By Vishal Gupta

Data leakage, theft, hacking, compromise, accidental / intentional disclosure are here to stay and it is the responsibility of the employer / owner organization and the user to collectively ensure security while ‘at rest’ and when ‘in transit’.
Policies and procedures require users to ingrain best practices into their work culture but there is always the risk of human error or a slip-up even in highly mature workplaces or even if the users are highly trained and disciplined. An example is the incident of an army Major who had classified data on his computer and this was hacked. The full story can be read here - “Major’s comp hacked, info leak feared”

As the affected organization is the Army it is natural to assume there are strong controls in place and this is clearly this is a case of non-compliance on the part of the officer. Again, though controls are in place and the users are a disciplined and trained lot, this non-compliance has led to a security breach (a worst case scenario) and there is no rollback here. Classified data has been compromised and seems to be in the hands of enemies. There is no telling what will be the repercussion of this loss, and one cannot expect that the Army is going to be sharing any details of their investigation or findings.

While everything seems to be in place it is also obvious that the data would be much safer had it been protected by an Information Rights Management (IRM) system like Seclore. The Information Rights Management solution would have provided the organization with the means to withdraw the rights for all the classified documents on the machine for the user (machine owner) and thus render those documents un-accessible.

Data losses can happen anywhere and anyhow. People carry work home and assume it is safe but risks manifest themselves in different locations in different variants. It is necessary to be safe rather than sorry. A data breach, if not measurable in monetary terms, will cause intangible losses which (eventually) will finally lead to loss of confidence and trust from stakeholders.

This leads to the necessity that security controls extend beyond the enterprise perimeter and an Information Rights Management solution provides this capability. An Information Rights Management solution will allow the organization to establish controls based on document lifecycle policies that address classification, distribution controls and user rights with due consideration of business responsibilities and requirements. The system can be configured to apply these policies by default on the data being created. Alternatively policies can be applied manually and a user can create additional customized controls if needed.

In effect an Information Rights Management solution will provide the means for end-to-end control of data or documents throughout it’s lifecycle. The unique value brought about by this solution is that it allows the owner (individual or organization) to enforce data classification, monitor location of distributed data, actively log data access and retain control of access rights for the data irrespective of its location.

Implementing an Information Rights Management solution will allow Information Security managers to take the enterprise to a higher level of assurance as strong safeguards are embedded into the data assets at time of creation itself and remain so, until destruction or authorized removal.

Vishal is the CEO at Seclore Technology a major player in the Information Rights Management space. Vishal is also an Enterprise Rights Management Evangelist and can be contacted via the Seclore Technology website.

This article is a reblog from the Seclore Technology blog.