It is becoming increasingly difficult to keep sensitive data secure. As working from anywhere increases, employees now work freely with each other, as well as with contractors and partners. EDRM - Enterprise Digital Rights Management - with real-time encryption helps solve problems.
However, this freedom to collaborate also means that information is shared between devices, applications and networks over which the company does not necessarily have control. Against this background, Lookout, an expert in mobile & cloud security, explains the aspects and benefits of EDRM (Enterprise Digital Rights Management).
Therefore, to ensure data is protected and productivity remains high, organizations need an integrated, cloud-based approach to cybersecurity. While Security Service Edge (SSE) has become the standard, they should be aware that not all SSE approaches are created equal.
What is EDRM – Enterprise Digital Rights Management?
Anyone who has never heard of EDRM may know DRM (Digital Rights Management), digital rights management. DRM is mostly used by film, music, game or other software publishers to allow access only to those who have paid for it.
EDRM has a similar function, with the difference that the purpose is to protect sensitive company data when it leaves a company's sphere of influence. It does this by encrypting data in real time as it travels between users, devices and applications. As part of a broader SSE platform, EDRM operates dynamically, using the context of users, devices, applications and data to make informed decisions based on an organization's privacy policies.
SSE platform with EDRM
Within a comprehensive SSE platform, EDRM is just one of many data protection measures that organizations can take. In almost all cases, they would rely on DLP to first discover and categorize their data across all applications. It then decides what action to take based on input from endpoint security and UEBA. For example, softer restrictions such as masking certain keywords or watermarking documents could be applied.
EDRM comes into play when organizations need to enforce much stricter restrictions and encrypts all data with a unique key per file. By applying cross-platform controls, companies ensure that only the applications and services intended to use the data can decrypt the content. Since the encryption is tied to the metadata of the data, an authorization check is performed every time a user tries to open the data. This means organizations can continuously monitor who has access and set time limits on when someone has access or what types of devices have access.
EDRM imposes strict restrictions
Enforcing data access policies has become increasingly complicated. Today, data is scattered across countless cloud and private applications. At the same time, users are increasingly using personal devices and networks that bypass edge security. EDRM ensures that data boundaries are dynamically determined even as data roams freely.
Three reasons why EDRM is so important
1. Prevention of Data Loss or Exfiltration
At the end of 2020, Pfizer lost 12.000 sensitive documents due to an insider threat. The pharmaceutical company discovered the data exfiltration but could not prevent it. Whether it's malicious downloading or accidental disclosure, EDRM's encryption controls ensure data isn't accessed by unauthorized persons.
2. Legal Compliance
For example, the Health Insurance Portability and Accountability Act (HIPAA) in the United States mandates the protection of data no matter where it resides. Traditionally, organizations have encrypted the internal hard drives of the managed laptops. With EDRM, the encryption stays with the data itself, meaning the data is always protected.
The General Data Protection Regulation (GDPR) imposes restrictions on the export of data to countries outside the EU. With continuous checks of the user, including their geolocation, companies could set a policy that no users outside the EU can decrypt the data.
3. Reduction of risk to third parties
Large companies often rely on third-party vendors, contractors, and partners for various services. Many of them may not have the same security standards. EDRM ensures that only authorized users, within certain parameters, are able to decrypt sensitive information, whether it is financial and customer data or intellectual property.
More at Lookout.com
About Lookout Lookout co-founders John Hering, Kevin Mahaffey, and James Burgess came together in 2007 with the goal of protecting people from the security and privacy risks posed by an increasingly connected world. Even before smartphones were in everyone's pocket, they realized that mobility would have a profound impact on the way we work and live.