Revoke Access to Your Files from Anywhere – DRM and How it Works
Your auditor sends a copy of your company’s recent financial statements to his firm to verify another clean pass. Because he’s worked there for years, he sends the file to his partner without encrypting it and leaves for the day. On his way home, his phone buzzes as an email notification comes in with the subject “Wrong Paul?” Almost immediately, your company’s sensitive financial data, confidential business information, and quarter-end stats are out in the open. And there’s nothing your auditor can do to bring them back.
By Ekron Dries
Now, this auditor could have kept his job if a Digital Rights Management (DRM) solution had been in place. In that scenario, he would have set permissions on all sensitive files before transferring them to his firm. Or, better yet, your enterprise would have set those permissions to both him and his partner at the firm so that no matter what happened, only the two of them (and specifically named others) would have access to read, write and edit (or print, copy, and save) those files. Permissions are not granted just by being in possession of the data – those are allocated by the file owner.
Digital rights management (DRM) has become a buzzword in security today as it is one of the most agile, far-reaching ways to support a zero-trust strategy in the realm of file transfer. By allocating access with specific, granular permissions, DRM allows you to stay compliant, retain control of your data, and confidently send sensitive files regardless of the safety, storage, or transfer methods in use by you or a third party. Let’s see how it works, how you can put it to use in your organisation, and the benefits it brings.
How DRM Works
Even encrypted data could fall into the wrong hands and be cracked with enough time and talent. Decryption keys can be stolen. The account of the receiver themselves could be hacked, and a study of the last few years revealed that 1 million passwords are stolen every week. Pilfered credentials are sold on the Dark Web for the price of a gallon of gas, so the idea of data being safe behind your username and password is losing credence at best. The number of ways things can go wrong is alarming, and they do go wrong, as last year’s 68% jump in data breaches year-over-year will attest. That information is coming from somewhere, and it’s certainly not protected enough to stop successful attacks.
Historically, breaking into the house meant having access to all the goods inside it. Then, we got smart and started encrypting – locking up – basic assets. With encryption backdoors, brute force attempts, plaintext attacks, decryptors, stolen accounts and more, even those locks are becoming insufficient. As Ian Thornton-Trump, CISO at Cyjax, states, “We’re getting to the point where simply sending confidential information with basic encryption is no longer an acceptable method.” In other words, bad guys are stealing the key.
What if someone broke into your house, cracked open your safe and pulled out your stash of cash – all in personal checks, made out to you. At that point, even though they’re “in possession” of your financial assets, they do them no good because the permissions to access them are granted to somebody else – you. That’s what DRM does. It allows the sender of the data to specify who gets to unlock, open, edit, save, copy, send, and share the data – no matter who’s holding it. Even a print screen can be blocked. In that scenario, your auditor could have responded with a simple “Please disregard” and drove happily on his way. The file would have been unopenable to the “Wrong Paul” anyway.
Benefits of DRM
Now that we know how DRM works, it’s important to pair it with the right technologies to fully leverage its effect. A complaint in the past has been that DRM – because of its granular nature and strict file permissions – is cumbersome and prohibitive to use. That may have been true, but the user experience has improved greatly since the early days of Napster when DRM was principally used to deter music piracy. Now, you can pair it with a managed file transfer (MFT) system and automatically apply permissions, compliance policies and other protections based on data classification, or to every file that leaves the MFT. And there could be thousands. In addition to being much more efficient and user-friendly, DRM technology provides additional security benefits such as:
Safe cloud collaboration. With so many companies moving rapidly to the cloud, growth can outstrip security. There are easy-to-use collaborative tools like Box and SharePoint that allow remote access workers to function more as a team, and files between them need to be transferred safely and fast. The right DRM provider can allow you to move data between those platforms while retaining full rights and attaching permissions to the data itself, not the platform or the transfer method.
Staying current with compliance standards. As soon as your data falls into the wrong hands, you are no longer compliant and there are legal consequences to pay. Think GDPR, CCPA, PCI-DSS and HIPAA. Each comes with its own weighty remediation process and fines, and it’s too big of a risk to be leaving it to chance and file transfer methods that have been proven hackable. Defence in depth is always your best option. Adding DRM as an extra layer of security to an already secure protocol like MFA can ensure that even if your data is compromised, permissions can be revoked immediately at the user level. And, with Vera DRM, access to any file containing PII, PCI or PHI will always require authentication beforehand.
Applying widespread security policies to your data. Applying detailed security policies to every single piece of data can be an imposition at best, insufferable at worst. It was one of the reasons DRM was seen as painful in the past. No more. Today, you can apply group policies en masse to data within a certain classification level, securing each file like it was the only one but without the tedium.
Securing your data anywhere. Because protections and permissions rest with the data, not the transfer method, your data will be protected anywhere. No matter whose hands your files may fall into, unless that person is specified (by their email address, for example), they won’t be able to access it.
“Digital files are the crown jewels of any organisation, and end-to-end rights management is increasingly the goal of businesses who need to transfer files securely.” DRM plays an important role in ensuring end-to-end rights, and partnered with the right MFT tool, can secure your assets from anywhere and to anyone – no matter where your files may end up.