DRM, DLP and Cybersecurity

 Introduction

The purpose of this post is to examine how Digital Rights Management (DRM)  and Data Loss Presentation (DLP) software, when used together, can potentially improve the cybersecurity of an organisation. With the nature of work has changed due to COVID-19 we need to explore new ideas for companies to keep their people and assets safe. 

DRM tools are a set of access control technologies for restricting the use of proprietary hardware and copyrighted works. DRM technologies aim to control the use, modification and distribution of copyrighted works (for example software and multimedia content), as well as systems within devices that enforce these policies.

DLP software detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use (endpoint actions), in-motion (network traffic) and at rest (data storage).

DRM is not often considered a cybersecurity issue but more often a copyrights issue. Though it often makes use of tools used in cybersecurity such as encryption. But nothing exists in isolation and DRM can become a cybersecurity issue since when people decide to pirate media or software they may also pick up malware along the way. So a balance needs to be stuck in ensuring works are protected but also access is not restricted or limited in such a way that people turn to pirate versions.  Achieving the balance between accessibility and security is tricky but achievable. This is also linked to the design  balance triangle of security, functionality and usability. 

Enterprise DRM and DLP are typically thought of as separate technologies that could replace each other or stand-in for each other.  DRM encrypts files and controls access privileges dynamically as a file is in use.  DLP detects patterns and can restrict the movement of information that meets certain criteria.  Rather than being competitive, there is ponytail to use them as complementary solutions.

Cybersecurity using DRM and DLP together

Integrating DRM and DLP together has the potential to provide holistic data protection and IT security strategy.

Though with enterprise DRM (aka information rights management (IRM)) and DLP have historically been perceived as stand-ins for one another or as competing services. This partly stems from the fact that both DLP and DRM vendors use similar jargon to describe their services: wrap data in protection, file security, secure sensitive data, access permissions, selective encryption, remediation and enforcement. But feature priorities for DLP and DRM vendors are quite different and are in fact complementary to one another.

As a technology, DLP was designed to identify sensitive data (in motion, in use or at rest) and then perform basic remediation/enforcement actions based on the data’s classification (e.g. allow, encrypt, block or quarantine). But giving admins and users advanced remediation powers and policy-based access and protection controls like automatic encryption, geo-fencing, IP-fencing, read-only modes and the capability to revoke and adjust access to data after it’s been shared have not been high on DLP vendors’ agendas. Wrapping advanced controls around data is the speciality of DRM/IRM.

On the other hand, enterprise DRM solutions historically focused solely on DRM-encryption and providing end-users with controls over how data was shared and what recipients could do with it. This meant that the security of a document was left solely up to the end-use, and the importance or sensitivity of the data was not weighed properly prior to its dispersion. Obviously, this posed a threat to corporate security and was viewed as a flaw in the DRM solutions of old.

The challenge is that most businesses need to share sensitive data with outside people.  Considering most data leaks originate from trusted insiders who have or had access to sensitive documents, organisations must complement and empower the existing security infrastructure with a data-centric security solution that protects data in use persistently.  That is where DRM comes in.

DRM ensures that only intended recipients can view sensitive files regardless of their location.  This assures protection of data beyond controlled boundaries so that an 
organisation is always in control of its information.  DRM policy stays with the document even if it is renamed or saved to another format, like a PDF.  This provides a more complete solution to limit the possibility of a data breach.

By integrating DLP and DRM, organisations can:
  •  Allow DLP to scan DRM-protected documents, and apply DLP policies.
  •  Enforce DLP policy engines to encrypt or reclassify a file to create a DRM-protected document.
  •  Secure data persistently and reduce the risk of losing it from both insiders and outsiders.
DLP alone cannot control data in use by authorized internal or external users.  Adding DRM ensures that vulnerabilities are minimised and that an organisation can immediately deny access to any file regardless of its location.

Conclusion

While as a potential solution using DRM and DLP together will not mitigate all determined attacks from a trusted insider or be suitable for all businesses it does provide another way to minimise the attack surface and further limits the potential risks of a data breach. I hope this post has been of interest. I would encourage further reading if this has been interesting to you. 

Sources


Comments

Popular posts

Personal Interest - Unbuilt fleets of the Royal Navy

Personal Interest - RAF Unbuilt Projects

Balancing functionality, usability and security in design