As the ongoing digital revolution continues to evolve the ways we do business, even the most standard practices of data security are no longer enough. “We're getting to the point where simply sending confidential information with basic encryption is no longer an acceptable method,” states Ian Thornton-Trump, CISO at Cyjax. While managed file transfer (MFT) methods alone can secure data in transit and at rest, something needs to be done once that data is unencrypted and in the hands of the third party. A combination of Digital rights management (DRM) with MFT provides that solution.
“DRM gives the sender the ability to control what the recipient can and can’t do with the data,” states Scott Messick, Cyber Security Sales Engineer at Fortra. “The sender has the ability, at any point in time, to modify the permissions on the file.” It enables you to enforce rules such as limiting access to specified IP addresses; preventing users from saving, sharing, editing or printing your content; or setting expiration dates so files are only accessible up to a certain date.
While digital rights management has been around for some time, it has had a history of causing friction for the user and being difficult to use. However, its reputation – and the technology behind it – is changing. If you’re considering the benefits of DRM for your organization, here are 5 things you need to know.
DRM isn’t just for med
ia copyrights.
Originally, DRM was created to prevent piracy of digital media content – think as far back as Napster and as current as iTunes, and then consider it within the context of the Digital Millennium Copyright act. As one former Microsoft employee said of DRM pioneer Victor Shear, "He never let us forget that we were not 'protecting music,' but 'developing the basis for a civil society in cyberspace.'" This civil society would run on protected information controlled by the owner of the data themselves, and not trust the dubious security of information superhighways to protect digital assets. Today, DRM is widely accepted as a data security solution for enterprises and artists alike. Businesses’ confidential trade secrets and enterprise-owned intellectual property are protected by DRM permissions and access controls.
DRM secures assets in the cloud.
Remote work is driving an increase in cloud technology use with services such as Dropbox, SharePoint and Box doing much for collaboration and efficiency. However, moving data in the cloud and among different cloud providers can be one of the trickier parts of the transition. The challenge of secure cloud file transfer - and who owns it; cloud provider, third- party cloud security service, the organization's SOC – is one of the reasons enterprises turn to DRM to manage permissions on the data itself. That way, no matter what level of maturity your organization has reached with cloud management, the protection and access permissions follow the data itself, not the transfer method.
DRM helps you stay compliant with continuous access control.
Bill Stubbles, Solutions Engineer at Fortra, emphasizes that “once a file you send out has been decrypted, it is completely outside of your control.” On the other hand, DRM combines data protection with access control and “allows levels of protection that a conventional file encryption solution such as PGP simply cannot match… A DRM solution enables you to apply and revoke rights management to your files at any time.” No more losing control over the asset once it’s delivered and decrypted. Now, should you discover that your data fell into the wrong hands, access can be revoked in real time with Vera DRM, and authentication is always required for assets containing PII, PCI or PHI.
DRM completes MFT to support a zero-trust environment.
Zero-trust must extend beyond the transfer method and to the data itself. Coupled with a managed file transfer service DRM can apply granular polices to data within a set, and the sender retains full control over trusted parties. This enables you to secure an entire class of proprietary documents regardless of location and enable role-based, privilege-based or classification-based permissions. DRM closes gaps in your zero-trust approach, securing where encryption alone cannot, and giving you a strategy that not only supports zero-trust for data in transit, but also for data throughout its lifecycle.
DRM is easier than it used to be.
While once cumbersome and even prohibitive, DRM has evolved and is now accessible to more companies in more industries. As early as the late 1960’s, the concept of digital rights management was slated for creating friction for users, and as late as the 90’s, Steve Jobs himself opposed it for many of the same reasons. However, today we’re moving towards an openly adopted, “native” DRM standard that is much easier to use. Now you can integrate it with technologies like Vera to apply widespread access controls based on classification level, and apply protections to all files within an MFT solution like GoAnywhere.
With the increased amount of digital collaboration between enterprises today given remote work, cloud migration, and widespread digitization, granular data access controls are becoming essential elements of an organization’s data security strategy.
Early Digital Rights Management (DRM) pioneers argued that "Without rules to protect the rights of content providers and other electronic community members, the electronic highway will comprise nothing more than a collection of limited, disconnected applications.” DRM does much to coalesce those rules and put all access limitations under the control of the data owner – no longer leaving it to chance, trust, or interception and decryption efforts. As the user experience continues to improve, the need to securely transfer digital assets increases and remote and data keeps its place as king, DRM is a solution that more companies are, and will be, adopting.
Download our whitepaper to see how GoAnywhere's Digital Rights Management and MFT solutions can help bring your file transfer security to the next level.