DRM, DLP and Cybersecurity

 Introduction

The purpose of this post is to examine how Digital Rights Management (DRM)  and Data Loss Presentation (DLP) software, when used together, can potentially improve the cybersecurity of an organisation. With the nature of work has changed due to COVID-19 we need to explore new ideas for companies to keep their people and assets safe. 

DRM tools are a set of access control technologies for restricting the use of proprietary hardware and copyrighted works. DRM technologies aim to control the use, modification and distribution of copyrighted works (for example software and multimedia content), as well as systems within devices that enforce these policies.

DLP software detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use (endpoint actions), in-motion (network traffic) and at rest (data storage).

DRM is not often considered a cybersecurity issue but more often a copyrights issue. Though it often makes use of tools used in cybersecurity such as encryption. But nothing exists in isolation and DRM can become a cybersecurity issue since when people decide to pirate media or software they may also pick up malware along the way. So a balance needs to be stuck in ensuring works are protected but also access is not restricted or limited in such a way that people turn to pirate versions.  Achieving the balance between accessibility and security is tricky but achievable. This is also linked to the design  balance triangle of security, functionality and usability. 

Enterprise DRM and DLP are typically thought of as separate technologies that could replace each other or stand-in for each other.  DRM encrypts files and controls access privileges dynamically as a file is in use.  DLP detects patterns and can restrict the movement of information that meets certain criteria.  Rather than being competitive, there is ponytail to use them as complementary solutions.

Cybersecurity using DRM and DLP together

Integrating DRM and DLP together has the potential to provide holistic data protection and IT security strategy.

Though with enterprise DRM (aka information rights management (IRM)) and DLP have historically been perceived as stand-ins for one another or as competing services. This partly stems from the fact that both DLP and DRM vendors use similar jargon to describe their services: wrap data in protection, file security, secure sensitive data, access permissions, selective encryption, remediation and enforcement. But feature priorities for DLP and DRM vendors are quite different and are in fact complementary to one another.

As a technology, DLP was designed to identify sensitive data (in motion, in use or at rest) and then perform basic remediation/enforcement actions based on the data’s classification (e.g. allow, encrypt, block or quarantine). But giving admins and users advanced remediation powers and policy-based access and protection controls like automatic encryption, geo-fencing, IP-fencing, read-only modes and the capability to revoke and adjust access to data after it’s been shared have not been high on DLP vendors’ agendas. Wrapping advanced controls around data is the speciality of DRM/IRM.

On the other hand, enterprise DRM solutions historically focused solely on DRM-encryption and providing end-users with controls over how data was shared and what recipients could do with it. This meant that the security of a document was left solely up to the end-use, and the importance or sensitivity of the data was not weighed properly prior to its dispersion. Obviously, this posed a threat to corporate security and was viewed as a flaw in the DRM solutions of old.

The challenge is that most businesses need to share sensitive data with outside people.  Considering most data leaks originate from trusted insiders who have or had access to sensitive documents, organisations must complement and empower the existing security infrastructure with a data-centric security solution that protects data in use persistently.  That is where DRM comes in.

DRM ensures that only intended recipients can view sensitive files regardless of their location.  This assures protection of data beyond controlled boundaries so that an organisation is always in control of its information.  DRM policy stays with the document even if it is renamed or saved to another format, like a PDF.  This provides a more complete solution to limit the possibility of a data breach.

By integrating DLP and DRM, organisations can:
  •  Allow DLP to scan DRM-protected documents, and apply DLP policies.
  •  Enforce DLP policy engines to encrypt or reclassify a file to create a DRM-protected document.
  •  Secure data persistently and reduce the risk of losing it from both insiders and outsiders.
DLP alone cannot control data in use by authorized internal or external users.  Adding DRM ensures that vulnerabilities are minimised and that an organisation can immediately deny access to any file regardless of its location.

Conclusion

While as a potential solution using DRM and DLP together will not mitigate all determined attacks from a trusted insider or be suitable for all businesses it does provide another way to minimise the attack surface and further limits the potential risks of a data breach. I hope this post has been of interest. I would encourage further reading if this has been interesting to you. 

Sources


Comments

Post a Comment

Popular posts

Balancing functionality, usability and security in design

Image
Introduction When designing new devices or applications there is a requirement nowadays to consider there functionality, usability and security. While there has been a push through secure-by-design guidelines for security to be built-in from the beginning there are still gaps in implementation and part of these gaps are design considerations of functionality and usability. Part of this that doing security well is hard work, but it should never block useful functionality for the user. Ideally, when security interferes with key software capabilities, the security must be tweaked. The answer should never be to abandon the functionality and certainly not to abandon the security. Though achieving this balance is admittedly not straightforward. This blog post will aim to look at this triad and how they can be balanced and not compromise each other. Defining the Triad in design A triangle can be used to help explain the relationship between the concepts of security, functionality and ea...
Read more

Personal Interest - Unbuilt fleets of the Royal Navy

Image
Introduction Throughout the 20th Century the Royal Navy designed and examined different types of fleets that were never realised either due to budget constraints, arms treaties or the changing nature of war. These are only a few examples of the different types of unbuilt fleets. Some of these had prototypes built and tasted for the Royal Navy which would serve as technological testbeds. Images and info from secret projects forum, shipbucket, popular mechanics/science and naval-matters. Washington Naval Treaty (WNT) The  Washington Naval Treaty  was a treaty signed during 1922 among the major nations that had won  World War I , which agreed to prevent an  arms race  by limiting naval construction. It was negotiated at the  Washington Naval Conference , held in  Washington, D.C. , from November 1921 to February 1922, and it was signed by the governments of the United Kingdom, the United States, France, Italy, and Japan. It limited the construction ...
Read more

Personal Interest - RAF Unbuilt Projects

Image
  Introduction This blog post looks at the different groups of cancelled RAF projects. It will focus on the 50s, 60s, 90s/00s and a brief look at hypersonic research projects. While these projects were often cut or cancelled for budget or austerity reasons, they were also pushed by the changing nature of warfare firstly from conventional style WW2 warfare to the predicated quick, short scale nuclear war which was expected from 1947 to 1989. Later from the 90s and into the 21st Century a change from state on state conflict to facing insurgencies, counter-terrorism and peacekeeping missions again led to a change in how wars are fought. Though the work and research done on these projects would rarely go to waste with it being used and applied in other projects and works even if sometimes it could take another ten or twenty years before anything operational came of that work. There won't be large amounts of text explaining or exploring the designs there are far better sources f...
Read more