Gaps in Digital Rights Management Pose Serious Security and Compliance Risks
Organizations across the private and public sectors are facing significant security and compliance risks due to serious gaps in digital rights management (DRM), according to a new report titled Sensitive Content Communications Privacy and Compliance by Kiteworks. The study reveals that many organizations lack unified tracking, control, and security measures for private data sent, shared, and transferred with third parties, leaving them vulnerable to unauthorized access.
One of the contributing factors to these vulnerabilities is the excessive reliance on multiple systems and tools for tracking, controlling, and securing third-party content communication. The report finds that 85 percent of survey respondents admit to using four or more systems, highlighting the need for improvement in measuring and managing security and compliance risks related to sensitive content access.
To address this issue, the report suggests a comprehensive review of existing DRM approaches. Approximately 42 percent of respondents believe that either a completely new approach or significant improvements are necessary for managing the risk associated with third-party sensitive content communication. Failing to bridge this gap in DRM exposes organizations to substantial risks, as nearly 85 percent of respondents reported experiencing four or more sensitive content communication exploits within the past year.
Moreover, over 55 percent of respondents rank the ability to employ compliance and security policies at the level of users, roles, and content classes as their top or second priority in DRM, rather than relying on individual users to manually classify each asset. This approach ensures a more comprehensive governance of digital rights management.
The healthcare sector, in particular, faces unique challenges, with approximately 70 percent of organizations employing six or more sensitive content communication systems. Healthcare organizations handle large volumes of personally identifiable information (PII) and highly sensitive protected health information (PHI), making them prime targets for cybercriminals.
Frank Balonis, Chief Information Security Officer (CISO) and Senior Vice President of Operations at Kiteworks, emphasizes the need for DRM that applies content-defined zero trust across all departments and all sensitive data accessed, sent, shared, and transferred with third parties. Balonis stresses the importance of unified tracking and control measures at the individual user level to enhance overall security. The report also highlights the increasing adoption of cybersecurity frameworks like the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) to manage security and compliance risks.
Kiteworks has aligned its Private Content Network with the NIST CSF, recognizing the significance of comprehensive DRM governance.
For a more detailed analysis and industry-specific findings, the full report is available on the Kiteworks website.
In conclusion, organizations must address the gaps in DRM to mitigate serious security and compliance risks tied to sensitive content communication. Implementing unified tracking, control, and security measures at the user level is crucial for safeguarding private data when shared with third parties. By adopting a content-defined zero trust approach and aligning with recognized cybersecurity frameworks, organizations can better protect themselves from unauthorized access and ensure compliance in an increasingly complex digital landscape.