With the increasing use of mobile devices – smartphones and tablets – in workplaces, security and control of data going outside the corporate network is becoming more and more challenging to enterprise IT. One of the popular and most secure ways data can be protected and controlled, irrespective of where it goes, is Enterprise Digital Rights Management (eDRM). Traditionally, eDRM (aka IRM) has been considered difficult to use for end-users and difficult to administer for IT. But in today’s world, enterprise IT must ensure security of shared data without compromising on the user experience. The user should be able to access secured content on mobile devices with the same ease and flexibility they have with other apps.
A big hurdle to the combination of security and ease of use on mobile devices is the fact that apps on mobile devices are sandboxed and hence can share data only by copying (or moving) it across app sandboxes. This obviously could lead to data loss, because once the data has gone outside a own secure sandbox, there is no way to control what happens to it.
We are introducing Pro versions of our eDRM mobile apps – vDRM Pro for iOS and Android. They combine ease of use with top-notch security features like containerization and at-rest & in-motion encryption, ensuring that data loss is prevented. The vDRM apps always store the eDRM-protected documents in encrypted form on device storage and they always exchange information with the vDRM server using channels as secure as a VPN. These apps not just allow the user to easily access eDRM-protected data, but also come with a built-in powerful document editor (for MS Office and PDF) so that documents need not be taken outside the vDRM app’s secure sandbox. IT can also reset assured because the containerization features and the built-in document editor allow full IT control over user operations like Copy/Paste, Edit, Save, printing, sharing and screenshots, and also allow tracking of all user activity on the protected documents.
vDRM apps for smartphones and tablets (iOS and Android) offer following features:
- Content protection: Based on the mobile content management (MCM)policy and sharing policy of the organization and, the access rights set by the initiator, the documents shared within or outside the organization can be restricted to view-only access or restricted to fully-controlled editing using a built-in document editor for MS Office and PDF.
- Secure online document viewer: The viewing of shared documents by third parties can be restricted to read-only access through a secure web-based online document viewer, with full IT control on printing, copy/paste and screenshots.
- Digitally watermarked documents: Based on policy, downloads of shared files can be restricted to be a watermarked document. Watermarks, such as logo, copyright texts, IP address, MAC address and recipient’s email ID can be added to each page of the document to discourage printing, screen capture or photo capture.
How it works
Recipients typically receive a secure share link from Vaultize via email, text / SMS or any other messaging / communication medium on their mobile devices. When a recipient taps on the secure link, it will open in device’s web browser app and will take the recipient through an authentication flow that IT or share initiator can define. This authentication flow can include things like username / email, password and multi factor authentication (MFA) mechanisms like One Time Password (OTP) and RSA SecurID tokens.
Once the authentication is successful, the recipient will see all her eDRM-protected files and folders. Recipient can now open any of the secured files (using the vDRM app) by just tapping on that file or by selecting the download option (which requires the share initiator to give
download permission to the recipient).
vDRM Pro app will launch when user selects “Open in vDRM Pro” option. Recipient will be
asked for authentication again if the file is also protected by a password. This eDRM-protected file is always cached securely (i.e. in an encrypted form) on vDRM app’s sandbox. Whenever user wants to open this file in future, he will simply tap that file and will provide authentication for that file. When the file opens, recipient should see the file options seen above. Each of these options is controlled by the eDRM rights set using link share policy and by share initiator. For example, if recipient is allowed to Edit, the built-in document editor will open with editing enabled:
vDRM Pro apps can be download from following links: