As companies from banks to butchers’ shops become dependent on their computer databases-and increasingly vulnerable to hackers and overly curious employees-the ability to control the flow of information in company networks is at a premium. Today’s network software can do part of the job, password-protecting specific files, for example, or blocking outsiders’ access to the corporate network, but it’s usually an all-or-nothing proposition. What if, for ex-ample, a bank teller needs access to a customer’s old address, but that information is restricted because it’s in a document that also contains confidential credit information? Columbia, MD’s Sphere Software is using technology licensed from Johns Hopkins University’s Applied Physics Laboratory to build software that will not only keep data secure but will also make sure everybody in the company can get the information they need.
In April 2000, CEO David Glock, a 17-year veteran of the Applied Physics Lab, started Sphere Software with two key technologies from the lab: an advanced search engine created by software engineer James Mayfield and a network-monitoring tool developed by his colleague Sue Lee. Mayfield’s technology can go beyond simple database searching to sift through huge numbers of different types of files, extract all the relevant information-and weed out anything a particular user isn’t meant to see. Lee’s software uses artificial intelligence to keep watch over network traffic, learning the normal pattern of data flow and picking up on any irregularities. That gives the software the ability, not only to catch hackers and snoops, but also to keep track of the day-to-day operations of an organization. In a hospital, for instance, the software could become familiar with doctors’ prescribing habits. If one week a doctor prescribes more morphine than usual, it could detect the change and alert an administrator.
One reason that Sphere’s system can promise to do so much is that it takes advantage of a data format called XML. A descendant of the familiar Web language HTML, this format is only a few years old but is rapidly finding applications far beyond the Web. That’s because it allows a user to attach a descriptive “tag” to a piece of data, essentially saying, “this is a name,” or “this is a phone number,” or even “this is confidential.” These tags help Sphere’s software hunt not just for keywords but for different types of information, skipping over data that is useless or forbidden to a particular user.
Even backers of Sphere, however, acknowledge that the system’s requirement that an organization’s data be in the XML format could initially be a hindrance. Widespread adoption of Sphere’s software won’t happen until the format establishes itself as a standard, says Andrew Clark, president of Wheatfield Ventures, a private equity fund in Columbia, MD, that will be providing some of the $500,000 that Sphere hopes to raise by the end of this month. Still, says IDC analyst Susan Feldman, XML-based software is increasingly in demand. “I think combining artificial intelligence and XML technologies is a great idea,” Feldman says.
This summer, Sphere unveiled a free, skeleton version of its software-lacking Mayfield’s and Lee’s components-that can do very simple tasks such as authenticating requests for documents. As of July, Sphere’s nine employees were working with half a dozen engineers at the Applied Physics Lab to turn Mayfield’s and Lee’s technologies into independent modules that could plug into the skeleton program. Sphere plans to sell those modules, along with a tool kit that lets users further tailor the program to their organizations’ needs, beginning this fall. If all goes according to plan, Sphere’s software could soon begin to transform the way we protect our data-and the way we put it to use.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today