How Information Rights Management Helps Prevent File Leakage
Information Rights Management (IRM) permissions and controls work at the single document level. Thus, the files remain secure and in the owner's control.
4 September 2014
In our prior blog, we talked about how unsanctioned freemium file sync and share (FSS) services come with hidden costs, particularly for enterprises. These FSS products potentially expose precious or sensitive data to the public if the right security and procedures aren’t in place.
A recent survey of information technology decision makers indicated that 46 percent of the respondents believed their companies were leaking data through the unmanaged use of file sharing products. So what are IT managers to do when faced with cleaning up the “potentially damaging digital detritus” left behind by employees? Certainly, leveraging the cloud is a habit that’s not going to fade anytime soon.
One approach is to embed a file with security and access rights, as Intralinks’ chief technology officer for Europe, Middle East and Africa Richard Anstey writes in the online magazine Information Security Buzz. These controls stay with the file wherever it goes.
Promise of Rights Management Unfulfilled — Until Now?
We’ve had rights management technology for years, but end user adoption has been limited, to say the least. The various plug-ins, downloads and password management tools created friction in the user community. So, although rights management is of particular value to those who prized security, the technology never really saw widespread corporate adoption.
So let’s talk about information rights management (IRM) specifically. This applies protection and access management for the document itself, both in transit and at rest, wherever it goes. The data is encrypted — but we can manage the decryption from a central location.
The rights (such as, you can print, you cannot print, etc.) apply to both Office- and PDF-created documents — but without requiring plug-ins. This means, as Richard explains, IRM may “be the solution required to control the content chaos caused by today’s culture of widespread sharing.”
Protection Down to the Document
The IRM permissions and controls work at the single document level, or for entire predefined classes of documents. Thus, the files remain in the owner’s complete control — even after they’ve slipped outside of the four walls of the enterprise where they originated.
The policies can include sets of criteria, such as user ID, physical location, or device type. The file owner can revoke access privileges remotely, and at will — or create a set expiration date for document access. The technology can also monitor the document activity, and report to the owner how the content is shared or viewed — this capability is a typical regulatory requirement.
IRM may be the best way for more corporations to collaborate freely, but with complete compliance with regulatory and other restrictions.
Marc Songini has worked in the information technology field for more than 16 years. His roles have included those of journalist, analyst, and marketing communications specialist. He admits that when he started out as a cub high tech reporter, Netscape was still rocking the industry with a wondrous new user interface called a “browser.” During his 10 years with International Data Group (IDG), Marc wrote for NetworkWorld and Computerworld, both award-winning magazines. Marc specializes in cloud, enterprise apps, and figuring out the meaning of being human in an automated world.