DRM, an Answer for Insider Threats

By Trevor Smith, Executive Vice President of Sales and Marketing, Brite Computers

People cause digital leaks.

Whether it’s an intentional malicious act or simply an accident, corporations are perpetually at risk and digital rights management (DRM) is the best possible solution available today.

DRM started out as software technology used to identify, secure, manage, track and audit digital content.  However in recent years, BYOD (bring your own device) initiatives and the consumerization of technology have forever changed the IT landscape, necessitating the use of DRM technology to ensure control and access of sensitive data. Employees now have the ability to retrieve corporate data from a multitude of devices, store data in many unmanaged places and access it from virtually anywhere. With the advances in collaboration technology, the shortening tenure, and the increasing value of data, the insider threat is no longer limited to the disgruntled employee. The corporation is a sitting duck; the insider threat is any individual on the payroll.

Dealing with insider threats is difficult. Consider the threat, a highly privileged and trusted user!  Standard methods of defense, such as firewalls, intrusion detection systems (IDS), anti-virus as well as secure building access and two-factor authentication, do not offer protection because employees are already inside the network and within the circle of trust. Adding to the difficulty, insiders can be well aware of the organization’s policies and any loopholes.

Even data loss prevention only prevents the data from leaving for illegitimate reasons. DRM protects data during both legitimate and illegitimate use cases.

Rapid migration of DRM software into the enterprise is evidence that there is an alarming rate of security breaches from the following types of insider threats:

  • Unintentional Threats: A major concern among security professionals. More than 40 percent report that their greatest concern is employees accidentally jeopardizing security through data leaks and/or similar errors.
  • Malicious Threats: Often defined as disgruntled employees or ex-employees who believe that the business, institution or agency has “done them wrong” and feel justified in gaining revenge.
  • Malicious Hacker: An outside person who poses as an employee or officer by obtaining false credentials. The hacker obtains access to the computer systems or networks of the enterprise, and then conducts activities intended to cause harm to the organization.

Essentially, controlling access to the data rather than the system is a better approach to preventing an insider threat, since the data is ultimately what everyone is after.  It also ensures control is maintained regardless of location or device, also addressing BYOD issues.

The Quocirca report (http://www.quocirca.com/reports/953/what-keeps-your-ceo-up-at-night-the-insider-threat-solved-with-drm) recently looked at the challenges faced by organizations in protecting against data breaches (insider threats in particular) and assessed this rising issue. It analyzed various security solutions organizations already had in place to protect against data breaches, but suggested that while these solutions were effective against previous forms of threats, they aren’t fully effective when it comes to addressing the insider threat. On the contrary, digital rights management is highlighted as one of the best security solutions out there that provides the most comprehensive protection.

Trevor Smith, Executive Vice President of Sales and Marketing, Brite Computers,

212-874-1519: email: tsmith@britecomputers.com.

For more than 10 years, Brite has been on the frontlines protecting client’s critical data, applications and infrastructure from the ever evolving threats.  Specializing in data and network security, Brite provides the industry’s leading and innovative solutions. Please visit www.britecomputers.com for more information.

Advertisement

Follow Us:

Sitemap | Privacy | Copyright © © 2017, WSTA®, All Rights Reserved.