Exploring DRM as an Industry Standard Security Addition to File Transfers

With the rise of remote working, sharing sensitive files is now taken for granted, with 85% of UK businesses handling digital data. But embracing this collaborative approach comes with increasing concerns regarding the security of our file transfers.

As  39% of UK businesses identified a cyber attack in the last 12 months, it’s no longer enough for organisations to protect the perimeter and the skirting of the tech ecosystem. According to research, the average time that attackers can live in a target network is 11 days, with the longest reported being over 15 months. When data is a business’ gold, the data itself must be protected.

Since the entire premise of a Zero Trust approach is to ‘trust no one’, this must mean a full, robust strategy covering everything from Security Information and Event Management (SIEM) to Enterprise Data Management (EDM) to Next-Generation Antivirus (NGAV) and beyond. And truly following the Zero Trust defense-in-depth code requires protecting data right at the source – not just the access to it.

While trusted solutions such as Secure Managed File Transfer (MFT) deliver files safely and securely from A to B, they cannot control what happens to the data once it has been received. To give the sender ultimate control over what the recipient can and can’t do with the data, you need to add full Digital Rights Management capability to the file transfer. 

Current File Transfer Methods

First, it’s critical to understand the current data-sharing landscape to see the clear need for Zero Trust. The widespread use of collaboration tools and cloud-based file-sharing services means that sharing data is simpler than ever, but it can also be less secure. The explosion of cloud services and mobile devices has resulted in networks so complex that there is no easily-identified perimeter for the enterprise.

Strict compliance regulations such as the Data Protection Act and GDPR, present potential financial consequences for organisations should their business-critical data fall into the wrong hands.

MFT solutions allow files to be transferred securely. They first encrypt the data using PGP (Pretty Good Privacy) and use SFTP (Secure File Transfer Protocol) to move them securely. MFT solutions include an interface and functionality to enable better control and visibility of files transferred.

Enabling Zero Trust

The concept of Zero Trust means that no one and nothing can be trusted until it’s proven not to be a threat. With MFT, the file transfer is secure, but not the data itself – the user is verified at a ‘gate’, but the authentication methods are not foolproof, as usernames and passwords can be stolen, guessed, and cracked. Files can be accidentally sent and received to valid recipients, sometimes without the sender/receiver even knowing they contain sensitive data. For these reasons, access-only controls aren’t the optimal method for confidential data. This technique makes the information both confidential and available, but does nothing to protect its integrity. 

Related:   Anti-Ransomware Day - Probe, Protect, and Prevent

Even once the correct recipient is authenticated securely and obtains legitimate access to the file, there’s nothing to stop them doing something suspect with it, like making a pirate copy and leaking information out. MFT services may deliver files safely and securely, but what happens after this is anyone’s guess. With these current methods, Zero Trust isn’t strong enough to prevent data leaks and file tampering.

The Evolution of DRM

To truly achieve Zero Trust across all business-critical information, the information must be defended at the source, with access controls on the data itself. Digital Rights Management (DRM) is the technology that emerged to meet this rising demand, and when paired with secure file transfers, offers more complete data security.

DRM works by making the data impossible for unwanted parties to use, rather than catch. It allows the sender to control every file, email, and piece of intellectual property they dispatch. Permissions can be set for who can open it, limited to a specific email or IP address, with complete control over who can print, copy, save, edit, or even screenshot your file. You can apply and revoke these rights at any time.

DRM offers clear compliance advantages, particularly in industries using the most sensitive and valuable data, such as financial services and healthcare organisations. For instance, The Data Protection Act prohibits the sharing of personal health information outside of its regulations for the patient’s medical care. Adding specific permissions to designated files prior to sending will ensure only the authorised recipient can receive it, preventing any unauthorised third party from accessing the data.

Privileges and permissions are assigned on a case-by-case basis and organisations retain full control even after the data has been sent, received and accessed. That way, if something goes wrong, it can be revoked at any time. It’s the highest level of data control that makes DRM a key component of a Zero Trust architecture.

DRM and MFT – the Dynamic Duo for Zero Trust

When MFT is layered with DRM controls, the pairing delivers a powerful, secure file transfer and data management experience. By protecting, controlling, and tracking sensitive documents at rest, in transit and in use through the entire document lifecycle, this approach ensures the file transfer and the data itself have the strongest defences against increasingly intelligent cyber attacks.

Product Leader at 

Leave a Reply

Your email address will not be published. Required fields are marked *