Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Using rights management for cloud data security

Trustmarque Solutions : 10 September, 2015  (Special Report)
James Butler of Trustmarque discusses the use of Rights Management tools for providing data security in cloud and BYOD environments
Using rights management for cloud data security

The implications of migrating to the cloud often cause IT departments to hesitate, particularly the issue of data sovereignty in public or hybrid cloud. The issue of sensitive company information being stored on external servers rightly makes security teams wary. There can be some very serious consequences if good data protection processes are ignored. With the EU set to pass legislation increasing the maximum potential fine for a data breach to €100m, companies need to prioritise security more than ever.

Concerns about cloud security and BYOD add to the complexity burden that IT departments already face. Simultaneously, there is constant pressure to rein in spending and work with fewer resources. Moving to the cloud can promote secure and flexible work practices, while also reducing costs. Indeed, a more flexible approach can boost security by working with employees, rather than constricting them.

Many companies are failing to take advantage of the security features and tools bundled into their existing enterprise software. Rather than forking out for costly protection measures, IT departments should rethink their binary conception of security and re-visit some simple security methods that can give employees the flexibility they desire. In the end, good security is about giving the right people the right access at the right time.

Keep it safe, keep it simple

One dramatically under-used solution is Rights Management. Rights Management tools are often bundled into enterprise editions of software from vendors such as Microsoft and Adobe, meaning the majority of companies have access to them for free. Rights Management tools work on a policy-based grading system – people can either access, edit or move documents based on the rights they are allowed. This extends even to the types of devices that the document can be viewed on, enabling fully customised levels of access.

Rights Management solutions differ from more basic access controls enforced by corporate file shares and document management. The use of encryption in Rights Management allows the security controls to ‘follow the content’ rather than relying on fixed, inflexible methods of storing and accessing the information within the corporate network and with only pre-determined applications and devices.

As a practical example, a project manager overseeing a complex bid process may need her whole team to be able to see the bid document, therefore needs to have it in the cloud where it is easily accessible. However, she doesn’t want all the people that can view the document also able to edit it, so she provides viewing rights to her entire team but editing rights only to the senior team members. These rights restrictions put layers of security in place, protecting the sensitive information on the document, despite it being in public cloud.

Shifting the security conception

Rights Management tools employ a graded encryption system which enables IT departments to shift their idea of security away from a ‘walled garden’ approach – where data on internal servers is ‘good’ and anything outside is ‘bad’. Data protection needs to be viewed on a spectrum instead; depending on the sensitivity of the data, the needs of staff and the demands of the specific project in question.

By employing Rights Management tools, security teams can allow employees to put documents into both public and hybrid cloud environments while remaining secure, thanks to the customised restrictions over viewing and editing. Crucially, this also means that there is no increase in the total cost of ownership (TCO), a huge benefit for resource-strapped IT teams.


In addition to not increasing the TCO for security, Rights Management tools also help IT departments to embrace employees’ demands for greater flexibility. Staff today are different from their predecessors, continually pressing to become more mobile and work in a way that suits them. This often leads them to circumvent IT security restrictions, often completely unintentionally, in order to access and use cloud solutions.

Rights Management tools provide customisable security for companies in the cloud, for very little cost. When combined with effective security training, Rights Management tools reduce the risk of employees breaking security policies without realising; particularly because staff are more likely to be comfortable using encryption that is built into a familiar tool such as Excel, rather than layering an unknown security system which they need to learn how to use from scratch.
Keeping all the plates spinning

Security professionals need to balance many different requirements in the modern era, including a complex cloudscape, constrained budget and employees who aren’t particularly security conscious. This means that when it comes to data sovereignty and protection solutions, they often need to consider several competing interests simultaneously.

Using Rights Management tools can be an important aspect of meeting this challenge, given their relative low cost and the fact that they are often part of a package that employees are comfortable using. If less security minded employees can use Microsoft Word to protect their data, they will find this far preferable than adopting a complicated new system. There is a time and place for every solution, but too many businesses are purchasing expensive solutions while often, the answer is already under their noses.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo