Over a period of time, companies have heavily invested into security products including firewalls, anti-spam and intrusion prevention/detection that protect the corporate network (call it, corporate perimeter). This approach to information security is not enough in today’s world of consumerization, mobility and BYOD where data is being increasingly used from devices that are outside the corporate perimeter. Hence the practice of protecting corporate data through network and perimeter-based security measures is now being seen as ineffective in the light of security breaches and company data leaks in the recent past.
Corporate information is heavily being accessed, used and shared by people using different devices (company-owned and BYOD) not only from within the (protected) corporate network but also on the move (over public networks like the Internet) – hence creating data leakage points that require a different approach to security and data loss prevention than the traditional perimeter-based.
Information needs to be protected by itself such that the security travels along with the information as it moves across endpoints, across networks and across users (including with people outside the organization). This effectively means that a file always travels within a security envelope that can only be opened by authorized users, from an authorized device and from authorized locations based on access rights defined by the corporate IT and the owner of the file. This is information-centric (aka data-centric or content-centric) approach that emphasizes the security of the information itself rather than the security of networks, applications or devices.
Following are the key principles of information-centric security:
- Information must be self protecting across stages and throughout its life cycle: at-rest, in-motion and in-use
- Information must be protected across devices: company-managed, BYOD and third-party
- Access policies should be uniformly applied irrespective of device, user and location
- Security parameters should be under dynamic control of IT and owner of information
- Information should be traceable
Enterprise Digital Rights Management (DRM aka Information Rights Management/IRM) from Vaultize is an information-centric approach to information security by ensuring that corporate information and data always stays in control of IT. It allows end-users to create, access, edit, annotate and share documents irrespective of where they are (within as well as beyond the corporate fence) and independent of the device they use (laptop, desktop, smartphone or tablet) – whether managed or unmanaged.
Vaultize seamlessly integrates rights management in the regular workflow of end users by embedding the controls within the documents themselves. The files shared across corporate fence are DRM encrypted using patent pending Micro-containerization technology such that the access rights travel along with the documents. The documents are only usable by the authorized recipients and within the authorized environment.
Vaultize allows the document owner (and the corporate IT) to control the use of shared documents and manage (and even revoke) the permissions to open, view, download, print, copy-paste, forward and edit those documents. Vaultize DRM protects documents even after they are downloaded by the recipient on a device not under control of the company IT. In addition to the protection, the embedded DRM enables detailed tracking and auditing of shared files wherever they go – independent of location, device and user.