Archive
No More Data Loss?
Signs abound that the previously quiet realm of enterprise DRM is now making the must have list for enterprise security system vendors. This promises the potential for enterprises to gain full control of corporate information and data even outside the traditional security environment.
Like anything else in life it often takes a calamity to jumpstart what should have been an obvious requirement in the first instance. After last year’s data loss debacle, many public and private services organisations have had to take a fresh look at how to mitigate the risk associated with data loss. The upshot of this is the recognition of a need for information control even outside traditional corporate security perimeters, a problem that is neatly solved by enterprise DRM solutions as shown in the diagram below.
Although most organisations already have some form of perimeter security mechanisms (e.g. firewalls, data encryption and authentication), many have not bothered too much with the question of what happens if and when information leaves the premises on USB memory sticks or CDRs – a method frequently used by their own employees. However, it all looks set to change now as traditional enterprise security vendors are looking at including this level of control into their offerings.
Diagram showing Traditional Enterprise Security vs. Additional Enterprise DRM
(Source: The World Beyond Digital Rights Management, BCS 2007)
According to an article on DRMwatch, some enterprise content management vendors already recognised the need to control information in this way and acquired relevant companies and products into their portfolios. However, it has taken slightly longer for enterprise security solution vendors, who might be considered a more natural fit, to start integrating this capability into their solutions in order to create a holistic offering that delivers both internal and external control over enterprise data. The hope is that public and private sector organisations will jump on board and buy / implement these solutions with some alacrity, but enterprise customers just like ordinary consumers sometimes do the unexpected. We await further developments with eager anticipation.
——-
Note: This post was previously published on my BCS DRM Blog, where you can find the original post, and reader comments, in the archives.
Missing data: An opportunity for Enterprise DRM?
The recent spate of missing computer discs containing personal details of very many individuals, (first by the HMRC and, more recently, by the DVLA), has crystallised the need for better protection schemes around personal data. This could be a golden opportunity for Enterprise DRM solutions, but how…?
The story so far: Last month saw wide coverage of the fact that two HMRC computer discs, containing some 25 Million user details had been lost in the post; and this month, according to BBC News article, the DVLA also admitted the loss of computer discs, with over 6000 driver details, sent via postal courier services. The common theme seems to be around the transportation of computer records on physical media. In this day and age you might wonder why the data was not simply transferred over some sort of secure network, but that would be too easy. In any case, regardless of transportation method or format, the protection scheme used for such valuable personal information should be both effective and comprehensive enough to prevent unauthorised access / use of protected information. This is where Enterprise DRM solutions could excel for the following reasons:
- Enterprise DRM provides persistent protection for content both within, and outside, traditional corporate security boundaries (i.e. even on missing computer discs)
- It prevents unauthorised access to protected data, and can make it extremely difficult to use or manipulate content without proper authorisation based on positive user identification
- It also has facilities to track and stop further access to, and use of, protected content even ‘in the wild’ so to speak.
Essentially, a properly implemented Enterprise DRM solution would play a significant role in mitigating the risk around misuse of protected data in any future scenarios involving missing discs. However, it can be argued that one obvious weakness would be the complicity of an authorised user in accessing the data, but even that can be easily traced with the built-in forensic capabilities found in some of these solutions. In conclusion therefore, I suspect that these two incidents will help bring home the message that the future of DRM does not lie solely in consumer oriented content or media industries, but that it may also be used to enhance existing security for sensitive content in the enterprise space as well. What do you think?
Judeumeh's Blog 