Data Usage Control

The research area of Data Usage Control extends classic access control. The fundamental idea is to create comprehensive control possibilities that you can use to control your data in a fine-grained manner, even after you have granted others access to your data.

In modern company networks, sensitive data are stored, processed, and exchanged around the clock through distributed services, processes, and staff. Comprehensive security measures are necessary to protect your business data from undesirable usage and (possibly unintentional) dissemination. These measures must take into account both malicious external attacks and unintentional wrongful data usage by your own employees. The megatrend towards Cloud Computing entails additional complexity and leads to new information security challenges. Control over your data is particularly important here as the boundaries between domains, systems, and services are becoming increasingly blurred in the Cloud.

Staff mobility is growing in many business environments. It is hard to conceive of doing everyday business without using mobile devices. However, the use of smartphones and tablets in the business environment not only opens up improvement potential for business processes, but also brings along various potential risks. Permanent connectivity and mobility in combination with the often large amount of data stored on the devices carry the inherent risk of unauthorized disclosure of business-critical information. A flexible and context-sensitive security solution helps you protect your data comfortably and effectively on mobile devices.

Ensuring the security of your intellectual property or your private data goes far beyond simple access control. Even if access was granted, you may want to maintain control over the further usage and dissemination of your digital assets. To do this, data usage control extends the classic access control mechanisms so that the usage of the data can be controlled (control). The originator of the data must be able to know at all times what is happening with their data (transparency). Important issues for achieving these goals are analysis of and controlled intervention in data flows to allow control of the usage of your data depending on the usage situation. Individual data fields, for instance, must be either shown, hidden, or presented in an anonymized form depending on the data recipient or the usage situation. This allows providing and processing data in a user-specific or business-model-specific way.

The following controls are provided:

  • anonymize special (personal) data in an automated manner
  • permit usage only on specific devices or classes of devices (e.g., business devices belonging to the data owner)
  • restrict the location for the use of the data (e.g., only within a particular building or within a country’s borders).
  • enforce additional obligations on each use of the data (e.g., notify the data owner of each data access).

In addition, you can delete selected data after a precisely defined number of days or make them unusable.

Our distributed data usage control allows you to control the dissemination and use of your data beyond the first access and thus offers added value in the area of data security.