Information rights management is a key part of contemporary corporate security culture, focusing on protecting valuable information from unauthorized entities. Unfortunately, as recent hacks and leaks reveal, most companies aren’t very good at it.
But why is there such a lack of consistency and enforcement here, and what can businesses do to improve?
IRM is similar to digital rights management (DRM), a more popular issue since it has more to do with copyrighted digital properties, like songs and movies being illegally downloaded and shared. Like DRM, IRM focuses on restricting access and improving security for specific files, but turns its attention toward documents, spreadsheets, PDFs, and other important files intended to preserve or share information.
These are a few of the most important tenets of IRM:
One of the most important security features of the modern age is encryption—the process of encoding a file so that only authorized recipients will be able to read it. If an encrypted file is intercepted by a third party in transition (such as if a cybercriminal attempts to gain access to the file), the contents would be rendered unintelligible unless the security key is somehow cracked. Encryption prevents interference and interception from outside parties, thereby preventing the possibility of unauthorized copying or use.
Specific allow/deny rules
Many IRM platforms enable administrators to create and enforce specific rules that allow or deny basic interactive components within a file. For example, an admin may designate a file to be “view only,” which prevents any other users from altering the document in any way. Other rules forbid specific actions, such as taking screenshots of the document, printing it, or copying and pasting information within the document.
Of course, IRM also requires some level of customizability. You may need to set restrictions for some files and messages, but not others. You may need to restrict access within one department, but allow access within another department. Further, you might need to encrypt a file so that it retains its alterability rules, even if sent to a third party. These controls can get complicated fast.
So why aren’t more businesses adopting IRM protocols?
Specialized software or partnerships
First, it’s almost impossible to create fully secure IRM structures without help from an outside partner or organization. Add-ons to existing programs, like Virtru email security for Office 365, can give you most of what you need, but it takes time to research the right solutions for your organization—and in most cases, money to maintain the subscription.
Despite the appearance of security, many IRM protocols have easy workarounds that even the most passive cybercriminal can thwart. For example, if you block screenshots for a specific document, an employee could still use a cell phone camera to take an image of the document while it’s onscreen, negating the purpose and exposing more vulnerabilities.
Naturally, the bigger the scale of the enterprise, the harder it’s going to be to keep IRM consistent. Many software packages and internal procedures are easy to maintain when you only have a few dozen people to worry about. The more people you add to a system, the more points of vulnerability you’ll contend with, and the less secure and less consistent your practices will become.
If you want your company’s information to be safe, you need to take IRM more seriously. You should consider establishing a partnership with an IRM organization, or relying on products that give you more control over your own internal IRM. Your documents, messages, and files are the lifeblood of your organization, and all it takes is one breach to compromise your work. Don’t let it happen on your watch; invest in the right infrastructure for IRM, and don’t let it become a secondary priority.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access