A major focus at this year’s Gartner Security & Risk Management Summit in National Harbor, MD was on reframing and simplifying security to drive your business, not inhibit it. There was a lot of talk about zero-trust architectures and how they are critical to real security as more of us work from home and the threats to our sensitive data grow exponentially.
One area of concern is how to find and protect sensitive data without impacting how employees, business partners, and customers work. With a hybrid workplace becoming the norm for many, this has taken on a new urgency.
At the Fasoo booth, a lot of people talked about the challenges of combining different technologies to address data security in the cloud, in the office, working at home, and sharing with partners and customers. Companies are looking to consolidate capabilities to fewer tools and focus on more of a platform approach to address their needs. A constant problem is setting different policies in many tools that still focus more on protecting the location of data rather than the data itself.
One executive from a manufacturing company talked about how difficult it is to manage all the systems to protect identity and data in so many places. She has one set of rules for her DLP system that alerts when sensitive documents are shared outside the company. She has another set of policies to govern CASB to manage cloud access. And a third set of policies for partner access to data repositories. But none of them really protect the data since once a user has access, they can do whatever they want with it.
Fasoo Presentation on True Zero Trust
On Wednesday, June 8, 2022, Anthony Juliano, CTO & General Partner of Landmark Ventures; John Herring, President & CEO of Fasoo, Inc.; and Ron Arden, Executive Vice President, CTO, and COO of Fasoo, Inc., presented “Fasoo: Build a True Zero-Trust Data Security Platform“. John talked about the challenges we’ve had in the last few years as people moved to hybrid work and the threats to sensitive data keep growing. Documents have a habit of multiplying and getting into all sorts of places without security that protects the data itself.
Anthony focused on data security platforms (DSP) and Gartner’s research on the need to eliminate the patchwork of silo-specific controls that actually increase risk rather than minimize it. Simpler policy enforcement and unified approaches will prevail as companies choose a DSP with high levels of flexibility that work throughout the entire data lifecycle. This includes eliminating redundant, obsolete, and trivial (ROT) data to minimize the threat surface and simplify protection.
Ron talked about the capabilities of a true zero-trust platform that enables universal control of data at rest, in transit, and especially in use, while continuously validating that a user should have access to that data every time they use it. Rather than focusing on pieces of a solution, the Fasoo Data Security Platform helps organizations discover, classify, manage, protect, share, audit, monitor, and analyze sensitive data. Since the fundamental principle is to protect first by encrypting and controlling the use of the data, it removes many of the concerns of protecting every location the data travels.
Gartner Presentations Reinforce Fasoo Approach
There were a lot of Gartner Analyst presentations that focused on zero-trust, data security, and data security platforms. One session highlighted that “60% of organizations will embrace Zero Trust as a starting point for security by 2025.” Many of the sessions directly reinforced Fasoo’s approach to zero-trust and below are some of the highlights:
Andrew Bales: Outlook for Data Security
Andrew addressed Gartner’s prediction that “By 2025, 30% of organizations will adopt a Data Security Platform (DSP), due to the pent-up demand for higher levels of data security and the rapid increase in product capabilities.” The presentation reviewed the evolution of data security capabilities and their convergence into a centralized platform. Fasoo leads the industry in unstructured data product consolidation with its Zero Trust DSP.
Michael Hoeck: How to Secure Your Data Using Data Security Platforms
Michael identified a category of DSPs that are more narrowly focused on use-case driven needs, in particular for unstructured data, that do a better job than more broad-spectrum platforms. Fasoo’s DSP specifically addresses unstructured data security and privacy use cases.
Neil McDonald: A Pragmatic Approach to Implementing a Zero Trust Security Architecture
Neil highlighted the importance of data encryption at rest and in transit in a zero-trust architecture. Fasoo extends this to control over data in use and is a critical element of evolving security service edge (SSE) architectures, which focus more on security capabilities and less on network connectivity and infrastructure.
Anthony Carpino: Technical Insights: Dark Data, Data Security’s Biggest Miss
Anthony reported that “Dark data could be between 52 to 90% of the data our business stores and know very little about its content including the risk that could be lurking within it.” He identified discovery, classification, auditing, and data protection as key features to shed light on dark data, all of which are core processes in Fasoo’s DSP.
During the course of the summit, a lot of attendees and analysts came to the Fasoo booth to understand how Fasoo’s zero-trust data security can meet security and privacy regulations and protect sensitive data from both internal and external threats.
One IT manager wanted an easy way to protect IP from going out the door when employees left the company and also needed to share sensitive information securely with customers. He liked how the Fasoo Data Security Platform could help with both in one solution.
A number of visitors commented that Fasoo technology is very robust, balances security with usability, and integrates with an organization’s existing infrastructure. A common strategy is to make the technology almost invisible to users unless they try to violate a security policy. I remember one person saying, “I was a little skeptical during your presentation, but convinced once I saw it in action.”
The term data loss prevention or DLP is used throughout the information security industry to mean any technology that can stop users from sending sensitive information outside the corporate network. It can take many forms and can include locking down USB ports on PCs, stopping emails from leaving the company, and preventing documents from moving outside of your firewall. DLP can mean many things to different people.
While DLP can enhance your information security by changing employee behavior, it does so by limiting activities and is dependent on creating adequate policies. It acts to restrict data use, not enable it. Business users need to legitimately share and use information and preventing that can cause problems.
DLP has two main functions, monitoring, and blocking. Many organizations only monitor activity to understand usage patterns. Once they start blocking the movement of information, there are typically a lot of exceptions because people need to get their jobs done. If you are only monitoring data access and movement, you are not protecting the data. You are only aware of a problem after the data has left your organization and already gotten into the wrong hands. If you throttle back blocking to the point where it is primarily monitoring, you have the same situation.
What are some of DLP’s challenges?
DLP’s ability to scan, detect data patterns, and enforce appropriate actions using contextual awareness reduces the risk of losing sensitive data. It depends on policies to govern the movement of information, and those policies can become complex to manage. A lot of companies will monitor and potentially block personally identifiable information (PII), personal health information (PHI), social security numbers, PCI data, and any data that is governed by regulations. You can easily write policies to block this information, but what about all the trade secrets and intellectual property (IP) that really drive your business?
The problem is that most businesses need to share sensitive data with outside people. DLP does not provide any protection in case users have to send confidential information legitimately to a business partner or customer. It cannot protect information once it is outside the organization’s perimeter. This has become more of an issue with remote work becoming the norm for many businesses.
Considering most data leaks originate from trusted insiders who have or had access to sensitive documents, organizations must complement and empower the existing security infrastructure with a zero-trust data security solution that protects data in use persistently.
Add zero-trust data security
By adding context-aware data protection to DLP, you ensure that only authorized people can access sensitive information no matter where it is. The three key areas to consider are:
Encryption – by encrypting the data with centralized security policies, you can extend the monitoring capabilities of DLP. If the information does leave your network, it is always protected and under your control. If an unauthorized person tries to access that information, the protected data will appear as useless bits. This policy can even apply to authorized people who are on the wrong device, or in the wrong place.
Control use of the data – apply a persistent security policy that travels with the data and controls what a user can do with it when they open a file. By limiting editing, copy & paste, or printing, you eliminate sharing data with the wrong people. This can extend to immediately revoking access to files once shared, regardless of location or device.
Monitor and validate use – continuously validating user access to sensitive data is critical since people’s roles change and the data may not be relevant if the person changes jobs or leaves your organization. This ensures you only grant access to sensitive data if and when a user needs it.
Today data is everywhere and continues to grow. I could access a file on my mobile device, move it to the cloud, copy it onto my PC, and then move it into a document repository. Keeping up by managing and monitoring every location and every device is almost impossible. It’s like playing whack-a-mole. You plug one hole and another appears.
You need to expand your thinking on how you protect your data, by locking it at the moment you create it and continuously validating user access. This gives you visibility and control through its entire lifecycle.
Organizations implement traditional perimeter-based security strategies on the assumption that the perimeter is secure inside. Zero trust assumes that no person or device inside or outside of an organization is trusted. It is a system that requires thorough verification of all users, data, and devices, and allows only minimal privileges.
The concept of zero trust is not new. It was suggested in 2010 by analyst John Kindervag of Forrester Research to denote stricter cybersecurity programs and access control within corporations.
Now 12 years later, security experts agree that a zero-trust-based security strategy is needed, not perimeter-based security. The reason is simple. The environment is changing.
Why zero-trust now?
The pandemic-driven transition to a hybrid workplace has become the norm. As telecommuting and remote work becomes common, concerns about perimeter-based security are growing more than ever before. This is because the boundaries of the work environment have become blurred, driven in part by the increased adoption of mobile and cloud services. This will inevitably lead to a security vacuum.
The environment surrounding data security faces a variety of changes, including cyber warfare caused by the conflict between Russia and Ukraine, cyberattacks on companies by hacker groups like Lapsus$, and numerous incidents of corporate data breaches by trusted insiders.
In this environment, it is natural for zero-trust-based solutions to be in the spotlight. It’s the data itself that we need to protect, so we need a data-driven security system that can safely protect our data in a rapidly changing environment.
Zero Trust Data Security
Protecting sensitive data first requires identifying it, classifying or labeling it, and then determining who should have access to it. This requires constant authentication and verification of user identity. Fasoo’s zero-trust approach to safeguarding sensitive unstructured data goes beyond just access controls. It layers three powerful security methods to achieve a strong, proactive first-line defense again external and insider threats.
Adaptive Access Control
Control Data in Use
Cloud misconfigurations, user errors, and work from home environments all expose sensitive files to breaches that access control alone can’t prevent. A true zero-trust approach secures the file at all times – at rest, in transit, and while in use – and continuously monitors user, device, and other contexts to adaptively evaluate access permissions.
The best way to protect a sensitive file is to encrypt it. It ensures files are protected while at rest and in transit no matter the location or network. This sets the foundation for a zero-trust approach on which other safeguards build.
Automatically discover, classify and encrypt sensitive files when created or modified, all transparent to the user. User errors are eliminated and workflows are uninterrupted.
Encryption keys are centrally held and controlled by the company – not by the user, cloud provider, or any other third party. This is increasingly important in hybrid and multi-cloud workplaces as privacy regulations become more proscriptive regarding data residency and access rights.
Encrypted files ensure any exfiltration of sensitive information is safe from misuse. Many privacy regulations exempt encrypted file exfiltration from breach reporting or significantly reduce any fines. It all negates one of the worst risks related to today’s ransomware threats – exploitation of exfiltrated data.
Apply Access Control
User verification is enforced each time the file is accessed and incorporates contextual information about the user and device to dynamically adapt to grant or deny access.
User access to a sensitive document is automatically applied as part of the initial discovery process with presets that are centrally configured and provide flexible and practical settings. Individual users, departments, roles in the organization, and “all internal share” are examples of preset alternatives.
Fasoo enables a range of other elements, including device identity, time of day, and geolocation to be assessed as part of its adaptive zero-trust access approach. This dynamic linking of multiple verification points ensures the highest degree of trust can be enforced for sensitive data.
While centralized control of document access is the default, the platform provides flexibility so that document owners can unilaterally change access, if business needs dictate. This allows those closest to the data to make security decisions without needing to involve security or IT. Continuous monitoring of user behavior reports such exceptions for line manager and compliance team inspection. Such analytics are also applied to continuous monitoring of device and location information.
Control over Data
Insider threats expose a major gap in many declared zero-trust solutions. Once a verified insider gains access to the file, it’s a free pass to use corporate sensitive data. Joiners and leavers in a transient workforce, work from home environments, and supply chain collaboration opens the door for inadvertent or malicious insider data breaches.
True zero-trust requires control over usage as well as access. Forward, cut and paste, copy, print, and screen capture are examples of the many ways insiders can maliciously or unintentionally expose sensitive information to unauthorized parties.
Usage controls must consider the sensitivity of the data, and the context in which it’s being used and enable a wide range of permissions, from restricting actions to watermarking files, to address insider threats.
Fasoo enables a comprehensive set of file permissions to control what authorized users can and can’t do with a document in use. Central pre-set policies can be implemented at the user, department, or organization-wide level as well as by role (all Directors) or project (M&A, Drug Approval).
Proactive control over data usage is essential to a true zero-trust approach.
Talk with us about how Fasoo Data Security will strengthen your zero-trust initiatives.
No matter if your company is an automotive OEM, Tier 1-3 supplier, or a small engineering studio that serves component manufacturers across various industries: all eyes are on you.
The eyes of commercial spies, that is.
Intellectual property (IP) theft, most of it on behalf of China, damages the US economy to the tune of about $500 billion a year, says the FBI. Automotive, aerospace, and other innovation-driven tech companies are bearing the brunt of commercial espionage efforts.
What do the nation-states and competitors behind the IP theft have in common? They all rely on a secret weapon: company insiders.
What is an “insider threat”?
The US government’s National Insider Threat Task Force (NITTF) defines an insider as “any person with authorized access to an organization’s resources to include personnel, facilities, information, equipment, networks, or systems.” This not only includes your employees but contractors, partners, and potentially anyone in your supply chain.
In the vehicle manufacturing sector, most sensitive information is now stored and managed digitally: in the form of CAD drawings, for example, or as digital image files, as Microsoft Office documents, or in various Adobe PDF formats, including PDF/A, PDF/E, or PDF/X.
The dependency on these files makes IP theft by company insiders with access to that information the biggest potential security threat for automotive manufacturers and their suppliers today. Under pressure to innovate and develop startup-like cultures, traditional manufacturers struggle to protect their digital IP without sacrificing productivity.
A key security component in this fight is International Cybersecurity Standard ISO/SAE 21434 which specifies engineering requirements for cybersecurity risk management in the design and development of car electronics. It covers cybersecurity governance and structure, secure engineering throughout the life cycle of the vehicle, and post-production security processes. It covers vehicle manufacturers and their entire supply chain. This standard is becoming more important as the industry moves toward autonomous vehicles.
How does someone become an insider risk? What are the warning signs of potential insider theft? Is your company prepared?
Experts agree: securing unstructured data across the automotive manufacturing supply chain requires a comprehensive approach by Security, IT, HR, Compliance, and Legal. Here’s what they recommend:
1. Raise your organization’s threat awareness.
The battle for the future of mobility is marked by innovation at break-neck speed and tough competition for top performers.
Traditional players find themselves competing with Silicon Valley giants, startups, and nation-state-sponsored groups to recruit and hold on to the best talent. Electric vehicle development, connectivity, battery technology innovation, and the rise of additive manufacturing are changing the industry.
The IP Awareness Assessment, offered by the National Institute of Standards and Technology/Manufacturing Extension Partnership (NIST/MEP), enables affected companies to assess their intellectual property awareness.
Another valuable resource for your internal IP Theft awareness program and training is the National Insider Threat Awareness Month library at the Center for the Development of Security Excellence. It offers guides, real-world case studies, videos, and even web-based games to help organizations detect, deter, and mitigate insider threats.
2. Know the IP theft threatscape.
According to Ponemon Institute research from 2022, 67% of surveyed organizations worldwide reported more than 30 insider-related incidents per year involving digital assets.
In the US and the EU, counterintelligence experts and manufacturing industry security advisers attribute the rise of IP theft mainly to China. Take the Thousand Talents Plan, for example, which was conceived by the Chinese Communist Party.
Officially, TTP is a recruitment program for up-and-coming scientists and engineers to experience China and work side-by-side with their Chinese peers. In reality, it now serves as a vehicle for a state-sponsored IP theft campaign on a global scale, with more than 140 recruitment stations set up in the US alone.
Social media and business networking platforms (LinkedIn, for example) are increasingly used to identify and target company insiders for later exploitation.
To keep you abreast of recent developments and emerging threats, the FBI provides IP theft prevention resources on its website and sends out email alerts.
3. Identify what’s most at risk of IP theft in your organization.
Unstructured data such as CAD/CAE files, digital images, and confidential sales or legal PDF documents contain your organization’s most valuable intellectual property and blueprints for its future. Yet IT and Security face a unique challenge in protecting it against IP theft.
How to secure these files across the enterprise and along its diverse supply chain? IP protection at the document level often requires that the information rights management service supports all industry-relevant CAD applications.
Your teams may currently use mainly one or two such tools. But this can change quickly due to new requirements. Effective information rights management in this dynamic environment makes support for tools such as AutoCAD, CATIA, PTC Creo, Siemens NX-CAD, or SolidWorks essential.
PDF file formats are another example. Does the information protection software cover the broadest possible range of documents? Support for at least 200 file formats is considered the bare minimum in a globally integrated enterprise environment.
4. Determine who’s posing an insider threat.
As paradoxical as it may sound, this question is the easiest to answer. Experts will tell you that any executive and rank-and-file employee, contractor, or temp with access to sensitive information is potentially a risk. This includes external business partners and is made even worse by so many people working remotely or from home.
Security professionals differentiate between malicious, negligent, and compromised insiders. The lines between these categories are blurry. Common scenarios resulting in the loss or theft of proprietary information that involves negligent or compromised insiders:
working from home on unsecured WiFi on unmanaged compromised devices with remote access to critical company IP.
All of these examples can result in exfiltrated CAD files, office documents, or process information. IT can minimize the risk of unintentional IP exfiltration by controlling access to proprietary information at the file level and limiting or blocking possible ways of sharing, such as copying, printing, or taking screenshots.
5. Prevent the #1 IP theft scenario.
What about the malicious insiders? In the manufacturing sector, who are the real-life spies?
Let’s forget about James Bond and his Minox camera for a moment. Instead, let’s focus on Jill with a smartphone and money problems. Joe in R&D may fancy making VP at a competitor. Then there’s Jim, the work-from-home (WFH) contract engineer who just got an invite to visit China, all expenses paid, courtesy of the Thousand Talents program.
That last case reminded us that the risk of IP theft is highest when employees leave. In more than 50% of documented IP theft, the perpetrators are employees who quit and take proprietary information with them.
This happens simply because they could. Nothing got in the way.
A design engineer, for instance, may store critical CAD drawings on a private hard disk or personal cloud storage “just in case” and later use them when interviewing with the competition.
IT and other stakeholders need a mechanism that makes it simple to centrally disable access to sensitive documents for a departing employee at the file level, even if that file now resides on an unmanaged work-from-home laptop.
6. Establish or expand your threat intelligence program.
Managing IP theft risk in 2022 requires more than cursory reference checks or LinkedIn profile once-overs for potential hires.
Smaller companies can outsource their pre-hire background checks to background investigation specialists and threat intelligence firms. Large manufacturers may expand their internal open-source intelligence (OSINT) collection capabilities.
This enables investigators and SOC analysts to examine, for example, dark web marketplaces for suspicious data movements.
7. Monitor to identify insider threat warning signs.
What are the indicators of insider threats that may culminate in IP theft? Behavioral and personality changes can be early warning signs, experts say. Financial problems, a drop in performance, or a sudden interest in files outside the employee’s work scope are indicators as well.
To catch such telltale signs early on, the software selected to secure and manage proprietary information should include the capability to flag suspicious files and user activities. Do they indicate sufficient risk for intervention by business management?
This approach allows the system to establish baseline behavioral patterns and help determine suspicious activities.
Fasoo’s RiskView, for example, provides such UEBA protection for sensitive files. For IT, it serves as an early warning system against infractions by users even with sufficient inside knowledge to bypass other security controls and methods.
8. Choose productivity over paranoia.
Under pressure to innovate and develop startup-like cultures, traditional manufacturers struggle to protect their digital IP without sacrificing productivity.
An overly rigid and inflexible approach to IP protection risks slowing down workflows and alienating top performers.
It also introduces additional risks. A typical example is team members who develop “creative” workarounds to access or share sensitive proprietary information they need to get the job done.
DRM (also referred to as Information Rights Management, IRM) today is at the heart of many enterprise-wide initiatives to prevent intellectual property theft or unintentional digital IP leakage.
How to solve the IP Theft Protection vs. Productivity conundrum? Enterprise IT leaders emphasize the importance of carefully selecting an enterprise DRM software that is flexible and fast at scale.
9. Put manageability and flexibility first.
Can we really expect data owners to become security experts when managing document-level protection for the files they oversee?
We shouldn’t. But that’s what happens, IT says, when the company deploys the kind of information protection service that was developed almost as an afterthought to popular office software and design tools.
Many IT leaders have determined such rights management services are too limited for the use cases in their enterprise-wide deployment. They are also cumbersome to manage and use on the ground.
Exception management is a prime example. How do you give everyone on the team who needs it fast and uncomplicated access to critical IP while ensuring that it doesn’t fall into the wrong hands?
An effective DRM solution simplifies and accelerates the process of obtaining exemptions from file access and management restrictions. A user’s legitimate exception request should not increase IT’s workload, be held up by slow support desk response times, or get forgotten in the system once it has been granted.
10. Select DRM that enables centralized policy and visibility
Opportunity makes thieves, as highlighted in Tip # 5. Eliminate the opportunity for digital IP theft with DRM. Protect your IP from the onboarding through the offboarding process, including all user activities on your network in between.
Centralized policy management empowers IT and management to conveniently set and change data-centric and user-centric document use policies at-a-glance.
The past three years have seen a significant uptick in companies looking to deploy EDRM to prevent IP theft. Industry observers attribute this trend primarily to three factors:
the rising threat of IP theft by corporate insiders,
Microsoft now supports its rights management in Azure, on Apple’s iOS, and on Google’s Android,
the pressure to protect intellectual property accessed by remote workers, often on unmanaged home networks and devices.
Fasoo Enterprise DRM’s authentication APIs, for example, supports numerous 3rd party, federated, and proprietary authentication systems. In the enterprise environment with its hybrid mix of on-premises, cloud, and WFH digital assets and devices, this means less headache for IT when securing remote access.
This way, IT can quickly adapt your document use policies to fit remote work scenarios. It also means that when your company shuts off access to an employee for good, it doesn’t run the risk anymore that a critical resource gets overlooked.
Fasoo Enterprise DRM’s encryption renders protected files useless for the former employee and other unauthorized 3rd parties.
Talk to our team about how Fasoo Enterprise DRM will complement and strengthen your insider risk program.
This post was originally published in March 2021 and has been updated for accuracy and comprehensiveness.
Corporate data is the lifeblood of business and because of remote work and constant competitive pressures, it is more vulnerable than ever. Protecting that data while still making it available to those who need it is why many organizations are turning to Enterprise Digital Rights Management (EDRM).
Information security, privacy, regulatory compliance, and data governance requirements drive how we manage corporate data. Business requires us to share sensitive information with employees, contractors, business partners, and customers, but we need a way to do it securely without impacting everyone’s productivity.
The realities of today mean that many of us may work from any location at any time, using any device. Outsourced functions range from finance and human resources (HR) to design and manufacturing. If you outsource manufacturing or finance to a third party, how do you define your corporate boundary for data, since your sensitive information is in the hands of a business partner? Add to this the real threat of external hackers and insider threats from employees, contractors, and the third parties you use for key business functions.
How do you protect the most important information in your business?
Here are 5 reasons why you should seriously consider Enterprise DRM as part of your information security, data governance, and compliance strategy.
Protect Your Intellectual Property
Intellectual property (IP) is a critical asset for your business. It lets you create unique products and services that drive revenue. It differentiates you from the competition and keeps your customers coming back. If this information accidentally or deliberately leaks, you can suffer financial loss and possibly go out of business.
EDRM protects your intellectual property from unauthorized access and controls what an authorized user can do with it. You can grant or block a user’s ability to view, edit, print, copy, and even take a screen capture of the information. You can control derivatives of documents since people share IP in PDF or other common formats with both internal and external recipients. Since you have a complete audit trail of user and document activity, you know if someone accessed the documents inside or outside your network. You can also revoke access or change permissions after you distribute a document if the sensitivity of the information changes or those who should have access to it.
Protect Customer Data
Any business that deals with personal information or takes credit cards must protect it from unauthorized access. Regulations such as GDPR, CCPA, HIPAA, PCI DSS, and other numerous laws mandate that third-party data is under strict control and only authorized people can access it. Violations can result in hefty fines and cause major legal and business problems.
EDRM controls how employees, contractors, and business partners use this sensitive information. It can prevent sharing the data with unauthorized users by controlling access, screen captures, and adding visible watermarks to both printed documents and those viewed on a screen or mobile device. Since third-party data typically has a shelf life, you can limit access to a specific time and revoke access to any distributed files immediately, regardless of location.
Protect Your Customer’s Intellectual Property
You may also be a steward of your customer’s intellectual property. Manufacturing and business services organizations commonly have sensitive designs or client data that is worth stealing. An organization’s supply chain can be the weakest link in its security which makes it an easy target for hackers and trusted insiders. Your customers trust you with keeping their intellectual property safe and out of the hands of their competitors.
Enterprise DRM protects your customer’s intellectual property from unauthorized access. You can automatically encrypt and assign access controls to sensitive documents as you save them. If different groups use this information, you can easily limit access based on projects or customers. If an employee working with one customer’s data accidentally shares it with another customer, you are protected since only authorized users can see and use the data. This provides built-in safeguards for those people working on multiple projects.
Protect Employee Privacy
HR, Finance, and other departments have a lot of sensitive employee data, including social security and insurance numbers, health information, salary data, and the results of drug tests or criminal background checks. Controlling its access and distribution is part of the social and legal compact any employee has with her or his employer.
Enterprise digital rights management can limit access to private information by controlling the users and groups that can see it. You can control access dynamically through your identity access management (IAM) system so that as roles change in your company, so do access rights. For information you share with outside service providers, you can provide read-only copies that you can revoke at any time. Only recipients granted access can see the data, so your employees and outside providers can’t share the data with unauthorized users.
Provide Audit Trails
Regulatory compliance is a requirement for many businesses to prove they can manage critical information in a way that ensures chain of custody and proof that only authorized users had access. Compliance is not just a matter of the law but is generally considered good business practice. Compliant companies can prove they take information security and governance seriously and can use this as a selling point to their customers.
Enterprise digital rights management provides an audit trail of all user and file activities to ensure a chain of custody of information for electronic discovery and proves that only authorized users have access to sensitive data. This helps your organization understand the flow of important information and simplifies eDiscovery in the event of litigation. Since many regulations require you to prove to a regulator that you meet their requirements for protecting privacy, audit trails are easily available in downloadable reports.
Enterprise DRM can help you meet information security, regulatory compliance, and data governance objectives, ensure privacy and protect the digital assets of your company. It is the best way to protect your most important business information and get a good night’s sleep.
What good is a secure island if you’re left stranded? Former Secure Islands customers want to know, since their data protection software has finally reached end-of-life support after the company was acquired by Microsoft a few years back. The good news: they have more options than they may have thought.
As a startup, Secure Islands Technologies Ltd. was a success story. Not so much for some of its early customers, we hear.
Two brothers, Aki and Yuval Eldar, founded Secure Islands in 2006 in Jerusalem. Microsoft acquired the company for $150 million in 2015 and made its technology an essential building block for Microsoft’s Azure Information Protection (AIP, part of the Microsoft Information Protection framework MIP). Six years later, to Secure Islands customers who decided AIP wasn’t for them, it may seem as if they are stuck.
So far, so predictable. As far as startup exits go, you’ve heard the stories. The outcome can be ugly: early customers are left holding the bag, with nowhere to turn. It can also be a blessing in disguise: for example, when IT discovers alternatives that show how far a technology has come elsewhere since its nascent stage.
Such happy endings happen. Take enterprise-level Digital Information Rights Management (DRM), for example. Also referred to as Information Rights Management (IRM) sometimes, it has come a long way since the aughts. This development is good news for organizations looking for AIP alternatives.
No happy endings on security islands
Information protection solutions of the past were difficult to deploy and scale. Workflows slowed down. Productivity suffered. That said, today, we see a different picture. The success of solutions such as Fasoo Enterprise DRM triggered a resurgence of the category, primarily for three reasons:
Mature Enterprise DRM solutions ensure comprehensive data protection that extends far beyond one or two document ecosystems.
Centralized policy management and control beats having to deputize (and train) your end users as security experts.
AIP uses Secure Islands technology to categorize documents, which can result in certain limitations. Depending on a company’s Microsoft licensing level, users may have to manually label the documents they import or create and decide what protection and permissions to assign.
Another issue in these industries is AIP’s lack of SDKs to facilitate integration with iManage and other Enterprise Content Management (ECM) platforms. In organizations that need to encrypt files across thousands of file-sharing folders and subfolders, this means they would have to apply an AIP label to each manually just for simple encryption.
Fasoo Enterprise DRM represents a different, “file-centric, people-centric” approach that enables organizations to preserve and support proven and efficient workflows. Policies defined by IT automatically determine at the point of creation who can access a protected document and how. Exceptions are handled flexibly and “on the fly”, for example by granting a provisional permission on a temporary basis.
Document protection in the cloud requires a mature enterprise DRM solution.
Cloud collaboration plays an important role in selecting an enterprise DRM solution. Companies now looking for alternatives to AIP are clear about this point: they want document protection that travels with the file and doesn’t end at their organization’s IT perimeter.
Their old information protection technology was devised years ago, with no consideration yet for the cloud. One consequence is that it can only protect sensitive documents on a computer or mobile device. Once the file is uploaded to the cloud outside the Microsoft ecosystem, document protection is lost.
In contrast, Fasoo Enterprise DRM ensures that persistent security remains with documents, pictures, audio, video, and 3D CAD drawings regardless of their location, whether in the cloud or on a flash drive. Senders can set a validity period or revoke access immediately, even after distribution. The organization remains in control of sensitive files at rest, in use, and in motion – no matter where they may end up.
Worried about your document protection getting stuck on a security island? In summary, these three rules will help you not to miss the boat:
1. Document protection worth its name requires properly protecting all confidential documents that need protecting, not just those preferred by one solution vendor. 2. If “automatic labeling” was the promise, you’ll hate seeing it turn into manual labor over a few hundred or thousand file-sharing folders. 3. No company is a secure island; the cloud is real, and so is the need for document protection in the cloud.
How can you protect CAD files against IP theft, data leakage, and tampering? In 2022, securing confidential data along the supply chain, end-to-end, is paramount.
Manufacturing companies face growing pressure to better shield their trade secrets from prying eyes. Since the beginning of the coronavirus pandemic, they have been hit by a wave of intellectual property (IP) theft by insiders, cyber attacks, and data leaks caused by negligence.
In particular, instances of engineers copying critical CAD drawings on flash drives on their way out the door have increased dramatically. Among the victims are automotive, aerospace, defense, and semiconductor companies.
CAD/CAM/CAE files often contain the most valuable know-how in these industries. They hold the key to the company’s future – or to that of a competitor, if outsiders get hold of the data. That’s why more manufacturers now adopt Enterprise Digital Rights Management (Enterprise DRM) for end-to-end document protection. So what does it actually look like to protect CAD files from the engineer’s perspective?
CAD file password protection is for victims
CAD file password protection can be guessed or cracked. Data Loss Prevention (DLP) tools provide only limited protection. Enterprise DRM, on the other hand, provides an alternative. Based on a data-centric security model and strong FIPS 140-2 encryption, it is the key to a viable Zero Trust strategy.
Let’s take the automotive industry, for example. Many companies in the mobility sector realize the need to secure their CAD drawings and other unstructured data properly. The wide variety of CAD tools and file formats used across various companies in the supply chain poses a major challenge.
A viable solution protects Catia, Creo, or Siemens NX drawings, plus Solidworks, SolidEdge, JT, 3D-PDF, or STEP files, among many others, depending on the use case. Their quest for effective and gapless document protection leads many companies to Fasoo Enterprise DRM, which covers more than 230 applications and document formats. This means the company can encrypt, control, and track its sensitive data – no matter where it goes or who handles it.
How to protect CAD drawings without productivity loss?
These capabilities are now crucial in the automotive sector, where information security teams were hit by a triple whammy during the pandemic:
Remote work and unmanaged devices have created blind spots for IT and increased insider risks. In addition, remote access vulnerabilities like misconfigured VPNs and spotty endpoint security make it easier for outside attackers to penetrate corporate networks, often through supply chain partners.
In the automotive industry, the “great reset” – the shift to development and production of “intelligent” electric vehicles (EV) – is coinciding with the “great resignation”. Companies struggle with higher turnover rates among their top talent, including senior engineers who join competitors.
IT in manufacturing companies is particularly impacted by both developments. The coronavirus crisis exacerbated personnel shortages in this sector. In many organizations, this development has increased the vulnerability to data theft and leaks. Critical software patches, for example, are often postponed or missed altogether.
As a result, companies take additional measures to secure their CAD drawings. One concern IT has to deal with is: How will the new CAD file protection impact workflows in the engineering department?
CAD file protection without gaps or friction
In organizations that deploy Fasoo Enterprise DRM, such concerns are quickly alleviated. Let’s look at a leading automotive components supplier, for example.
Brake caliper (red)
Here’s what happens when a design engineer opens and modifies a Fasoo-protected 3D CAD drawing of a brake caliper:
The engineer finds and clicks the CAD file in the company’s Product Lifecycle Management (PLM) system. This is also where related data sets, such as process information, are stored and maintained. This system is shared by the company’s tech centers on several continents.
This particular document opens in CATIA, the tool it was created with. Like all files containing confidential IP, it was automatically encrypted by Fasoo at the point of creation, with specific permissions assigned to a limited group of authorized users. As a senior member of the development team, our engineer can download, view, and modify the file.
The senior engineer reviews the CAD drawing and discovers a possible improvement opportunity that would make the caliper piston more efficient. To be sure it hasn’t been incorporated before and abandoned, the user runs and downloads a report from the PLM that includes updates and revisions of related documents. Fasoo automatically encrypts this report as it is downloaded to the engineer’s computer.
In the next step, our user saves an excerpt of the 3D geometry as a PDF file to email to one of the company’s outside engineering consultants for discussion. Because security policies automatically apply to file derivatives protected with Fasoo Enterprise DRM, the new file inherits the security of the original file. The senior engineer then manually grants temporary access to the engineering consultant, who now can view and annotate the PDF before submitting a formal quote for this project.
Throughout the process, Fasoo Enterprise DRM secures the CAD file and its derivative at rest, in transit, and in motion. Equally protected is all associated unstructured data, such as Microsoft Office, images, or PDF documents. Security policies are centrally managed and travel with the file.
An audit trail of document activities provides granular insight into how each CAD file and related documents are accessed during this process. This includes unauthorized access attempts. Seamless integration with the automotive company’s knowledge management system and flexible policy management ensure a frictionless user experience for engineering teams – no IT intervention required.
Do you have questions about protecting CAD files and workflows with Enterprise DRM?
Contact us here.
Which blog posts about document security and protection attracted the most visitors to the Fasoo website in 2021?
Let’s face it: the ins and outs of Digital Rights Management (DRM) in the enterprise don’t exactly make for blog topics that get most people’s juices flowing.
The good news is that content that draws on the insights shared by Fasoo’s longtime, recent, and not-yet customers can overcome this hurdle. Readers interested in Enterprise DRM clearly prefer blog posts that answer relevant questions and provide hands-on advice for IT decision-makers and their teams.
Which Fasoo blog posts hit a nerve in 2021? These were the Top 5:
# 5: Your questions about Fasoo Enterprise DRM vs. Microsoft AIP, answered
“How does Fasoo Enterprise DRM (Fasoo EDRM) compare to Microsoft Azure Information Protection (AIP)?” In one version or another, this was one of the most frequently asked questions the Fasoo team had to answer in 2021.
It’s a tricky one. After all, Microsoft AIP was developed primarily with the document ecosystem of Microsoft Office plus a few third-party file formats in mind. Fasoo DRM, on the other hand, provides document protection at scale and for more than 200 file formats in large organizations and along their supply chain.
Photo sources: Dreamstime / Ford
So can you compare the two at all? We tried. Let’s just say minivans keep us moving, but for serious business, you may want to consider a super-duty truck.
It seems like many readers have been looking for answers to EDRM-vs.-AIP-related questions. Did you miss the post?
How can you protect digital assets against intellectual property (IP) theft? Without adequate – data-centric – protection, trade secrets can end up with a competitor or a foreign government in a matter of minutes, even seconds: on a USB device, say, or uploaded to a personal cloud storage account from an unmanaged remote work laptop.
And they do. 2021 was marked by the “Great Reset” in the automotive industry. Employees working from home or leaving for a competitor (or both) posed the biggest threat to their company’s proprietary information. How to prevent intellectual property theft in the automotive sector? Many blog visitors turned to our 10-step guide here:
Enterprise-level DRM can be confusing. The – often niche-specific – solutions of the past were expensive, complex to deploy, and difficult to scale. As a result, IT teams weren’t exactly gung-ho about exploring today’s DRM-based information protection.
This has changed. Enterprise DRM solutions have come a long way, which has caused a resurgence of the category and considerable change in perceptions. In 2021, this trend had more IT professionals asking about specifics.
So we dedicated 2021 to cutting through the fog of related terms and acronyms for this growing audience. A timely decision, judging by our blog traffic numbers. The Enterprise DRM Glossary became the 3rd-most frequented post of 2021:
You would think that 28 years after Adobe first introduced its platform-independent “secure” PDF file format, all related document protection questions should be settled. Far from it, as you may know.
Yet PDF files are making up a large share of unstructured business data. Do you know how well all your sensitive PDFs are protected? If the answer is no, consider yourself in good company.
According to a 2021 report, researchers who analyzed publicly accessible PDF files of 75 government security agencies identified only seven that had removed sensitive information before publishing. Ouch.
This data point doesn’t make you feel better? In that case, the # 2 on our Top-5 list of document protection blog posts provides relief. It gives a hands-on introduction to various approaches to securing PDF documents against unauthorized access, including editing, printing, copying, or screenshots:
And the winner is… Boasting not one, but two industry acronyms in the headline, the chart-topper on this Top 5 list defied headline writing best practices and search engine odds in 2021.
DRM and DLP – Data Loss Protection – both aim to protect sensitive documents against leakage and exfiltration. They are frequently weighed against each other, but that doesn’t explain why this blog post piqued that much curiosity.
Maybe it’s because it fundamentally questioned the traditional “either/or” perspective? If you haven’t read it yet, you can find it here:
Gartner predicted that roughly 50 % of knowledge workers worldwide should be logging in remotely by now. More remote work puts more sensitive data at risk, which increasingly also impacts manufacturing companies. Check out the following ten tips to ramp up your document protection program in 2022.
Quick question: What do automated ransomware campaigns conducted by external attackers have in common with data theft committed by corporate insiders?
Both target sensitive data, since more ransomware attacks begin with stealing confidential documents for extortion or sale on the dark web before encrypting the victim’s data.
Both increasingly exploit work-from-home data security weaknesses.
Examples of the latter include unsecured WiFi networks, unmanaged devices, and endpoint vulnerabilities. At the same time, IT lacks visibility into the online activities of remote employees and contractors.
In a nutshell, this example shows how remote work has become the primary source of risk to digital assets in the enterprise. Now the Omicron variant is pushing even more organizations (back) into remote or hybrid work arrangements.
Additional factors exacerbate the crisis going into 2022. The automotive industry and its supply chains feel the impact. Key employees leverage the “Great Reset” in the industry and leave to join competitors, sometimes taking trade secrets with them. IT teams struggle with staff shortages and often only learn about what happened when it’s too late.
Does this sound familiar?
10 tips to boost your remote work document protection
Get ready for 2022 with our ten tips on how to protect unstructured data in remote work settings:
Identify the threat.
Beware intellectual property theft by insiders. In more than 50 % of documented IP theft cases, the perpetrators were current or former employees or contractors. In addition, when external attackers exfiltrate sensitive information, employee negligence often plays a role.
Identify what’s most at risk.
In most innovation-driven companies, trade secrets are stored in the form of unstructured data. Think confidential Microsoft Office documents, CAD/CAE files, digital images, or PDFs. They come in various (legacy) formats and are often scattered across the organization and along its supply chain. Securing them will be an uphill battle, especially in remote work environments, without the right strategy.
Identify your data protection strategy.
The push into remote and hybrid work environments requires a comprehensive approach to data protection, rather than merely a mix of device-centric endpoint and data loss prevention (DLP) solutions. Recognizing this, more technology companies are adopting a data-centric security model.
With sensitive documents, this means they remain protected regardless of where a file resides or with whom it is shared. The data-centric model ensures document protection independently of networks, servers, locations, and devices, such as unmanaged home office printers.
Protect data throughout its lifecycle.
Digital Right Management (DRM, sometimes also referred to as Information Rights Management, IRM) is based on the data-centric security model at the core of any Zero Trust strategy. Fasoo Enterprise DRM (EDRM) enables organizations to persistently protect, control and track sensitive documents at rest, in transit, and in use. Encryption, flexible policies, and granular controls govern how and by whom a file can be viewed, edited, printed, and shared within the organization’s IT perimeter and outside – like in the home office.
Protect sensitive files without exceptions.
Does the Enterprise DRM solution you’re evaluating support all industry-relevant CAD and CAE applications? In the automotive industry, support for tools such as AutoCAD, CATIA, or PTC Creo (and many more) and a broad range of PDF file formats is considered essential to ensure future-proof document protection.
Protect workflows and productivity.
Some information protection solutions lack centralized policy management. This shortcoming is known to slow down workflows to a trickle, especially when remote contributors are involved. Fasoo combines central control options with flexible exception management. Exception approval for accessing particular documents from the home office, for example, can be delegated to managers or coworkers instead of waiting for IT.
Control confidential data wherever it goes.
A supplier’s design engineer working from home is requesting remote access to sensitive documents? With Enterprise DRM, it’s just another day in the office. Gartner analysts describe DRM as “one of the only mechanisms for retaining control of unstructured data transferred to business partners in secure collaboration scenarios.”
Fasoo takes a printer-agnostic approach to secure printing. This approach eliminates most challenges that commonly arise in remote work environments with home printers or print drivers. It enables data owners to centrally set and manage print rules for printing on-premises or remotely and watermark unauthorized printouts. Fasoo Smart Print also lets you set print protection policies for plain documents not secured by EDRM.
Control the screen.
Concerned about a remote team member capturing sensitive data on a screen during an internal Zoom or Skype call presentation? Enterprise DRM provides a screen security component, Fasoo Smart Screen, enabling IT to block and monitor screen capture attempts. For deterrence, it can also imprint documents with a watermark that contains tell-tale user-specific information.
Control data without alienating workers.
Fasoo’s centralized policy management enables flexible, people-centric document protection across organizational boundaries. Everyone who needs to can keep tabs on documents’ whereabouts and protection status, without risking privacy complaints and lawsuits from home office workers. Fasoo Enterprise DRM integrates with all leading federated authentication services, enabling IT to automatically revoke access to EDRM-protected documents once an employee leaves.
Contact the Fasoo team and find out how others in your industry deploy Enterprise DRM in remote and hybrid work environments.
Remote work is putting sensitive data at risk. That we can all agree on. Traditional endpoint protection frequently fails. So what about stronger surveillance of remote employees at home?
Let’s monitor the heck out of them, shall we?
That seems to be the approach of some financial services firms whose remote workers handle sensitive financial data and Personally Identifiable Information (PII). Is remote work surveillance a good idea?
Perhaps, if your organization is craving attention – from the Washington Post, for example – for all the wrong reasons: privacy concerns, lawsuits, alienated employees and contractors.
“Excessive surveillance,” writes ZD Net’s Owen Hughes, “is having profoundly negative effects on the workforce.”
But does it work?
Why monitor employees at home?
You see, that’s the other catch: it may not be worth the effort and expenses. Digital surveillance, warns Tech Target’s ComputerWeekly (UK), may “increase enterprise risk” by “forcing remote workers towards shadow IT.”
In short, excessive work-from-home surveillance doesn’t only erode trust and productivity. It also results in weaker data protection and employees leaving for the competition.
What’s not to love? Perhaps you agree: pretty much everything, if you value your employees and work culture.
The tips below favor a non-creepy approach that is more sustainable:
5 data protection tips for maintaining trust in the Zero Trust era
Fasoo’s data-centric security model maximizes document protection – not the surveillance of the people handling them from home. Fasoo enables IT to secure and keep tabs on sensitive unstructured data throughout the document lifecycle, instead of putting employees and contractors under home office surveillance.
Stay vigilant; keep watching.
Fasoo Enterprise DRM lets your organization automatically assign file protection without user intervention at the point of creation. Encryption and policies keep the document secured even when it is shared outside the organization by mistake.
Efficient document protection with Fasoo enables your organization to continuously monitor, log, and flexibly change who’s accessing confidential files and how.
Turn your employees’ bedroom nooks into secure print stations.
What would it take, aside from nationwide lease, maintenance, and insurance contracts? The kids giving up their bedroom? A two-camera surveillance system?
Or, less creepy: You deploy Fasoo Smart Print as your organization’s remote network of monitored print stations. Regardless of which physical or virtual printer is used – including the old inkjet in the bedroom nook – IT remains fully in control.
A granular audit trail includes the text or image of the actual printed content. It ensures visibility into all print activities that involve EDRM-secured documents.
Intervene when they take a snapshot.
How do you keep remote employees, in the privacy of their home, from using the Print Screen key, screenshots, or a smartphone to take pictures of confidential information?
Install more spyware and observation cameras? Think about the possible impact on your workforce retention rate in the “great resignation” era.
Here’s a less heavy-handed approach that’s more efficient than excessive remote work surveillance. Deploy Smart Screen, Fasoo’s on-screen document protection. It enables IT to block and monitor screen capture attempts. Administrators can monitor all screen capture attempts and even view an image of the targeted areas.
It may be impossible to keep a determined person from taking photos with a smartphone or camera outside a high-security office area or designated data room. That’s why effective deterrence is essential. Fasoo Smart Screen enables admins to imprint sensitive documents with a visible “smart” watermark that contains tell-tale user-specific information.
DLP aims to prevent data exfiltration, but files can still make it beyond your organization’s IT perimeter: on a USB stick, for instance, or via a personal cloud storage account.
With Fasoo Enterprise DRM, encryption and policy settings apply regardless of where the document lands and prevent unauthorized access. A confidential file remains protected even in the wrong hands.
Always and immediately involve higher-ups, IT, and HR…
…when (former) employees attempt to access specific documents. Sounds ridiculous, right?
Well, that’s because it is. Yet, some Information Rights Management (IRM) solutions expect data owners to relinquish control over individual documents to a degree that poses challenges for organizations with many users and constantly changing roles.
Workflows become work trickles. People find shortcuts. Overall data security suffers.
Fasoo’s centralized policy management capabilities allow for flexible, people-centric exception handling. It integrates with all leading federated authentication systems, minimizing risk when employees change departments or leave the company.
This approach ensures that everyone who needs to be is in the loop about a file’s security – the document creator, supervisors, IT, and HR. No home office surveillance required.
Zero Trust makes sense. Until it doesn’t.
Would you make Zero Trust your People & Culture or HR slogan? Let’s face it: You need a Zero Trust strategy to secure your data. As a tagline for your work culture, on the other hand, it would be a less than ideal pick.
With Fasoo Enterprise DRM, you don’t have to sacrifice trust and productivity by setting up remote work surveillance bridgeheads in your employees’ homes.
As a cornerstone of your Zero Trust strategy, Fasoo empowers your organization to maintain its work culture and trust within the team while still ensuring maximum data protection.
Mergers and acquisition (M&A) activities pose major document protection challenges for all parties involved. Leaked or stolen data has caused bidding wars, broken deals, cost millions of dollars in damages, and ruined reputations. How can M&A teams ensure maximum document security without impeding productivity?
Merger and acquisition teams typically range in size from a handful of members in smaller or medium-sized organizations to several hundred internal contributors at enterprise scale. That’s on the buyer’s side as well as on the seller’s teams and includes investment banks or Private Equity (PE) firms.
This headcount, however, doesn’t yet include external contributors. Think research analysts, M&A advisories, outside legal counsel, data protection and privacy compliance consultants, and IT integration specialists. Most of them are involved at one stage or another of the M&A process.
Since the beginning of the COVID-19 pandemic, many internal and external M&A team members have accessed sensitive documents from their home offices. On tight deadlines, they collect, create, review, edit, and share sensitive data that can make or break a deal – or kill it, if that data falls into the wrong hands.
M&A activities at an all-time high – and deal leaks, too
The shift to remote and hybrid work is a powerful driver behind banks and their corporate clients leveraging enterprise-level Digital Rights Management (DRM) to secure M&A-relevant unstructured data. The reasons quickly become clear when we look at a real-life example.
A global automotive component manufacturer is planning with its investment bank the acquisition of a publicly traded semiconductor design and manufacturing company.
It’s high season for M&As, and the planned deal seems like a match made in heaven. Yet from an M&A security perspective, the timing couldn’t be worse. M&A leaks have been spiking recently, according to the SS&C Intralinks 2020 M&A Leaks Report [PDF]. This development means all new M&As face an unprecedented challenge.
The challenge: Remote work amplifies M&A security risks
Niche vendors of M&A tool platforms tout the cloud-based Virtual Data Room (VDR) as the solution. Such “deal rooms” have become a fixture in the M&A space. At the same time, data protection experts say that VDRs instill a false sense of security – comparable, perhaps, to standard M&A non-disclosure agreements.
These critics point to the weak – often password-based – security of VDRs and specialized M&A document management systems that can too easily be circumvented. Deal administrators and IT lament interoperability issues with other cloud storage services, as well as manageability and scalability problems.
The solution: data-centric M&A security
Enterprise DRM enables IT to strengthen M&A security instead. Fasoo Enterprise DRM, for example, enables data owners to protect confidential content through all stages of a merger or acquisition.
In our example, we focus on negotiations, due diligence, transaction execution, and implementation. These are the M&A stages where data breaches and deal leaks can be most damaging and costly.
Let’s take a closer look at how the acquirer, its bank, and the acquisition target leverage EDRM to maximize document protection. Enterprise DRM’s data-centric security enables IT and deal administrators to protect, control, and track sensitive data on a per-document basis, on any device, at any time.
M&A and beyond: document lifecycle protection
Fasoo encrypts confidential files at the point of creation or before they get uploaded to a VDR, for example. This protection applies throughout the entire document lifecycle, regardless of which M&A platform any contributing organization may be using.
Negotiations: Centralized policy management enables M&A data owners and deal administrators to remain in control. Fasoo Enterprise DRM lets them flexibly adjust who can access, edit, print, or share sensitive content – including remote workers.
This phase usually involves a high amount of various Microsoft Office document formats and Adobe PDF files. Dynamic permission control enables deal administrators to assign and revoke file access permissions for reviewers on a temporary basis, for example, to facilitate more than one bidding round.
Due diligence: In our example, the due diligence document list includes (among others) intellectual property (IP) files, tax records, financial planning P&L documents, electronic design automation (EDA) diagrams, facility blueprints, tax filings, HR records, and all sorts of legal PDFs.Throughout the document review process and beyond, data owners and deal administrators centrally manage who has access to sensitive content. Context-aware and hardware-agnostic secure print and pull print capabilities prevent the unauthorized printing of Personal Identifiable Information (PII) at a home office printer or in a shared workspace, for example. Secure screen and watermarking features (“Fasoo Smart Screen”) block or deter screen capture attempts across all applications, including in Virtual Desktop Infrastructure (VDI) environments and browsers.
Post-transaction / implementation: M&A security professionals warn that the post-merger integration of the acquired company with the buy-side is fraught with data protection and compliance risks that can cost the acquirer millions or even billions of dollars. Data breaches are one main reason for the high M&A failure rate.In our example, the acquirer already has Enterprise DRM in place across its global organization, not unlike this Fasoo customer in the same industry. This means trade secrets, personnel PII, even sensitive records exported from databases are automatically detected, classified, prioritized and encrypted when they enter the buyer company’s environment from the acquired company.
During each M&A stage and long thereafter, Enterprise DRM provides persistent protection and consistent tracking. A document usage audit trail keeps IT, compliance managers, and financial regulators in the loop.
After all, “digital M&A became the new norm” during the pandemic, according to the consultants at Bain & Company. This year, more dealmakers discovered the power of Enterprise DRM. They use it to prevent M&A leaks and data breaches from becoming a new norm, too.
Which industries have the highest potential for remote work? Finance and insurance, says McKinsey & Company. There’s a catch, however. How can organizations realize this potential without compromising data security and privacy?
The consultancy found that three-quarters of activities in these sectors can be done remotely without a loss of productivity. Information security wasn’t part of the study. So what are the implications from a data protection perspective?
That’s where things get dicey. The forced rush into hybrid and remote work arrangements and the sorry state of remote work security have bank CISOs and compliance officers on edge. Some – mostly larger – financial institutions have mastered the transformation more effectively than others. What’s their secret?
Before we answer that question, let’s first take a quick step back in time. In 2015, a Morgan Stanley insider downloaded confidential information on 730,000 of the investment bank’s wealth management clients to his personal laptop and posted a sample for sale online. Back then, it could have served as a wake-up call.
Today, it almost seems like quaint history, because not many heeded that call. The shift to Work-from-Home (WFH) due to COVID-19 has taken the insider threat to unstructured data to a whole new level.
Battlezone home office: Data protection reset required?
As a result, insiders – often working remotely – now account for more than 50 % of data breaches in the financial sector, according to security research. Several terabytes of sensitive data have been ransacked or leaked from more banks and financial services or law firms since that 2015 data breach. Think Pandora Papers, the confidential documents including supposedly secure PDF files, images, emails, and spreadsheets from 14 financial service companies offshore.
Bank CISOs and compliance officers we talk to are more worried than ever about the lack of visibility and loss of control over sensitive proprietary data when employees are working from home.
Or take Jeremy Baumruk, who heads up Professional Services at Xamin. His company manages IT security for more than 50 U.S. banks. In early 2020, he told the American Bankers Association’s Banking Journal: “When an employee is using their own computer, IT has almost no control.”
18 months later, research shows: that warning about remote work security still stands. Industry experts point to misconfigured VPNs, insufficiently secured home WiFi networks, unmanaged personal devices, personal cloud storage services, and unmonitored home office printers.
Remote work hasn’t only exacerbated the insider risks posed by negligence or disgruntled employees. Cybercriminals on the outside have taken notice, too. They wage automated campaigns that increase the pressure on banks to take decisive countermeasures.
Many recognize that the traditional, device-centric emphasis on IT perimeter defenses – Data Loss Prevention tools (DLP), firewalls, endpoint protection – cannot ensure adequate protection. Recent threat reports confirm: attackers are busy exploiting the remote work blindspots and endpoint vulnerabilities to the fullest.
As a result, credit unions, investment banks, and mortgage lenders, and their remote workers, are bearing the brunt of automated ransomware campaigns right now. In the first half of this year alone, banks experienced a 1,318% year-over-year increase in ransomware attacks, reports cybersecurity firm TrendMicro in its 2021 Midyear Security Roundup.
What does this have to do with document protection? There’s a direct and significant connection. New ransomware variants don’t merely encrypt the victim’s business-critical data and demand a ransom for unlocking it. The latest exploit kits are also optimized for data exfiltration.
In other words, they are designed to search for, scoop up, and siphon off sensitive information, which is then used for more elaborate extortion schemes. Only last week, the FBI sent out this Private Industry Notification [PDF]. It describes how perpetrators specifically target confidential documents about planned mergers and acquisitions, to release them on the internet if the victim doesn’t pay up.
So why have some financial institutions been less impacted than others by data leaks and theft during their shift to remote work?
Identify, protect, control – with Enterprise DRM
One answer is that they didn’t bide their time until the next data breach. Instead, more banks launched a “digital transformation” that some say is long overdue for the industry as a whole. One pillar of their strategy is shifting to a data-centric security model, enabling them to protect their data at rest, in use, and in transit.
Bank CISOs recognize that the traditional, device-centric emphasis on IT perimeter defenses – Data Loss Prevention (DLP), firewalls, endpoint protection – cannot ensure adequate protection anymore.
Instead, they leverage Enterprise Digital Rights Management solutions such as Fasoo to identify, encrypt, and oversee the access to unstructured data at the file level. This way, sensitive documents remain protected against unauthorized access if leaked or exfiltrated, no matter how that happens.
The Fasoo Enterprise DRM framework follows a three-way approach to ensure gapless document protection and remote work security:
Identify: Fasoo automatically identifies data worth protecting, from legacy repositories to newly created documents, which are secured at the point of creation. Unlike DLP, which is limited to tagging such information for protection within the organization’s IT perimeter, Fasoo sets the foundation for protecting and controlling confidential data anywhere, on any device.
Protect: Enterprise DRM provides an additional layer of security by combining FIPS 140-2 validated encryption and access control. This approach helps organizations minimize and mitigate risks such as data leaks, insider threats, and advanced persistent threats (APT).
Control: Fasoo enables banks to assert control over their confidential data through the entire document lifecycle, based on flexible and people-friendly central policy management.
Boost for remote work security and productivity in banking
This control transcends the digital domain. Fasoo’s printer-agnostic secure print capabilities (Fasoo Smart Print), for example, enable organizations to apply print protection and watermarks for plain and DRM-secured documents alike. Its screen security component (Fasoo Smart Screen) applies screen watermarks to applications and URLs to block screen capture attempts of sensitive data and monitors all screen capture attempts.
“Enterprise DRM is working great for us,” says the CISO of an S&P Top 100 global bank, a Fasoo customer. “It gives us a quick at-a-glance look at all our sensitive data and enables us to assert control wherever it goes.”
Would you like to learn more about how organizations in the financial sector, from community banks to global financial institutions, leverage Enterprise DRM to secure their digital transformation?
Your data security journey starts from here! See how Fasoo can help your data privacy and security.
3rd Party Cookies (Analytics)
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!