Written by Kevin
Why is EDRM Difficult for Enterprises?
For enterprises, file sharing among employees must be integrated with effective security measures to avoid file leakage by internal employees or unauthorized outsiders, whether intentional or accidental. Commonly, encryption has been that key security measure that helped enterprises with secure file sharing; however, it is now considered as insufficient in protecting the files completely. It is critical that multiple and layered security features are put in place, rather than a single layer of encryption. Encryption plays a fundamental role in secure file sharing, but it alone cannot play entire role in secure file sharing.
Achieving the level of security at which most enterprises can feel comfortable and assured while they let employees share confidential files requires encryption and digital rights management (DRM) to protect file confidentiality ‘before and after’ file access. Adopted to enterprise landscape, DRM is often referred to as EDRM or enterprise digital rights management. It has been continuously touted to become the mainstay component in forming the data security architecture for enterprises, due to its ability to protect data on a file level by enforcing detailed and granular restrictions on specific file functionalities that persist even after leaving the secure enterprise premises and being accessed by external individuals.
In theory, EDRM seems like an effective and assured data security solution. However, according to a Gartner report “Market Guide for Information-Centric Endpoint and Mobile Protection,” it has proven to be rather complex for enterprises, regardless of the size and number of employees, to implement and operate EDRM due to the difficulty in scaling EDRM regarding enterprise-wide implementation and operation. Unfortunately, the troublesome complexity downplays the advantages that EDRM brings to enterprises, to the point where they become reluctant in integrating it into their data security architecture.
Modern enterprise landscape is all about data, which are the basis of a countless number of files that are being created, edited, and deleted repeatedly. The nature of operating with a high number of files means that complex EDRM implementation and operation on a file level can be even more challenging. Applying specific and granular controls for file access and usage to individual confidential files is a tough task that requires IT admins to understand EDRM mechanism thoroughly.
To help enterprises easily identify confidential files for selective implementation of EDRM controls, some solutions offer eDiscovery modules that automatically filter out files by matching predefined rules to see if those files contain confidential data. Even though this feature plays a part in streamlining the complex process, the initial stage of determining and defining the rules is just another complex, and even more important task that requires a high level of expertise and lengthy investment of time to get right. All in all, detailed and granular data security controls for confidential files that fall under the predefined rules may seem the right way to go for most enterprises; however, it is simply too complex to do so on a file level in this day and age where employees flooded daily with countless data and files.
Since the EDRM controls are implemented by those who create the files, determining what must be allowed and denied is solely up to the file creators. This may cause the conflict of interest between the two parties, as one party may face hindrance in work productivity. For lessening such complications, EDRM solutions offer adding dynamic controls to grant or revoke more controls to confidential files; however, this action can create a loophole through which confidential files, despite the enforcement of EDRM controls, may be leaked. The complexity that arises from the conflict of interest affects the individuals or groups within not only the same entity but also the external parties, like contractors and agencies with which enterprises cooperate.
File-level data security that persists even after leaving the secure enterprise premise is an appealing proposition of EDRM, and it is perhaps the correct security model that enterprises perhaps should be following. However, the high level of complexity that is apparent from the point of view of both IT admin and file user sides has been making enterprises to think twice before implementing EDRM. Integration of DRM to secure file sharing in and out of enterprises is a must, but doing it more simply and efficiently should be defined to cater to both small and big enterprises.