Take control of your documents no matter where they go
By Alyn Hockey, VP Product Management
What is EDRM?
Enterprise digital rights management (eDRM or Information Rights Management, IRM) has had a rocky start to life. While it’s been around for the last 20 years and is seen as the next step on from encryption, it just hasn’t made it into mainstream use.
It evolved out of the media DRM solutions for copy protection on music and films. The idea is relatively simple; wrap information in an encrypted envelope and require full credentials, a username and a password to decrypt. So, far it sounds like standard encryption, but with a username… however, there are a couple of additional key pieces. First, there is a policy attached to the encryption and the user and second, the application which accesses the data can enforce the policy.
How does it work?
In essence, you take a document and wrap access controls around it through a policy, and that policy is enforced even when the document is outside your control. For example, sent through email to a collaboration partner, or uploaded to a cloud file sharing site. When someone attempts to open the document, it checks the policy with the policy server – which is either located in the cloud or the demilitarized zone (DMZ) of the company which maintains control of the document. The policy can include who has access, what they can do and a potential timeframe/expiry date (almost like Mission Impossible where the message self-destructs after it has been seen and expired!). Policy can be set so the document can’t be edited, or printed, it can even prevent a simple screenshot, every action the user takes is audited. And, of course, if the document is forwarded on, if the recipient doesn’t have the credentials to open it, then they can’t (but the fact they tried is audited).
Why isn’t it more popular?
So, why with all these benefits has it taken so long to become mainstream? The simple answer is usability. Wrapping the document in the appropriate policy takes time and a certain level of skill, ensuring that the recipient is registered on the system and therefore can open the document is fraught with pitfalls which then creates frustration if it is wrong. So, what’s changed? Microsoft introduced its RMS (Rights Management Services) in Windows Server 2003, it has subsequently been updated several times, but it is the introduction of Active Directory in Azure which started to drive adoption, as there is now a directory service which anyone and everyone can take advantage of when looking to identify a user with strong credentials. This has also made it easier to automate the means of registration for a user – and its ease-of-use which is turning the tide.
Clearswift’s Gateway Encryption
Traditional encryption also struggled to gain a foothold in the market due to usability, however automation and enterprise strength solutions with full key management is now making it far more commonplace. In some markets and geographies, it is mandatory. Clearswift has offered encryption options for many years, with the Gateway making encryption almost frictionless for the sender and the recipient. The Gateway decides on the policy to be applied based on content and on context, and then carries out the appropriate actions. If the recipient hasn’t received an encrypted email before, then policy is used to set them up and make it simple for the sender to communicate the password. This isn’t just for ad-hoc (ZIP) encryption, PGP or SMIME, it can also be used for portal-based encryption.
Clearswift and Seclore
Clearswift’s eDRM solution has been created in conjunction with Seclore, a leading eDRM provider, and uses the same content inspection with context to decide which policy to apply. Once applied the system also examines the recipient (or recipients) to see if they are registered and if not, then registration instructions are automatically sent.
While there are endless possibilities for policies, we usually recommend a few standard ones to minimize on complexity in the early days. Clearswift can help with both eDRM policy design as well as sender policy as to when to use eDRM.
The simplicity and usability of the Clearswift and Seclore eDRM solution makes it an obvious choice for those who want to take control of their documents when they are used by third parties with full management and audit capabilities.
For more information:
*** This is a Security Bloggers Network syndicated blog from Clearswift Blog authored by christopher.hood. Read the original post at: https://www.clearswift.com/blog/2019/12/06/the-case-for-edrm