Gaps in digital rights management pose serious risk

Serious gaps in digital rights management could expose private and public sector organizations to security and compliance risks.

A new 'Sensitive Content Communications Privacy and Compliance' report from Kiteworks finds many organizations lack unified tracking, control, and security of private data that is sent, shared, and transferred with third parties, which creates significant risk of unauthorized access, both malicious and accidental.

Part of the problem is the number of systems and tools organizations use for tracking, controlling and securing third-party content communication. 85 percent of survey respondents say their organizations rely on four or more. Nearly three-quarters admit improvement is needed in how they measure and manage security and compliance risk as it relates to sensitive content access.

The report suggests a review of digital rights management is need, with 42 percent of respondents saying either they need a completely new approach or significant improvement for third-party sensitive content communication risk management. This digital rights management gap, as a result, creates substantial risk, with nearly 85 percent of respondents experiencing four or more sensitive content communication exploits in the past year. More than 55 percent rank the ability to employ compliance and security policies to the level of users, roles, and content classes rather than individual users classifying each asset manually as their first or second top digital rights management priority.

The healthcare sector has particular issues, with nearly 70 percent of organizations having six or more sensitive content communication systems in place. Healthcare organizations send, share, and store large volumes of personally identifiable information (PII) and highly sensitive protected health information (PHI) which makes them an attractive target for cybercriminals.

"This year's report accentuates the need for digital rights management that applies content-defined zero trust across all departments and all sensitive data that is accessed, sent, shared, and transferred to third parties," says Frank Balonis, CISO and senior vice president of operations at Kiteworks. "This cannot be done piecemeal but rather requires unified tracking and control to the level of individual users. The report also highlights how organizations are using cybersecurity frameworks such as NIST CSF to manage their security and compliance risk. This corroborates the direction Kiteworks has taken to align our Private Content Network with NIST CSF, which creates more comprehensive digital rights management governance."

The full report is available from the Kiteworks site along with breakdowns of the findings for different industry sectors.

Photo Credit: Olivier Le Moal / Shutterstock