As organisations struggle to come to terms with a hybrid workplace where people are working on a spectrum from full-time in the office to full-time at home, there is one area that should be top of mind for them – information security.
Most organisations do not have the knowledge in investigating and implementing information security solutions that cover such a diverse environment, including devices and networks over which they seemingly have little to no control. However, there are two main areas where MSPs can help – data leak prevention (DLP) and digital rights management (DRM).
Data leak prevention (DPL) starts with content management
With DLP, the idea is to create perimeters over which certain types of information cannot cross – or can only cross with certain provisos. A relatively easy way of doing this is to use document classification – something as simple as using “Public”, “Commercial in Confidence” and “Company Intellectual Property”, for example.
Anything marked as “Public” can be allowed to cross over to those working from home – any information held within such documents holds no real value to the organisation. “Commercial in Confidence” documents may need to be accessed by certain classes of employee or certain individuals. This can be allowed through the application of policy and profiles. “Company Intellectual Property” (or “Secret” for those wanting to keep it simple) may only be available to top C-level employees and be flagged if these people are trying to access such documents from home or over a public network, requesting them to use e.g., a VPN or a remote desktop environment.
Most document/content management systems allow for the use of classification and provide additional benefits in the way of solid information archival and retrieval.
Deep Packet Inspection is a differentiator for MSPs
A more complex approach is to use deep packet inspection (DPI). Here, data streams are inspected at both the metadata and content level at a perimeter and if they contain certain patterns, words, or phrases, then the information can be prevented from crossing that perimeter, with suitable alerts being raised as to possible malicious activity.
Many firewalls and security information and event management (SIEM) systems come with DPI built in. As an MSP, offering managed security services with DPI added for information management, could be a good differentiator.
Worse yet, when an employee leaves the company, the company has little idea of how much information is stored on the employee’s own devices and runs the risk of that employee taking all that information with them to a new employer. If it is a decidedly unhappy or malicious employee, they could even sell the information.
Likewise, suppliers and customers that fall out of favour may need their access to certain information curtailed so as to prevent them using this with competitors.
Digital Rights Management (DRM) provides more granular control
With digital rights management (DRM), each information asset is tagged with metadata that ties it back to a centralised control environment. This controller then has complete control over the data asset – no matter where it resides. For example, a good DRM system can prevent certain types of documents from passing over perimeters, just like DLP does. However, it then adds much more granular control.
With DLP, once the information has been allowed to move across a perimeter, then the information asset can be copied, printed, emailed or whatever by the person who now has access to it. With DRM, such actions are controllable. For example, a good DRM system will prevent certain information types from being forwarded to others or from being printed. It can even stop cut and paste from being allowed.
Controlling access to information prevents data theft
Additionally, with information assets being controlled through DLP and DRM, an individual or a group (such as a supplier or customer) can have their access to existing information assets revoked. This involves either encrypting the document on all devices so that can no longer be read, or securely deleting it from the devices, depending on what the company wants.
Further granularity allows for e.g., contractual documents to be sent to an external company which are time-limited: the document can time out and become encrypted or be deleted after that stated period of time.
This centralised control also means that employees can be forced to touch base on a regular basis. For example, if a salesperson does not log onto the company network for a period of time, all their information access can be prevented until they do log back in and explain why they haven’t been on the system for so long.
Sourcing DLP and DRM demonstrates the MSP’s value
Information is, after all, the life blood of an organization, and the value of certain information (such as merger and acquisition information, new product launches, etc) can often be of a make-or-break level to a company. The use of DLP and/or DRM as a means of adequately managing information assets such that the value of the information is maintained and secured, should be something that most organisations are interested in.
For MSPs, it means getting across the message as to why such approaches are needed, and in sourcing suitable solutions and skills to provide them to the market.
Photo: Thapana Onphalai / Shutterstock