To better mitigate the breach risks tied to the growing use of mobile devices, organizations need to consider extending enterprise digital rights management strategies to mobile platforms, says Gartner analyst John Girard.
"Enterprise digital rights management has not been popular because it's difficult to implement," Girard says in an in-depth interview with Information Security Media Group. "It involves rigorous efforts to classify information. It also can be potentially expensive because there is no open standard at this point to allow competition. And scalability and migration can be difficult because once these tools are in place, you may have a hard time moving your information into other frameworks."
Some commercial rights management products have suffered from vulnerabilities that could be easily exploited, but with a tight control on key policies and encryption algorithms in each deployment, these issues can be overcome, Girard says.
"Implementing rights management as a low-level, horizontal policy is one of the most effective ways to reduce the effect of data breaches on just about every platform," he contends.
Security professionals must demonstrate helpful uses for rights management so it's not perceived as punitive or restrictive, Girard says. "Anything in security is automatically viewed as a reduction in privileges," he says. "What we need to do is convince people that security is about improving communications and connections, rather than denying it. And this is one of those technologies that if implemented properly, can encourage communication, but take the worry out of that information being misused." (See: Overcoming Mobile Insecurity.)
In this interview (see audio player below image), Girard also discusses:
- The state of the mobile security market in 2016;
- Examples effective uses of digital rights management on mobile platforms;
- Why he expects the number of players in the mobile device management space to dramatically decline.
Girard is a vice president and distinguished analyst in Gartner's endpoint and mobile security practice. He specializes in business security and privacy solutions for wireless and mobile road warriors, extranet, remote offices and teleworkers