Best Practices: Enterprise Digital Rights Management
Beyond RIAA: Enterprise Digital Rights Management
Protecting sensitive information is big business—and a big headache. We preach the concept of moving toward a data-centric security model and being flexible with technology, yet many infosec pros fail to address a big, glaring gap that’s staring us in the face: how data is used, stored and transferred once it gets past our gantlet of controls. We implement technologies to monitor where data resides and where it’s being sent, but we don’t understand the context of the data and who is allowed to receive it. We deploy file encryption for laptops and smartphones, databases and backups, but what if someone internal or external decrypted that data? That person could then send it to anyone. We’re letting employees access networks with their own smartphones and tablets, yet the top mobile security concern in our 2011 Strategic Security Survey isn’t malware, it’s loss of a device containing sensitive information.
The fact is, a data-centric security model is a good start, but it’s not enough. As SaaS offerings and mobile devices become the norm, the value of enterprise digital rights management, or EDRM, will increase. Here’s our eight-step plan to take this next step in data protection. (B3500911)