Seclore is one of the pioneers in the EDRM (Enterprise Digital Rights Management) space. The company has recently launched their new product version, Seclore 3.0. Intelligent CIO caught up with Rohit Oberoi, Director Channel Sales – India, Middle East and Africa, to discuss the product launch and how Seclore is helping companies to secure collaboration and remotely control and protect their ever-growing data.
Q: What adaptations have been made to Seclore 3.0?
A: The main change in Seclore 3.0 is that it is a Web-based agentless solution. For anybody who consumes information which is protected by Seclore, there is no need to have an agent installed. Whatever rights they’ve been assigned, they can perform those functions and actions without an agent being installed in the Web browser. The removal of the agent will enable organisations to protect information that needs to travel to third parties (vendors, prospects, advisors, suppliers) without added friction for the recipient.
Q: How is Seclore enabling organisations to protect and audit their data?
A: What Seclore does is protect data outside a customer’s controlled environment. Almost 90-95% of organisations’ data rests outside the data centre in the form of spreadsheets, Word documents, technical drawings and other file formats. Seclore enables organisations to remotely control their data, even if it goes outside their controlled environment. Our solution persistently protects any type of file format (Word, Excel, PDF, AutoCAD, image) no matter how or where it travels and is stored.
There are four key usage controls, what we call the four W’s: Who can access it, What can they do with the file, Where can they do it (by IP address/device) and When. By controlling the usage of files, even when they are shared with partners, we enable organisations to ensure their sensitive files remain safe even in the hands of third parties. The other unique aspect of the Seclore solution: the organisation can revoke access to files even after they are distributed. That means if an employee leaves or a partnership ends, you can remove access to information they may be ‘taking’ with them on a personal device.
When an employee creates a document, they can assign different rights to different people on the same document. Somebody will have view and print rights, somebody else may have view-only rights and only on a set IP address, somebody else will be able to screen share, print, edit and view the document from any location but only for seven days. If somebody has viewing rights and they try to copy something, the Seclore solution will alert the creator that the recipient is trying to do something which they are not authorised to do; all of these authorised and unauthorised usage activities are also tracked to greatly simplify audit and compliance reporting.
Q: What are the main security risks surrounding data shared via email?
A: Well, first of all, once a file has been sent and opened by the recipient, the organisation has lost control. So the primary security risk is that email makes it easy for data to intentionally or unintentionally get into the hands of the wrong person. This could include confidential information such as product strategies and pricing, competitive info, technical drawings and customer data files. I’d say close to 70 to 80% of organisations go through a data breach, whether reported or unreported. Most of the data breaches/leaks happen from a known or trusted source, when a person who’s supposed to have that information gives it to someone who should not have access to it.
That obviously does happen with different media such as a USB drive and other growing ‘sharing methods’ such as file sharing, but the risk of something ending up with the wrong person is definitely the main concern with emails since email is still the most widely used sharing and collaboration method.
Q: Is confidential corporate data ending up with competitors a prominent risk for companies?
A: Yes, it is. Especially when it comes to intellectual property (technical drawings), pricing and product strategy documents. We are seeing the risk of IP and customer data being leaked or inappropriately shared across all verticals.
Q: Are there any other verticals that Seclore identifies as particularly vulnerable?
A: Banking is the key vertical actually. Just to give you an example, none of the banks print their own chequebooks or emboss their own cards. It’s all outsourced to a third party agency. When the customer information flows to the third-party agency, it needs to be protected. That’s why our solution fits in pretty well because we protect the information with timeline limitation. A restriction can be set on the file, such as “You cannot access this information after 12 o’clock tomorrow”. If the printing is not completed by that time, the data is gone.
Manufacturing is also another particular industry where there are designs which you don’t want the competition to get hold of. These are the two primary verticals that we focus on.
Q: What industry developments do you foresee in the next two years?
A: Data is one of the fastest growing things in the world today. The growth in data that’s being created will see an increase in these activities across nations.
Most of it is going to be very confidential data which needs to be protected first of all, and then the use of it easily audited. Data security and the ability to engage in collaboration across and outside of the company boundaries without risking a breach is definitely the biggest concern for all CIO’s and CISO’s today.