Making the mobile workforce more secure

Enterprise digital rights management could help organisations overcome growing concerns about worker mobility and BYOD

Tags: Data protectionData recoverySeclore Technologies ( Arab Emirates
  • E-Mail
Making the mobile workforce more secure Abhijit Tannu founder & CTO, Seclore.
By  Abhijit Tannu Published  August 7, 2017

Mobility has the potential to make each of us more flexible and productive than ever before. As long as we have a connected device with us, we can answer e-mails, edit documents and put together presentations from anywhere.

But mobility also has its pitfalls. Once it crosses the endpoint and leaves the organisation, data is vulnerable to theft or accidental loss.

‘In a world that emphasises connectivity, mobility, sharing and cloud services, business information flows continuously in and out of endpoint devices. Security and risk management leaders must develop a portfolio of solutions to address different aspects of encryption and boundary defence,’ writes Gartner Inc., in its ‘Market Guide for Information-Centric Endpoint and Mobile Protection’.

As long as it remains within enterprise boundaries, data can be protected by full-disk and file system encryption. Disabling USB ports and controlling the use of cloud-based enterprise file sync and share (EFSS) services can help prevent data leaking across the endpoints.

Often, however, files must be intentionally sent outside the organisation, either to partners and suppliers, or to an employee’s own home or mobile devices. Once files leave the organisation and take up residence on a smartphone or laptop computer, they become vulnerable. Files may be forwarded in error, a person may create a hotspot on their phone and carelessly leave it open, or the data in a file may be intentionally misused.

As Gartner makes clear, these devices may also be actively targeted by those who might profit from the information residing on them. ‘Endpoint devices will continue to be an attractive hacker focus for harvesting business data. These devices are real, tangible, accessible and abundant. The users of these devices will also continue to make human errors that cause information to be vulnerable’.

Enterprise digital rights management (EDRM) offers a potential solution to the problems created by today’s enhanced levels of employee mobility. It allows organisations to enjoy the benefits of a mobile, always-connected workforce, while reducing the chances of data falling into the wrong hands.

With EDRM solutions, organisations can move beyond the basic password protections of old and apply a broad range of controls to each individual file. They can precisely specify who can view, edit, copy, screen-capture and re-distribute files, as well as which devices a document can be viewed on and for how long. An audit trail is created, clarifying who has accessed a document and when.

According to Gartner, ‘EDRM creates the tightest possible access control relationships between files and apps. Policies can be detailed, and access can be tracked’. Advanced features of EDRM solutions include document- and user-specific watermarks, SSL tunnelling and pre-built connectors for critical business applications.

Recent innovations in EDRM solutions include one-step email verification, viewing of multiple files simultaneously is now made easy with browser-based viewer, and the ability to edit protected documents natively in Mac, gives Mac users the same level of data-centric security as their Windows counterparts. Other developments that enhance ease of use include login through Google accounts and ‘auto-discovery’, whereby forwarding a protected email automatically transfers access permissions to all new recipients of the mail.

The file formats that very complex in nature for e.g. the Solidworks 3D Drawings; need to have an extra level of protection to facilitate secure collaboration across business units and with third-parties. An EDRM solution has the capability to add persistent, file level security that travels with the data like drawings, parts and assemblies ‘This method is suited to context-dependent data protection,’ Gartner writes, in its definition of EDRM. ‘Files are imbued with persistent protection policies when created, read and updated. The policies can specify access by company, user, project, and other details. EDRM can also stipulate limitations on app behaviour such as blocking “save as,” clipboard copying, printing and so on.’

The range of information defence technologies available is broad and each piece has developed as a point solution focused on one part of the cybersecurity puzzle. Today’s realities require putting the pieces together to form an end to end package, one that protects files when they are both within and outside the organisation. Enterprise digital rights management’s role is to protect data when it leaves the organisation and takes up residence on mobile devices.

‘Security and risk management leaders who grapple with endpoint security challenges must accept that astute information protection requires a blending of several methods,’ writes Gartner. ‘EDRM promises to be the most flexible and pervasive future technique to protect files regardless of where they travel.’

Abhijit Tannu, founder & CTO, Seclore.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code