A standard is a measure of quality in a particular field. Encryption used to be the standard for document security and sharing. But, it cannot really be seen as the standard anymore since there are too many loopholes that people can exploit. The only reason why people stuck with it for so long for secure file sharing is that there was no better choice. This is no longer the case.
The Problem with Encryption
Perhaps the biggest problem with encryption technology is its reliance on people. An encrypted file is given to an authorized party who subsequently must receive the decryption key in order to open it. The general assumption is that the authorized user will not forward the decrypted document or the document and decryption key to an unauthorized user.
But, people make mistakes. Also, some people will consciously go against instructions and forward the document and its decryption key (or just the decrypted document) to others. As a result, confidential documents end up in the wrong hands. In fact, the bulk of data breaches are caused by authorized parties.
Clearly, a system is needed to counteract this significant loophole. Enter Digital Rights Management (DRM).
Why DRM is the New Standard for document protection
DRM provides a solution to the biggest problem with encryption. It adds another layer to an encrypted file so that users cannot decrypt a document and do what they like with it.
A decent DRM system does not expose the decryption key to a user. So, a user will no longer receive a key with which to open a document. Instead, the key is transparently relayed to an authorized device and locked to that device. This means that no user can either accidentally or consciously share the decryption key because if it is copied to another device it will no longer work.
So unlike passwords (most commonly used for file encryption products) which can be shared, a DRM system relies on public key technology which ensures keys are securely transferred to devices and programmatically applied rather than requiring users to enter them. Of course, some encryption software like PGP, Locklizard use public key technology. However, the key is known to the user so they can give their private key to others if they wish. So the secret is ensuring the keys required to open protected documents are not exposed to users, to begin with.
Of course, for a user to view a protected document, it must first be decrypted. Normal encryption systems will create a second file on disk that is an unprotected copy. A document DRM system will, however, decrypt the document to memory so that an unprotected copy is never made available. This ensures that there is no unprotected file available that could be shared with others.
A document DRM system goes much further than controlling the use of keys and ensuring they are only used by authorized devices. It ensures that users cannot do with a document as they please. So, copying, pasting, saving as, selecting all, printing, and taking screenshots can all be restricted. Of course, this is entirely at the discretion of the file creator and so the user may be left a few of these rights. Also, it enables document creators to be able to enforce expiry of a document after a set period of time, views or prints and control the locations from where protected documents can be used.
Control over files that the creator has already distributed is another critical factor. Even if you share access with authorized viewers, you should be able to retain control. For example, if you need to revoke access when an employee leaves the company, you can do so with DRM.
Another bonus of DRM is its monitoring facilities. So, with an inside look into the use of your documents, you will gain an insight into how your documents are being used, by whom, where and when. This ability to check document activity may prove quite invaluable in the long run to ensure potential data leaks are quickly addressed.
Even though encryption does not offer all the security benefits of DRM, it is beneficial in the storage and transfer phases. So, we should not discount it altogether as it is used as the first level of protection. It is worth noting that encryption is for the protection of files, while DRM is used for controlling use of the files.
DRM outclasses encryption in more ways than one. It builds on encryption to ensure document owners have full control over documents regardless of where they reside. So, it is safe to say that DRM is the new standard for document sharing and storing.
Also published on Medium.