Many of us use cloud services like Box, Dropbox, Google Drive, and OneDrive to store our files and to share them with colleagues or friends.  But, do you sometimes get a little nervous knowing that your files are out in the open, susceptible to evildoers searching for security vulnerabilities so they can pilfer confidential info?

File-sharing services like the aforementioned have some level of native security built into them, but it’s not enough to fully protect your data once it’s been shared. That’s why digital rights management (DRM) solutions are so important to maintain that balance between information sharing and security.  On one hand, you need to share information to do your job and collaborate with others, but on the other hand, you have to be wary of the inherent risks associated with cloud content-sharing services.

Cloud is sexy but comes with pitfalls

Stolen passwords, account takeovers, insiders with malicious intent, and just plain carelessness are part of the equation when it comes to cloud applications and security breaches.  With the dispersed nature of cloud computing and the proliferation of various device types, it becomes incredibly difficult to manage digital rights when there are so many vectors for bad actors to get at your sensitive data.

All good things start with authorization

The success of a data protection program often hinges on a well-designed strategy, seamless rollout, and rigorous monitoring and enforcement.  Case in point: the role of dynamic authorization.

For those unfamiliar with the term, it’s often the backbone of the most effective DRM solutions out there.  Before you even reach the stage of assigning digital rights to specific files, you would be wise to first use dynamic authorization to determine in real-time whether someone even gets to access a document stored in, say, Box.  User and environmental attributes such as group, department, device type, IP address, and many other factors, provide the granularity and context needed to determine if someone should have access to a particular file.

Hello, encryption . . .

Once authorization has occurred, the next step is to apply automated rights protection.  This is where encryption comes into play.  You can apply digital rights to the files being shared and can control what exact usage permissions the recipient gets to have.  Functions such as Read, Edit, Print, Display Watermark, Download, and Setting Expiration Dates are all possible with DRM solutions.  These rights stay with the file regardless of where those files are located – they could be inside or outside your network or in the cloud.

Ultimately, DRM coupled with dynamic authorization substantially augments the native security of file-sharing services, essentially extending data protection outside the corporate network, even if those files end up in unmanaged (e.g., BYOD) devices.

Follow the file . . .

With rights following the files no matter where the latter goes, it becomes much easier to share files with peace of mind.  This persistent data protection works across multi-tier supply chains, supporting the delegation and tracking of additional sharing (i.e., the original recipient of the file shares it with others).  At the end of the day, you’re essentially protecting your data as it makes its way across multiple repositories and devices.

Cross your T’s and dot your I’s

You obviously want to keep track of where your data is.  A key feature of any DRM system is the ability to monitor document usage irrespective of the file’s location or the device from where it was accessed.  You want to be able to record any unauthorized access attempts as a checkbox item for an effective data governance program.  Of course, you should have the ability to add or remove recipients easily, too.  Many regulations today (HIPAA, SOX, GDPR are a few that come to mind) have specific requirements around data access.  Having a single pane of glass across all your sharing and monitoring activities makes auditing for compliance purposes that much easier.

On-prem needs some love, too

Sometimes it’s easy to forget good ol’ fashioned on-premises repositories.  They’re not quite dead yet in this day of cloud this and cloud that.  Until we reach the point where every single company’s IT systems are completely cloud, a DRM strategy should encompass both on-prem and cloud repositories.  For instance, popular Product Lifecycle Management (PLM) systems like Siemens Teamcenter still have vast installed bases that are deployed on-prem.  It’s not unusual for large enterprises to have a mix of on-prem and cloud repositories for their sensitive data.

For a restful night’s sleep . . .

Solutions exist today that can address all of the above challenges.  If your interest is piqued and you need some more info, check out an easy read on digital rights management and tell us what you think.