Sensitive information is vulnerable to accidental or malicious data leaks, especially when dealing with external parties like partners, vendors, contractors, temps and even customers. And once the files are outside your organization's network perimeter, it is difficult to control them since, unlike devices, they don't have self destruct or homing capabilities built into them. These risks escalate significantly when people use consumer-grade file sharing and sync software that the organizations cannot monitor or control.
To answer such and similar data loss challenges, we recently announced Digital Rights Management (DRM, aka Information Rights Management - IRM) capabilities built into Vaultize's enterprise platform for file sharing and anywhere access to corporate data repositories. IT administrators and even end-users would now be able to control and monitor various aspects related to the usage of their files ... wherever those files go (even outside the organization network) - all the time and on any device.
In this post, we'll cover the powerful DRM controls provided for Vaultize administrators; the easy-to-use end user controls will be described in an upcoming post.
Vaultize Digital Rights Management (aka VRM) offers comprehensive protection from following type of scenarios:
- An employee has left the organization and copied files shared with him.
- A vendor has lost his laptop containing some sensitive files you shared with him.
- An employee of a partner has left his employment and took along some of your data with her.
- You want to share sensitive files with an external contractor in a highly secure way.
As Vaultize administrator, you can already tackle these and similar problems to a large extent by defining sharing policies that allow you to control many aspects of file sharing. But now, you can also turn on the Vaultize DRM option and make sure that your policies and rights will go along with the data everywhere it goes! With Vaultize DRM, Vaultize makes sure that the sharing policies and rights applied to a data are honoured irrespective of where or which device/location the data goes to and even if it is outside your organization's security perimeter.
With rights management enabled, the page from which external (or even internal) users access shared data changes to indicate that the files are protected by Vaultize DRM and that users need to download the Vaultize Rights Management Client (VRM Client) to make use of these files (see the screenshot below). The VRM Client is free to download for anyone and is available for Windows and Mac, with iOS, Android and Linux versions coming soon.
When users download these files, the Vaultize Rights Management Server (VRM Server) provides these files in an AES-256 encrypted container format (as shown in the screenshot below). This containerization is performed using our patent-pending micro-containerization technology, which is agnostic to file formats and provides end-to-end security. The containerization is such that end-users don't see any visible difference in the files and how they see it (for example, file icons or file names don't change). The micro-containerized files can only be opened using the VRM Client application.
After downloading and installing the VRM Client application, user can open the protected files as he/she normally does. When the user opens the downloaded file, VRM Client communicates with the VRM Server to determine whether the file can be opened depending on various criteria set in the sharing policy, like current sharing status, permissions, expiry, password protection, number of times a file can be opened and so on (see the sharing policy screenshot above). If the VRM Server permits, the VRM Client opens the file in the native application while enforcing additional restrictions like copy-paste, editing, exporting, saving and printing. For instance, the Word document downloaded above appears as follows when opened via VRM Client with cut/copy/paste and editing disabled:
The MS Office menu also gets more restrictive to prevent file saving, printing, export or sharing, as seen in the highlighted section here:
In case the user does not have the appropriate application (like say MS Word), VRM Client also provides an option of opening the file in Vaultize Online Document Viewer or download the file as a watermarked PDF:
The file can be opened in Vaultize Online Document Viewer, where similar copy-paste and print restrictions are enforced. The file will also be digitally watermarked to discourage screenshots and printing:
When an even greater level of security is required, the files can be password protected within VRM context by users who start sharing the files/folders. Owing to this, you get file-level password protection even if the original file format doesn’t support password protected files, as is the case with plain text files for instance. For such files, the VRM Client will force the individuals opening the file to enter a password:
In case of unauthorized attempts to open a protected file, the end user can feel the VRM Server’s gentle wrath in the form of a message similar to the one illustrated here:
Vaultize Rights Management also keeps a track of the users who shared the file and of the systems from where the file opening was attempted from. Reports based on this data can help the administrators track down any potential data leaks and the individuals responsible for attempting data leaks.
Vaultize Outlook Plugin, which allows automatic replacement of email attachments with secure and managed links, becomes a lot more secure and traceable with Vaultize Rights Management. Any files shared via emails can be made accessible in the form of VRM-protected files and can be opened (and thus protected and tracked) using VRM Client. Also, disabling access to any attachments thus shared is just a matter of deleting the share or, blocking the user who shared the file or, changing the policies.
Apart from file sharing, VRM can also be used in conjunction with Vaultize DLP integration. The VRM DLP Connector integrates with data classification capabilities of leading DLP solutions to allow enforcement of VRM protection on chosen categories (or classes) of files being downloaded or being shared. With this approach, any data leaving Vaultize (and thus your organization) by means of a file/folder download action can also be controlled and kept track of.
This is just the beginning of the Vaultize Rights Management story, watch this space as we announce a wealth of new features in the near future!
Download Our Free Whitepaper – Don’t Get Fired For ￼￼￼Critical Data Leaks: 6 Essentials For 100% Secure Enterprise File Sharing. Find Out What You Need To Do To Insure Zero Data Leakage!