Data leakage prevention has been the new thing of the IT security community. ‘Studies’ have shown that enormous data theft, and in particular trade secret theft has been taking place, particularly affecting USA businesses.
Industrial theft has been going on as long as industry. It seems to be with us forever. What changes is how the theft takes place, and who does the taking.
Not so long ago data leakage took place when ‘employees’ or ‘cleaners’ made copies of paper documents and took them away. Now life is so much more sophisticated when a whole library can be stored on a device that fits in the palm of your hand.
The problem, as many industries have found, is that digital information is quite difficult to protect, and it is now the primary source of data theft and trade secret theft. That is because, with luck, you don’t have to go anywhere near the premises so catching you at all is nigh on impossible.
So the problem, as the US government found with the Wikileaks fiasco, is stopping the easy forwarding of confidential information to anyone and everyone, with or without redaction. The US gov would argue either that it was trade secret theft or espionage. And the point is that it was so easy for even the most confidential of information to leak.
But DRM controls are different. They create data leakage prevention by preventing anyone from forwarding uncontrolled information, even where the user has valid access themselves. They prevent easy methods of data theft by preventing printing and screen grabbing. They can prevent trade secret theft by associating the identity of the authorized person with the leak in ways that can be either difficult or impossible to prevent. They can stop data theft by preventing continuing use by people who were authorized and may have ‘lost’ the information.
These are all significantly better ways to achieve data leakage prevention or data theft than typical security controls.
Part of the reason why DRM is able to be more effective is it does not allow, as Multilevel Security (MLS) does, the authorized user to decide who has the ‘right to know’ what the documents contain. It enforces the controls of the system administrators and does not devolve authority. This may be seen as inconvenient by some technical specialists, but that might be a small price to pay rather than face the results of data theft on a massive scale.
So if you want effective data leakage prevention, need to stop or make much more difficult data theft and trade secret theft, then you need to be looking at a DRM based system to control access to and use of your documents.