No matter how much layer of security you implement on a computer there always will be one area that is protected by a simple old access control, the memory.
You can have a complex password policy, dual factor authentication, full disk encryption, file encryption which could even be extended through the use of an Information Right Management solution, for that protected information to be accessed and manipulated it needs to be decrypted into memory.
The security of that data in memory then relies on memory access control and proper segregation, I am not sure we can talk about memory sandboxing but thats the same idea. The data will, of course, also rely on the physical security of the device it is hosted on.
Gaining administrator access on that device would therefore grant you access to the full memory.
This last point is of significance.
For IRM solutions, being an administrator on a device does not necessarily mean you also have access to the users IR...
>>[READ MORE]