IT Briefcase Exclusive Interview: Protecting Our Businesses and Our Government from Online Security Threats with Adobe

In the interview below, John Landwehr from Adobe outlines top national security threats to desktops, laptops, tablets, and smartphones, and ways in which Adobe is working to help businesses fight this security battle.

• Q. As so much of our information becomes digital, and hundreds of millions of new devices and people are coming online every year, what do you see as the biggest content centric security challenges emerging today?

A. The amount of sensitive content continues to grow – including personally identifiable information (PII), intellectual property (IP), and other government and business information in need of protection.  At the same time, users – whether workers or consumers – are embracing smartphones, tablets, and other non-PC devices including televisions, gaming consoles, and more.  This creates challenges on how to support the users on those multiple platforms.  Network perimeter protection is no longer sufficient, and even protecting data at rest and data in motion is proving to be insufficient.  Content remains vulnerable to accidents, insiders, and compromise because it can be removed from its secure electronic envelope and go places it shouldn’t.  As a result, new approaches to information protection are required, and the industry is addressing that with content centric security solutions.

• Q. What advice can you offer to businesses trying to overcome these challenges?

A. Content centric security is designed to protect the content independent of storage, independent of transport – across platforms.  It’s applicable to consumers receiving a phone bill, applying for a loan, checking their health insurance, or manufacturing workers building and repairing valuable machinery from electronic plans, or office workers developing strategy documents.  In all of these cases, the electronic information can be locked down at the content layer, so everywhere the content goes – it remains protected.  This includes the ability to determine who has access to the content based on their login and role based access, and what they can do with the content – print, modify, clipboard, etc.  If content does leak – it remains protected, and unsuccessful accesses of that content are reported to the content owners.

• Q. What is your take on the risk vs. compliance issue companies face when dealing with BYOD in the workplace?

A. The mixing of personal and workplace information is not new and existed before personal electronics were invented.  For example, many people personally purchased their own day planner for their combined work and personal contacts and calendar.  Doctor appointments mixed with merger meetings mixed with date nights.  If the paper-based planner were misplaced in either work or personal situations, sensitive information may be discovered.  Today, personal electronics have replaced the paper, and increased the amount of data that can be carried around.  The data is both an asset and a liability, in both work and personal environments.  Fortunately, a mobile device can be better protected than a paper binder.  If it is misplaced, there are PINs to protect it, as well as controls to persistently protect the content – using content centric security.  Further, these controls can protect the content across smartphones, tablets, and PCs simultaneously to help with compliance concerns in a cross-platform environment.  This type of security is also consistently implemented with both home and work owned devices.

• Q. What do you see as the biggest current threat to national security on desktops, laptops, tablets, and smartphones, and how is Adobe working to fight this security battle?

A. Education.  Security is never done, complete, or 100%.  To stay a step ahead of the bad guys, it is important for end users, IT personnel, budget owners, and policy makers to all allocate appropriate resources, including time, to staying current on security matters.  Adobe provides technology solutions for secure information sharing with content-centric security and provides eLearning technology to help organization’s educate their community.

• Q. In your opinion, what sets Adobe’s Security Solutions for Government Agencies apart from other government focused security solutions available today?

A. Adobe has one of the most widely distributed security clients in the world – with the free Adobe Reader running on Windows, Mac, Linux, iOS, Android, and other devices.  We have been working with encryption technologies since Acrobat 2.0 – in 1994.  We have been working with public key infrastructure since Acrobat 4.0 in 1999.   We have expanded our security capabilities to other file formats including Microsoft Office, CAD files, and media files, too.  We use NIST FIPS 140-2 certified encryption modules and continuously innovate with advances like elliptic curve cryptography implementations.  We support multi-factor authentication through tokens and smartcards.   But it’s not just the security technology itself that is important, it is the implementation in how it scales to the masses and remains easy to use.  If security isn’t easy to use – people won’t use it, or won’t use it correctly.  Therefore, Adobe spends significant effort focused on the user experience and how well it integrates into common workflows – whether it’s content management systems, electronic forms, and other types of information exchanges.

John Landwehr is Vice President, Government Solutions at Adobe. John’s team is responsible for public sector solutions incorporating electronic documents, digital media, web content management, analytics, information assurance, and collaboration technologies to support business efficiency & optimization, training & mission readiness, content security, and citizen & force engagement. John has been with the company for over a decade, working across numerous enterprise product lines including Acrobat and LiveCycle. His team has developed solutions for secure collaboration and information security for protecting intellectual property and privacy related information within government, commercial, and education markets. Innovations include the Certified Document program to facilitate authentic electronic documents with digital signatures, Enterprise Rights Management to persistently protect sensitive content, and Adobe’s first iPhone and Blackberry applications providing forms and workflow approvals to mobile users. John’s expertise includes product management, product marketing and business development related to application servers, operating systems, enterprise applications, hosted services, mobile applications, PKI, identity management, and encryption technologies. He has provided testimony to Congress, has been issued multiple security related patents, previously held positions at NeXT and Apple, is a Certified Information System Security Professional, and a graduate of Northwestern University.