Information Security and Digital Rights Management
Securing sensitive government information isn’t a luxury – it’s a necessity. But as the amount of data in the federal government grows – by some estimates doubling every 18 months – and as new technologies and platforms proliferate, the challenge can be daunting. The first step to overcoming that challenge, however, is understanding the scope of the problem. For over 30 years, Innoviss has served as a trusted partner in information security, pioneering many of the safeguards that are now becoming standard.
In the beginning…
Innoviss’s expertise in security isn’t based solely on certificates and education – it’s based on experience and innovation. Our security experience began three decades ago in the form of background investigations. Most people think of background investigations as a way to keep security risks out of a system, but it also requires keeping secure information in it. Innoviss pioneered this work, serving as the first company approved to provide background investigation support to the federal government in 1980. A key to the effort is making sure that private, Personally Identifiable Information (PII) used in the process remains private. To do so, Innoviss had to create a framework that ensured complete protection across its information systems and network – something that we are continually enhancing, improving, and innovating to stay a step ahead of an increasingly challenging security landscape.
Data at Rest, Data in Transit
Sensitive, Personally Identifiable Information (SPII) must be kept secure and encrypted both at rest, and in transport. While other security companies may be content to lock up the data and leave you – the agency – to the unkind task of figuring out how to work with it, Innoviss designs security solutions with the user in mind. We work with secure data all the time, so we know how to build systems that provide meaningful security without impeding the mission. In order to meet the high standards of SPII, we eliminate the storage of physical files from the file system altogether. Instead, we store data as AES 256 bit encrypted binary objects. This means that even if the data at rest is compromised, the physical database file will yield only encrypted objects, not actual files. To deal with data in transit, we’ve locked the system down – preventing any employees from having the ability to copy files to other media or remove them from the secure location.
Digital Rights Management
No level of encryption is worthwhile, however, if you don’t have a powerful Digital Rights Management (DRM) system. Innoviss has implemented unique DRM with granularity not just at the system and group level, but all the way down to individual users and individual files. Each time a user requests access to information, their rights must be verified. It makes no difference whether they’re accessing it internally or through the public Internet – every single request must be verified. By doing so, Innoviss can provide agencies with real-time control over their information, defining not only if an individual has access, but what kind of access – whether it’s to copy, print, view, modify, or save. Moreover, this role-based access control system is delivered independent of any internal network, such as a Windows Active Directory or other Trusted Computing Environment, allowing the DRM infrastructure to be a unique environment, globally accessible through any standard laptop, desktop, or tablet computer, and yet completely segregated and independent from the internal infrastructure.
Security you can use
Breaches of government systems have become too numerous to count, and the cost is real. But what many fail to talk about is the very real cost of a poorly-designed or integrated information security system – a cost not in breached files, but lost time and productivity. Unlike many security vendors, Innoviss understands the day-to-day needs faced by agencies that work with secure information. In fact, we’ve spent the last three decades perfecting an iron-tight security system that meets all of the needs of today’s security mandates and delivers it in an environment that supports the mission. That’s what we call innovation you can use. And it’s why agencies across the government trust Innoviss.