Managing Private Data with Information Rights Management

By   ISBuzz Team
Writer , Information Security Buzz | Aug 18, 2014 05:02 pm PST

It’s easier than ever to share online content quickly and widely – without it costing us a penny. Freemium file sharing tools such as Dropbox allow us to synchronise all of our files across all of our devices and share those files with friends, family and – increasingly – co-workers.

But, while it may be simple and convenient to do so, is it safe?

Governance, risk and compliance are board-level concerns. Businesses are aware that they may lack sufficiently stringent controls to protect their digital assets and meet ever more rigorous regulations around security and data privacy.

Records Management has driven a lot of IT spending over the past decade in an attempt to solve the problem of controlling the proliferation of unstructured content. It promised control over information, including retaining what was needed in a dedicated repository and disposing of what wasn’t.

Unfortunately, only one copy of any given document in this repository would ever have been disposed of, meaning that hundreds of copies and derivatives would remain on the hard drives, mailboxes, backup tapes, thumb drives and file sharing accounts of employees and their external collaborators. This clearly wasn’t a satisfactory solution.

The ideal means of clearing up the potentially damaging digital detritus left behind by employees in their daily work requires that the security, access rights and other controls relative to a file travel with that file itself.

Rights Management is technology that has existed for decades but has not reached its full potential as a solution to the content proliferation problem, mostly due to the end user friction it generated in the form of plugins, downloads and sometimes the circulation of separate passwords. As a result, despite its appeal to the security conscious, it was never really accepted by users and has enjoyed little to no wide-scale deployments for business purposes.

However, now it’s possible to apply Information Rights Management (IRM) to any document on its way out of a repository and centrally manage the decryption of distributed copies from a single location. This, along with the ability of being able to consume rights managed versions of both office and PDF documents without requiring additional local plugins, means that IRM may – finally – be the solution required to control the content chaos caused by today’s culture of widespread sharing.

IRM technology now allows policies to be applied to individual files or classes of documents. This ensures that they’re always kept within the data owner’s control, even after the files have been shared and copied outside the organisation. These policies can then restrict access based on a range of criteria including user ID, location, or device type. Access privileges can be revoked at will or after a set period of time, and IRM technology can also provide visibility into how a file is being shared, viewed and distributed.

While it’s necessary for businesses to be able to collaborate openly and efficiently, it’s equally critical that they meet regulatory demands and protect valuable IP. IRM technology may well be what’s needed to meet both of these requirements.

By Richard Anstey, CTO EMEA, Intralinks

richard_antseyBio: Richard Anstey serves as Intralinks’ Chief Technology Officer for Europe, Middle East and Africa. He has over 15 years of Information Management experience, and joined Intralinks after serving as Chief Architect at OpenText, where he was responsible for the technology evolution of the company’s full information management portfolio including innovation and technical due diligence on acquisitions. During his time at OpenText, Richard led the global product management team as it passed the US$1 billion revenue threshold.