Securing information in the age of external collaboration
EDRM solutions allow organisations to share information with confidence, writes Vishal Gupta of Seclore
Sharing of files with individuals outside the organisation is a way of life for today’s employees. Research recently released by Enterprise Strategy Group (ESG), ‘Securing Information in the Age of External Collaboration’, confirms how normal the practice is.
In its survey of 200 ICT and cybersecurity professionals in North America, conducted in the first half of 2016, 34% of respondents said that between 26% and 50% of employees regularly shared files with individuals outside the organisation. A further 18% said that more than half of employees are sharing files externally.
While there are obvious upsides to the sharing of information with external partners, respondents are also clearly worried. Ninety-eight percent of respondents said that the loss of sensitive data is a top or significant concern for them. The sharing of sensitive data also appears unavoidable: 49% of respondents say they regularly share intellectual property and customer information, while 48% are regularly sharing proposals and pricing documents.
It’s clear that organisations want and need to share information with external parties, but they don’t want sensitive information to be leaked, nor their intellectual property stolen. Data integrity must be preserved both inside and outside the organisation without compromising the resources and processes that make the business work.
As a result, organisations are increasingly turning to Enterprise Digital Rights Management (EDRM) solutions to help them deal with the problem. ESG’s research discovered that 47% of survey respondents have already deployed an EDRM solution and 37% plan to deploy in the next 12 months.
Organisations using next-generation EDRM solutions have the ability to manage and persistently enforce who can view, edit, copy, cut/paste, screen capture and re-distribute files. Senders can specify which devices a document can be viewed on and for how long. An audit trail is created, clarifying who has accessed a document, what they did with the document, from where, and when.
For example, one GCC government is using EDRM to solve the multiple security and compliance challenges within its Bureau of Statistics Agency, the source of all official government statistics. The bureau collects, classifies, stores and analyzes high volumes of economic, social, demographic, agricultural, environmental and energy-related data, which is sent to third parties daily, beyond the firewall to vendors, partners and other government agencies, and to other governments. The department also reports to the Cabinet and provides information and actionable insights to the Cabinet to support decision making, develop policy and evaluate performance.
A new Cabinet resolution required federal entities to classify all information assets, encrypt all sensitive and confidential data and enforce usage policies according to the data’s classification. Despite a robust governance and security framework, information could not be secured by perimeter-centric security technologies, and so the agency implemented information-centric security measures to comply with the Cabinet resolution, deciding on EDRM as the best possible solution.
Next-generation EDRM solutions are designed to enable secure external collaboration. A key to external collaboration is ease-of-use. First, recipients can authenticate using any identity source due to a rich identity federation capability. The ability to protect any type of file format and work on any device, and utilize the protected file within native applications is also key to reducing end user friction and maximizing adoption. Another essential ‘ease-of-use’ capability: the ability to access protected documents through a browser ensures any external user can readily engage with a protected file.
EDRM solutions have more value when they integrate seamlessly with installed enterprise solutions, including ERP, Data Loss Prevention (DLP), Enterprise Content Management (ECM) and Enterprise File Sync and Share (EFSS). Some of the leading EDRM solutions have pre-built connectors for dozens of these critical business applications, allowing the persistent usage controls to be automatically attached to a document as it is downloaded, discovered, or shared. By automating the protection of files, an organisation can significantly increase the number of files that are protected, closing the security gap even faster.
Looked at positively, EDRM is a way to facilitate the use of innovative technologies such as File Synch and Share, personal mobile devices and even outsourcing. EDRM also enables collaboration and the sharing of information. Documents that might otherwise be kept entirely private can now be selectively shared with approved users. Take the example of an archive or academic institute, which may want to facilitate access to rare documents that would otherwise require an authorised visit to a physical location. With EDRM, material can be made accessible in digital format for a specified time with appropriate restrictions in place.
Almost any organisation that wants to share documents, but wants to control who can access them and what can be done with them would benefit from EDRM. Senior management, Sales, Engineering, HR and Payroll – anyone who deals with sensitive information and intellectual property that may need to be shared externally – will benefit. With the right EDRM solution in place, enterprises need no longer fear sharing information and can embrace external collaboration with confidence.
Vishal Gupta is Founder & CEO of Seclore.