Why DRM is Fast Becoming a Critical Component inSecure File Transfer Solutions

By Chris Bailey, Product Leader at Fortra, the new name for HelpSystems.

  • 1 year ago Posted in

In today’s highly connected business world, sharing data is faster and simpler than ever. But with this ease of sharing also comes concerns, particularly regarding the security of file transfers.

Many established file transfer systems rely on encryption to keep data secure. However, with the rise of remote working, sensitive files are now being shared electronically by employees daily, often via unsecured channels which offer far less control and protection . In addition, enterprises face strict compliance regulations such as HIPAA, PCI-DSS, FISMA and GDPR, which require them to protect sensitive data in transit.

With the amount of sensitive, business critical data that now crosses the wire on a regular basis, ensuring it falls into the right hands is more than an IT or security issue, it’s a matter of business survival.

With this in mind, what secure transfer techniques are most popular amongst businesses today? PGP, or Pretty Good Privacy, has been around since 1991 and is still often used today for signing, encrypting and decrypting communications, providing privacy and authentication. Secure Managed File Transfer (MFT) solutions provide robust encryption as well as threat detection to help organisations transfer files securely. However, once this data is received, what happens to it is completely outside the organisation’s control. For example, take media organisations like the BBC and HBO. Their most popular shows are often distributed around the world to international broadcasters and streaming services. Once those digital copies are sent out, if the data isn’t properly protected then it’s all too easy for pirates to copy it and share it illegally, or even leak spoilers for yet un-broadcast content, often with major ramifications.

While solutions like Secure MFT do mitigate the problems of getting files safely and securely from point A to point B, businesses today need their files to be safe, regardless of where they go, for the lifetime of the data.

The importance of Zero Trust

So, how can businesses tackle the root of the problem? To understand this better, we must first understand Zero Trust. Zero Trust is a security framework whereby nothing is left to chance – everything must be proven, every time, and there are two main ways to do this. Businesses can either secure the transfer method, or they can secure the data itself. At the moment, most do the former but neglect the latter.

While there is no more traditional ‘perimeter’, most secure transfer solutions still verify users at a “gate,” and once they’ve been authenticated, they are given carte blanche to do whatever they like with the data contained within.

Of course, there are numerous issues with this approach. For a start, credential-based authentication methods are far from bulletproof. Usernames and passwords can be easily lost, stolen, or even guessed, which makes relying solely on them for data protection very risky.

Remember that when it comes to data, businesses typically need solutions that ensure three things – availability, confidentiality, and integrity. While this gatekeeping technique makes the data both confidential (at least while in transit) and available, it does very little to protect its overall integrity. Even if the file transfer successfully delivers sensitive data to the intended person, if that

person then acts maliciously or carelessly with it, there are absolutely no other measures in place to keep it protected at that point.

DRM As an Essential Component of Zero Trust

To truly achieve Zero Trust across files, data, and critical information, businesses need to defend it at the source. This means placing access controls on both the method of delivery and the information itself.

For this, there is Digital Rights Management (DRM), which, when paired with secure file transfers, offers more complete data security. Rather than making the data impossible for unwanted parties to catch, it makes it impossible for them to use. DRM lets businesses control every file, email, and piece of intellectual property that crosses the wire, with rights applied or revoked at any time. They can set permissions on who’s allowed to open it, limiting access to specified email or IP addresses only, and retain full control over who can print, copy, save, edit, or even screenshot files.

Protecting such files with specific permissions prior to sending ensures the information cannot be accessed by anyone other than the intended recipients, even if it goes astray at any point before, during, or after the transfer process. In short, DRM ensures that:

1. Businesses and their employees can send and receive sensitive files and data to authorised recipients only, without exposing any of it to unauthorised third-parties at any point

2. Businesses can retain full control of the files after they are sent, received, and accessed and can even prevent editing, printing and screenshots from being taken on a mobile phone.

3. Administrators can retain full DRM rights management even after data has left the organisation, revoking access so that the file can no longer be viewed.

With businesses and their employees sharing more digital information now than ever before, keeping sensitive data protected at all times is an increasingly difficult challenge. While many still rely on secure transfer services to get it from A to B, without further protections of the data itself, its integrity remains at risk. By combining DRM with secure MFTs and integrating it effectively into their data security process, businesses know that regardless of where their data goes, they are still in control of it, giving them the peace of mind they need to operate effectively in today’s competitive business landscape.

By Alasdair Anderson, VP of EMEA at Protegrity.
By Eric Herzog, Chief Marketing Officer, Infinidat.
By Shaun Farrow, Security Practice Lead at Bistech.
By Andre Schindler, GM EMEA and SVP Global Sales at NinjaOne.
By Darren Thomson, Field CTO EMEAI, Commvault.