It is becoming increasingly difficult to guarantee a safe boundary for your sensitive data. As work-from-anywhere cements, employees are now collaborating freely with each other, with contractors and with partners. But this freedom to collaborate more broadly also means information is being shared among devices, applications and networks that your organization doesn't necessarily have control over.
This new climate doesn’t just put your proprietary information at risk, it also makes complying with regulations much more difficult. When most entities sit outside your perimeter defenses, it becomes difficult to provide geo-specific access or enforce encryption over regulated data.
To ensure data is protected while productivity remains high, organizations need an integrated, cloud-delivered approach to cybersecurity. While Security Service Edge (SSE) has become the go-to framework to achieve that, you need to be aware that not all SSE approaches are created equal.
In previous blogs, we’ve discussed the importance of User and Entity Behavior Analytics (UEBA) and modern Data Loss Prevention (DLP) as part of an SSE platform. Let me dig into the third piece to this puzzle, Enterprise Digital Rights Management (EDRM), which ensures that data policies are enforced regardless of where the data goes.
What is EDRM?
Even if you’ve never heard of EDRM, you may be familiar with digital rights management or DRM, which is most often used by publishers of movies, music, games or other software to restrict access to only those who have paid.
EDRM does something similar except that its purpose in life is to protect sensitive corporate data when it leaves an organization’s sphere of influence. It does this by encrypting data in real time as it moves between users, devices and apps. When it's part of a broader SSE platform, EDRM works dynamically by leveraging the context of users, devices, apps and data to make informed decisions based on an organization’s data protection policies.
Within a comprehensive SSE platform, EDRM is just one of many data protection actions that can be taken. In nearly every case, you would rely on DLP to first discover and categorize your data across all your apps. Then it decides, based on inputs from endpoint security and UEBA, on what actions to take. For instance, softer restrictions such as masking certain keywords or watermarking documents could be applied.
EDRM steps in when you need to enforce much harsher restrictions and encrypts each data with a unique per-file key. By attaching platform-independent controls, organizations ensure that only apps and services intended to use the data can decrypt the content. With the encryption attached to the data’s metadata, an authorization check is performed each time a user attempts to open it. This means organizations can continuously monitor who has access, set time limits on when someone has access or what types of devices have access.
Why do you need EDRM?
Enforcing data access policies has become increasingly complicated. Data is now sprawled across countless cloud apps and private apps. At the same time, users are increasingly using personal devices and networks that circumvent perimeter-based security. EDRM ensures that data boundaries are set dynamically, even when the data travels around freely.
Here are three reasons why EDRM is a critical cloud security best practice:
1. Prevent data leakage or exfiltration
If you recall, in late 2020, Pfizer lost 12,000 sensitive documents due to an insider threat. While the pharmaceutical company detected the data exfiltration, they weren’t able to stop it. Whether it’s malicious downloading or accidental sharing, EDRM’s encryption controls ensure that the data cannot be accessed by unauthorized users.
2. Comply with regulatory compliance
Health Insurance Portability and Accountability Act (HIPAA) in the United States, for example, requires data protection wherever it resides. Traditionally organizations encrypted internal hard drives of managed laptops. With EDRM, the encryption stays with the data itself, which means the data is always protected.
The General Data Protection Regulation (GDPR) has restrictions on exporting data outside of the European Union. With continuous checks on the user, including their geolocation, you could set a policy that no users outside the EU can decrypt the data.
3. Reducing third-party risk
Large organizations often rely on third-party vendors, contractors and partners for various services. But many of them may not have the same security standards. EDRM ensures that whether it's financial and customer data, or intellectual property, only authorized users within specific parameters are able to decrypt the sensitive information.
EDRM extends the power of a security platform
While I focused this blog on the benefits of EDRM, its data protection value is largely derived from being part of a comprehensive platform. To enforce precise data protection, EDRM interprets the telemetry from DLP, UEBA and endpoint security.
EDRM is most effective when part of an SSE platform that includes Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA) and Secure Web Gateway (SWG). Together, these solutions enable you to extend EDRM’s encryption capabilities to cloud apps, private apps, email and internet activities.
To understand what data protection capabilities you need within your SSE platform, take a look at the 2022 Gartner Magic Quadrant for SSE where Lookout was named a Visionary.
- How SSE can help you reduce complexity, costs and management overhead.
- Which SSE Gartner Critical Capabilities to focus on.
- Which use case/s could be applied to your organization and what to look for in an SSE vendor.
- The analysis behind Lookout’s top three placement in the Critical Capabilities report.
Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved
Gartner, Magic Quadrant for Security Service Edge, John Watts, Craig Lawson, Charlie Winckless, Aaron McQuaid, February 15, 2022
Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Book a personalized, no-pressure demo today to learn:
- How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
- Real-world examples of phishing and app threats that have compromised organizations
- How an integrated endpoint-to-cloud security platform can detect threats and protect your organization