If you pay $1.99 to download an ebook for your Kindle, it’s protected by DRM that stops you sharing the contents, and if Amazon wants to, it can revoke the document so you can’t read it any more. Is your company’s current price list protected nearly as well?
With information rights management (often known as enterprise DRM, short for digital rights management), you could make sure that price list was only shared with your customers, blocking them from sending it on to your competitors and automatically blocking it at the end of the quarter when you come out with new prices. Or you could share specifications with several vendors in your supply chain during a bidding process and then block everyone but the winning vendor from opening the document after the contract is finalized. You can make sure that contractors aren’t working from out of date plans by making the old plan expire when there’s an update. Tracking and visibility is useful for compliance as well as security; you could track how many people had opened the latest version of the employee handbook, or see that a document you’d shared with a small team was being actually read by hundreds of people.
Rights management is a mature enterprise technology – versions of it have been in Windows Server since 2003, for example – but while Gartner analyst Mario de Boer notes that “EDRM is more popular than it ever was,” he also says “enterprise-wide deployments are still rare.”
A recent survey by secure collaboration vendor Intralinks found that only 53 percent of enterprises classify information to align with the access controls that are supposed to be protecting it. That’s especially problematic during confidential but time-sensitive processes like mergers and acquisitions; if you’re worried about a deal falling through, it’s tempting to start mailing unprotected Excel files around rather than jumping through hoops to grant access correctly.
That’s probably why one survey of executives involved in M&A by Ansarada (whose Secure Office service is designed for sharing documents during the M&A process) found that 71 percent had suffered data loss. And you don’t have to be the NSA to suffer from insider attacks; early this year U.K. media regulator Ofcom discovered that a former employee had downloaded six years’ worth of data about TV broadcasters before leaving, and promptly offered it to their new employer, a rival broadcaster.
With rights management, Ofcom could have made those documents worthless because once the employee left, they would have lost their rights to open the documents – and they could have been blocked from printing them or copying the contents as well. New data privacy laws like the EU General Data Protection Regulation will make those kinds of losses even more expensive.
Sign up for Computerworld eNewsletters.