Stellar Start-Ups: Country club rules for accessing documents

Covertix will help you keep an eye on your intellectual property even when it's in someone else's hands.

By DAVID SHAMAH
Alon Samia 88 248 (photo credit: Courtesy)
Alon Samia 88 248
(photo credit: Courtesy)
Companies take great pains to make sure that only the "right" people have access to the documents on their computers and servers. Security systems abound, with alarms, alerts and algorithms galore that check the credentials of anyone who accesses anything in-house. And, of course, you don't want unauthorized folks snooping about in the employee-compensation files, the trade-secrets and patents folder, or the super-secret list of company clients and how much they're paying to buy the stuff your organization sells. Think of document access as something like being accepted into a country club. You wouldn't want to go swimming with the "wrong people," would you? But even if you aren't a snob, you certainly don't want total strangers peeping at the details of your company's business - or of how much money you make! In-house, it's next to impossible for the wrong people to get access to that kind of information. But "out (of) house," it's a different story. Somehow, pesky sensitive documents are always making their way into the hands of strangers. How? Well, maybe someone inside the organization mailed himself or herself a document s/he wanted to work on at home and typed in the wrong address, for example. Or maybe an employee sent what s/he thought was a cute family photo, but was really a diagram for the company's iPhone killer. Or, maybe the right document was sent to the right address and person, but the security on the other side has so many holes you can't be sure who has access to your sensitive information. Enter Alon Samia of Israeli startup Covertix, which can do for "out" documents what network security systems do for in-house ones. When a Covertix "self-protected file" gets distributed, you know who read it and where, and what they did with it. Thus, you get to keep an eye on your intellectual property even when it's in someone else's hands. "It's like a GPS for documents," says Samia. "Just like there are rules for network access, there are now rules for accessing documents, so you know that your information is being viewed by the right person, in the right place, at the right time." A primitive version of this kind of tracking is, of course, the e-mail return receipt, which we're all familiar with. But Covertix goes far beyond that. In order to read a Covertix-protected document, recipients (who work on systems that are not Covertix subscribers) install a plug-in, which implements the rules required to access the file. (Without the plug-in, the recipient has either limited or no access to the file; the Covertix system can assign different rights to recipients, just like a computer security system would.) Samia likens it to receiving a PDF and having to install a PDF reader. Despite the extensive authentication process, the security handshake process is invisible to users; as far as document recipients are concerned, they're looking at a plain 'ol file. But Covertix is not finished yet. The document can contain rules about the disposition of the file; for example, it can contain rules about whether it can be printed, copied or forwarded. And if those permits are in place, the Covertix plug-in will report back to the server that armed it with the rules exactly where the information went. Those rights could vary by computer as well; for example, a rule could be implemented that would let laptop users view but not edit a document. The rules can analyze content, as well; for example, if a document has one credit-card number, it could be assumed that the number belongs to an individual who is trying to buy something on-line. But 10 numbers would indicate that the document is a record of company customers that has no business being in the hands of someone outside the organization, and the rules would prevent the file from being opened. Depending on the level of security, the system could even potentially even ban a recipient from accessing the document based even on location; for example, if the doc rules expect a particular IP address on the recipients computer and a different one shows up, the reader may be a no-goodnik checking out secrets s/he shouldn't be looking at. And although there are other systems working in the same space, they're nowhere near advanced as Covertix, says Samia. Covertix allows administrators to save sets of rules in a profile that can be applied to any document - and, he says, it can even assign those rules automatically just by analyzing the content of the document, without the need for an administrator to assign anything. Covertix is clearly a heavy-duty security system - and it's meant for heavy-duty documents. "I wouldn't expect an organization to apply a system like this to all the documents on its servers; there would be no point in protecting some of them," Samia says. "But Covertix is a boon for those files that do need to be tracked." As an example, Samia cites the story of a large corporation in the pharmaceuticals business that Covertix is working with: "One percent of their data is super-sensitive, because it contains the actual information on their products, which could potentially be misused in the wrong hands. Then they have the sensitive information, such as employee and sale records, that accounts for another 15% of their data. The rest they don't have to concern themselves with, because it's outdated or irrelevant to the business." Covertix, which was established in 2006, just graduated from the IRIS Ventures Technological Incubator in Sde Boker and plans to move to the center of the country soon. Samia says his partner, techie Tzach Kaufman, deserves the credit for the Covertix system. "With so many security breaches today, and so many organizational and government requirements to protect data, we are sure organizations around the world will embrace Covertix," Samia says. "We understand technology, we understand security, we understand enterprise needs. And we understand what organizations are looking for - a little peace of mind." http://www.israeltech.net