrespective of where the documents are stored.
4. Mobile devices that phone home
Modern enterprises are, in a very real sense, distributed environments. They are fundamentally different than the office of 20 years ago where creation and storage of electronic records took place on a large mainframe computer. They're even different from just five years ago where many documents were created on desktop machines which stayed resident at the office. Now, most information is created on and stored on mobile devices, typically laptop computers. This trend will accelerate as more corporate information will be created and stored on smaller, lighter and even more portable devices palmtops, sub-notebooks, smart phones and the like.
While the encryption schemes mentioned above may serve to protect the data on these devices, there remains the problem that under many current configuration schemes, the data only resides on the portable device, and is not backed up onto any server or storage device by the employer. Thus, if the portable machine is lost or stolen, the company permanently loses the data on the machine. What is worse, the company doesn't know what it has lost, because it had no reference to the latest version of the files that may have been lost. Now of course, companies can configure their networks to allow for automatic backup of files onto a network drive or server, but many do not. This should change.
5. Mobile access
I want my files, and I want them now! I want to be able to seamlessly access all of my files and records no matter where they are. I want to get to them from my desktop, my laptop, any machine in my house, my palm pilot, cell phone and any other device. If I change a document, I want the changes to synchronize. I don't want to have to put all my music, video, etc., on every machine separately. Store it once, and forget it. Oh, and I want it 100% secure.
6. Strong authentication with anonymity
Once again, from the mutually contradictory wishes I want my access to be strongly authenticated - preferably without something I have to carry around (which I will misplace) or remember (which I won't remember). That probably leaves me with a biometric device, which scares the bejeezus out of me. I want me and only me to access my files (okay, maybe my boss too) but - and here is the big one - I don't want there to be a record of what I did. In other words, I want to be anonymous when I want or need to.
7. Milk and cookies for Santa
So that's it. My holiday and New Year's wish list for the security community. Oh, and while I am at it, I want a pony and peace on earth, and good will towards men. If all of that is too much to ask, well, how 'bout that Wii?
This article originally appeared in Security Focus.
Copyright © 2006, SecurityFocus
SecurityFocus columnist Mark D Rasch, J.D., is a former head of the Justice Department's computer crime unit, and now serves as a lawyer specialising in computer crime, computer security, and privacy matters in Bethesda, Maryland.