CipherCloud Chronicles 8: CipherCloud DRM (Handing The Right Keys To The Right Person)

CipherCloud DRM
(Handing The Right Keys To The Right Person)

AppSec/API Security 2022

The recently deceased grandpa Ringo has sent a box full of his prized gold coins to his grandson Jack, but well now, if we don’t have a darn tricky situation here, as two people are claiming to be Jack.  So, how do we resolve this old West dispute without resorting to side irons? Namely, how do we ensure that we can identify  the correct stakeholder – the rightful owner of the gold filled box? 

The days of cowboys, prospectors and gunslingers may be long over, but, similar to Ringo’s cash box situation, today’s  organizations maintain  huge volumes of sensitive data in the cloud that must  be protected from unauthorized access. It’s important for an organization to protect this  cloud data because a single  data breach can alienate customers, result in  heavy penalties and badly impact  the organization’s overall credibility. 

There are many ways to address this challenge, but perhaps the most effective and efficient of these is to enlist  CipherCloud CASB+, a battle-tested solution with 10+ years of customer-driven innovation and FIPS 140-2 validation, the CASB+ solution offers extensive capabilities for zero-trust, policy-driven encryption and tokenization, providing granular, field and file-level control over sensitive data at rest and in motion. And that’s not all of its partners, CipherCloud also goes a step further to provide download protection for sensitive data.


Download protection with DRM

CipherCloud’s native Data Rights Management (DRM) enforces advanced data protection controls for sensitive data in the cloud, enabling secure collaboration and offline data sharing with automatic encryption of sensitive data, reports, and emails during downloads. Sensitive data downloads are permissible only on managed devices, and only the authorized users are permitted  to decrypt any involved  files using CipherCloud’s “lightweight” [seamless but powerful!] DRM client.

CASB+ further  enhances end-user experience via a single client,  addressing multiple clouds, and offering  different ids/ credentials for every scenario, thereby providing deep visibility into any data being accessed and downloaded by internal and external users, including customers, vendors, and partners.

CipherCloud DRM provides full visibility into any data accessed and downloaded by allowing admins to remotely “shred”  content on detection of the policy violation. Admins can also revoke the keys in real-time to protect data on lost or stolen devices.  These integrated capabilities allow organizations full ownership and control over data, regardless of where it is being shared, allowing or denying access to keys for decrypting the encrypted files. 

CipherCloud DRM works in conjunction with Adaptive Access Controls to enable contextual access to cloud resources and prevent the downloading of sensitive data on personal devices. The solution  provides additional options for access control, including:

  • Users and User groups
  • Device profile
  • Device OS
  • Activity threshold (for example, malware activity)

In addition to providing full-blown native DRM capabilities, CASB+ also integrates with major third-party DRM packages such as Microsoft offering 100% user key control for total security.

CipherCloud’s native DRM allows only the rightful users to get the keys to decrypt sensitive data based on the contextual policies that are configured. So, be it the Old West or the cloud-first world, enabling effective DRM and key management holds paramount importance for securing your treasure/sensitive data. 

In the end, using CipherCloud CASB+, the real Jack, and the right organization, always gets the right keys.

The post CipherCloud Chronicles 8: CipherCloud DRM (Handing The Right Keys To The Right Person) appeared first on CipherCloud.

*** This is a Security Bloggers Network syndicated blog from Blogs List with categories – CipherCloud authored by CipherCloud. Read the original post at: