Is EDRM the next data-centric protection system?
As workplaces have changed to digital workplaces, companies are now thinking beyond the perimeter and adopting solutions that ensure data and files are persistently protected wherever they travel, including while they are at rest, in transit, or ‘at work’.
In an interview with Rashi Varshney, Vishal Gupta, Founder & Global CEO of an Enterprise Digital Rights Management (EDRM) firm Seclore, shares his insights on why it is business-critical that a robust Enterprise Digital Rights Management solution be a key part of the organization’s collaboration and mobility infrastructure. Readon…
What are the key security trends playing out in the India market today?
Data is an integral part of everyday life in any organization as well as individual customers. Increasingly sophisticated computing solutions combined with the proliferation of connectivity enables enterprises to exchange information extremely quickly. However, as data travels further afield – outside the C-suites or beyond an employee’s desk, protecting it is becoming an important concern for many businesses.
At the same time, with the adoption of cloud-based services and the emergence of new technologies such as IoT, IT systems have become more vulnerable to cyber-attacks. Data breach incidences in such environment mainly occur due to non-compliance with various operational standards.
Against that background, some of the bigger trends playing out in the India market are:
Data Integrity: In today’s big data world, it is important to understand the origin of the data that resides within your organization and to ensure that the data is not manipulated.
Gearing up for the next big technology: The universe of Internet-connected devices is expected to explode in the next few years. The Digital India initiative aims to metamorphose the nation into a digitally-empowered society, that will see the IoT industry boom as people and businesses exploit its full potential.
IoT has matured rapidly, from science-fiction into actual product, services and applications that offer almost unlimited possibilities. As IoT continues its meteoric ascent, the use of machine-to-machine (M2M) data will become key. In such a data-centric environment, the need for strong encryption can’t be understated. The risks have made headlines as hackers have penetrated organizations and stolen sensitive information. The consequences of failing to address vulnerabilities have never been harsher, ranging from business losses to catastrophic business-ending events.
The Mobile Data wave: The popularity of mobile devices and easy access to data is making the use of online services, such as payment gateways, the norm rather than the exception. Although still in its early stages, this new digital ecosystem is evolving fast as new technologies appear and partnerships are formed. The opportunities for an ambitious country like India are frankly phenomenal. However, they also create risks, from security concerns to privacy worries and compliance issues that businesses need to address.
Cyber-security Regulations and Legislation: Security-based conversations around government regulations and legislation are still commonplace near the water cooler and in board rooms. However, we still don’t have stringent legislations and policies in place to effectively tackle cyber threats and privacy issues.
EDRM the next data-centric protection system – For decades, enterprises around the world focused on protecting the perimeter and keeping data within the company. But, with security threats constantly expanding and collaboration beyond the corporate border being the ‘new normal,’ protecting perimeters and devices is no longer proving effective.
Companies are now thinking beyond the perimeter and adopting solutions that ensure data and files are persistently protected wherever they travel, including while they are at rest, in transit, or ‘at work’. This is why more companies are adopting Enterprise Data Rights Management (EDRM) solutions. EDRM offers persistent, granular usage controls that manage, enforce and audit who can access a file, what the recipient can do with the file, from which device/location, and when.
With rise in the culture of enterprise mobility, what kind of security controls, a CIO/ CISO needs to put in place?
With an increase in enterprise mobility and BYOD, organizations are increasingly sharing sensitive enterprise data with outside parties, and these often lie outside traditional perimeters. In today’s hyper-connected marketplace, organization’s cannot afford to say no to enterprise mobility because doing so open them up to severe productivity limitations. What enterprises need is security without borders.
It is important to recognize that most of the sensitive information is what is termed ‘unstructured data’. In practice, that means data that resides in emails, word documents, excel spreadsheets and PowerPoint presentations.
While the number of incidents has risen significantly over the previous year, organizations in the country have ramped up investments to combat the issue.
CIOs need to adopt data-centric security solutions capable of securing their information and mitigate risks wherever those sensitive assets reside and travel.
A growing number of organizations are implementing cloud-based security tools – ranging from analytics to advanced authentication and identity & access management – to manage persistent cyber threats. Both CIOs and CSOs are examining how the newest and most innovative frameworks can improve security and mitigate enterprise risk.
Other solutions include location-based and time-based access controls. These should be device-agnostic and end-to-end monitoring and auditing along with persistent protection and seamless integration with enterprise systems. It is business-critical that a robust Enterprise Digital Rights Management solution be a key part of the organization’s collaboration and mobility infrastructure.
Not only are leaders adopting innovative solutions, but even fundamental security technologies and practices have seen wider acceptance, and organizations have evolved to master the basics. This has improved the security postures of organizations throughout the country.
What are the top concerns of Indian IT decision makers in India?
Potential loss of sensitive data is a top of mind concern, especially in sectors that are mobile-employee heavy. The prevalence of unauthorized, so called “shadow-IT apps,” which means less visibility and governance controls, is another concern. At the same time, these concerns are impeding the authorized use of contemporary technologies that would otherwise help improve overall levels of organizational productivity.
Collaboration, external or internal, is another area that has given ITDM’s (IT Decision Makers) plenty of sleepless nights. For example, file sharing over FTP, from file servers, out of network-attached storage (NAS) and via email means an organization’s information assets are effectively getting stored across a multitude of locations. Gaining and maintaining control over their information assets in real-time and wherever organizational data travels is of paramount importance.
Along with cloud-based systems, technologies such as Big Data and Internet of Things (IoT) are on the rise, and they are throwing up as many (or ever more) cyber challenges as well as opportunities. In the case of Big Data, often considered a cyber liability, organizations are leveraging data-powered analytics to enhance security by shifting it away from perimeter-based defences, and enable organizations to put real-time information to use in ways that create real value.
To mitigate the breach risks tied to the growing use of mobile devices, organizations need to consider extending enterprise digital rights management strategies to mobile platforms.
What are the best practices for the above challenges?
The active use of enterprise digital rights management solutions can be an effective approach to consistently secure information. EDRM is a core element of a “defense in depth” security posture to protect sensitive data. It represents a way to extend security beyond the corporate perimeter to wherever information travels.
To be effective, next-generation enterprise digital rights management solutions must meet a set of enterprise-readiness requirements based on a rich policy lexicon, a set of integrations with complementary controls for automation, ease of use, and operational efficiency.
With external collaboration and the use of multiple sharing methods being the new normal, companies are adopting Enterprise Data Rights Management (EDRM) solutions to achieve new levels of security.