HOME ALL STORIES LATEST NEWS COLUMNS OPINIONS EDITORIALS GUEST VIEWS SHORT TAKES DATA WATCH SPECIAL REPORTS ZEICHICK'S TAKE SD TIMES 100 EDITORS' BLOG

RSS FEEDS

FACEBOOK

TWITTER

WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE BZ RESEARCH ALMSHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL CALENDAR EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS BZ RESEARCH SYSMANNEWS SPTECHCON ESDC IPHONEDEVCON PRIVACY POLICY CONTACT US

Printable version

HOME >> LATEST NEWS

Most Read Latest News Blog Resources

Mono brings .NET to Android
At Microsoft MIX, Mono will unveil the ability to port .NET applications to the Android op...

OSBC focus turns to best practices for open-source adoption
Businesses are no longer asking why they should adopt, but how do they use open source leg...

Going 'all in' on .NET as default runtime
Programmers for Windows Phone 7 will need to use Silverlight and XNA for development

Scrum Planning Board adds automation to Axosoft OnTime
Illustrations are also included to assist Scrum-using developers a better view of what the...

OSBC focus turns to best practices for open-source adoption
Businesses are no longer asking why they should adopt, but how do they use open source leg...

IBM uses BigSheets to hold onto Britain's digital past
To prevent digital information on the Web from disappearing into the "digital black hole,"...

Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.

Overcoming Development Challenges with Open Source Open source software can help you with your application development challenges. It doesn’t...

Accelerate Services and the Cloud Business units, functional groups, and different divisions of companies across industries...

Enterprise Mashup Platforms for Today’s Increasingly Complex and Real-Time Context Enterprise Mashups offer your company a new way to connect data from inside and outside yo...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Source Code Protection Behind the Scenes

Startup provides encryption solution it claims is non-invasive

By David Rubinstein

October 12, 2007 —

Sandeep Tiwari doesn't believe people's freedoms have to be compromised in the name of security.

Tiwari is CEO of Zafesoft, a startup focused on source code protection, and according to him, unstructured data such as source code can and must be secured without a complex system. "Security should run in the background, without an interface or a log-in," he said, "or else people just won't use it. It becomes too invasive."

Source code files are routinely copied, e-mailed, pasted and printed, Tiwari said, because developers inside and outside of a business need access. Securing unstructured data so the digital file cannot be compromised, and so the company can maintain its credibility and any competitive edge it derives from the intellectual property, is the challenge.

Tiwari claimed that Zafesoft's namesake product protects the content, in contrast to digital rights management systems that protect the envelope but not its contents. Content monitoring and filtering systems can be beaten, he argued. That’s because "CMF is a fingerprinting system. If I really want to take the file out, and not let the CMF system know, I can replace all the a's with two z's, and [change] all the e's to two exclamation points, so now the CMF system doesn't know the file—none of the fingerprints match—and it lets the file be moved," Tiwari explained. CMF systems, he claimed, are good for accidental loss prevention, where someone might not realize they don't have access to a file, but “if someone has intent to be malicious, [CMF] can't really stop it.”

The Zafesoft solution consists of the Z Central Server, which the company hosts and uses to track "zafe'd" files anywhere they reside, and a Z Opener client that enables access to files in the system and performs encryption, Tiwari said. Companies can also use the Z Corporate Server, which works inside the firewall to watch every file in the system.

Zafesoft "keeps track of who opened the file, and what he did with it," Tiwari explained, noting that files are encrypted and decrypted on the fly, and if someone without access tries to open a file, an alert is forwarded from the server.

A company employee with access rights can copy files, e-mail them to outside parties, or download them and work on them at home. However, the instant that person is no longer trusted, all his rights to the system can be removed, and those files become inaccessible to that person, without affecting the rest of the team. Tiwari said Zafesoft licenses a third-party tool to perform the encryption and decryption functions. "Content remains encrypted, even when it's copied or put on a clipboard,” Tiwari explained.

The early release of Zafesoft, which came out in mid-September, can be used to secure Windows source code. The next release, due out in early October, will work with Linux.

Share this link: http://www.sdtimes.com/link/31206

Git changes how developers manage source code versions At this year's Git Together, developers praise the platform's convenience and its ability to make source control easier. Changes for the future will focus on making it more Web 2.0-compatible by offering more on-demand repositories on GitHub.

Code Center update allows code approval grouping Building on Code Center's existing tracking features, Black Duck has added more flexibility in approving open-source components, and entire stacks of software can be approved from a business, coding and legal standpoint.

OSBC focus turns to best practices for open-source adoption Businesses are no longer asking why they should adopt, but how do they use open source legally and securely?

Add comment

Name*
Email*
Country

Comment
Preview

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
ISSUE 3/15/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?

Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.
03/17/2010 11:16 AM EST

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.
03/17/2010 11:08 AM EST

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.
03/16/2010 01:10 PM EST