Hardly a day goes by that you don’t hear about another loss of confidential information. These events typically occur due to inadequate physical security, missing or improper implementation of technology, not adhering to security procedures or lack of awareness of potential vulnerabilities. Over the last 10 years companies have invested millions of dollars on keeping the bad guys out of their organizations. Unfortunately, today you have to assume the bad guys are already in. Enterprise Digital Rights Management is the best way to protect your confidential data.
There are three main phases of data lifecycle management that need to be considered when developing a viable security strategy:
Protection of data at rest – this phase is commonly addressed using technologies such as full disk encryption. Basically, this method encrypts every bit of data that goes on a disk or disk volume. The term “full disk encryption” is often used to signify that everything on a disk is encrypted, including the programs that can encrypt bootable operating system partitions. But they must still leave the master boot record (MBR), and thus part of the disk, unencrypted. There are, however, hardware-based full disk encryption systems that can truly encrypt the entire boot disk, including the MBR.
Another technology that provides protection of data at rest is Enterprise Content Management (ECM). ECM refers to the technologies, strategies, methods and tools used to capture, manage, store, preserve, and deliver content and documents related to an organization and its processes. ECM can also provide some level of protection for data in transit and in use as long as the data stays within the ECM application.
Protection of data in transit – The secure transmission of data in transit relies on both encryption and authentication by either hiding or concealing the data itself, and on ensuring that the computers at each end are the computers they say they are. Applications such as Public and Private Key Encryption, Secure Socket Layer encryption, Secure HTTP, secure email, and PCI for financial transactions are typically employed for secure data transmission.
Data Loss Prevention or DLP is a computer security term referring to systems that identify, monitor, and protect data in use (e.g., endpoint actions), data in transit (e.g., network actions), and data at rest (e.g., data storage) through deep content inspection and with a centralized management framework. The systems are designed to detect and prevent the unauthorized use and transmission of confidential information.
Protection of data in use – Organizations that protect data in the rest and transit phases remain at risk if files are not protected during use. Persistent file level protection insures that the file remain in control of the author or company. Use of the file can be controlled by a wide variety of criteria including, edit, print, access date range, number of views and locations that file can be accessed. The file owner can even revoke the file even after it has been received. Internal threats either intentional or unintentional represent significant risks for most organizations. Nearly 60 percent of employees who quit a job or are asked to leave are stealing company data, according to a report by the Ponemon Institute. Data from lost or stolen laptops continue to cost companies tens of millions of dollars and expose customers and employees to additional risk. Closing these gaps will become a priority for all companies in the coming years.
Enterprise Digital Rights Management is the only application that addresses all three critical phases of data lifecycle management.