eDRM for Email

Enterprise Digital Rights Management (eDRM) is the next generation of encryption technology

Traditional encryption allows content to be securely delivered but after that, there is no control. eDRM technology enables full control of information even when it has left the organization.

Business Problem

As a business. there is a need to collaborate with third-party organizations such as customers, suppliers, partners, and regulators. While data can be sent securely using one of many traditional encryption methods, such as TLS, S/MIME and web portals, at the point the data is received, the control ends.

In order to prevent further unauthorized file sharing, there is a need to:

  • Monitor when the file was opened and by who, or know if it wasn’t opened
  • Stop the receiving person printing, or cutting and pasting the content
  • Prevent the receiving person from opening the file in the future (retract the information) Clearswift, in conjunction with Seclore, delivers a complete eDRM solution that addresses these requirements, with full end-to-end security even after the message has been delivered

The Solution

Clearswift has partnered with Seclore to create a solution that addresses the challenge faced by organizations who require more control over their information in a collaborative environment. The benefit of using Clearswift’s Secure Email Gateway (SEG) appliance in conjunction with Seclore’s Email Gateway is that the process of securing information can be automated and delivered in a user-friendly way.

How It Works

The Clearswift on-premise appliance decides which emails need to be sent securely using eDRM. The decision is based on the content and the context, the sender and recipient(s). Then the Seclore product applies the appropriate eDRM policy. Access to the email and any attachment continues to be controlled, even after it has been delivered.

The combined solution offers organizations three types of combined data loss prevention (DLP) and digital rights management options:

  1. Client-initiated. The user decides that the email communication needs to be secured and adds a token into the subject of the email – e.g., [Secure]. Once the email is sent, the Clearswift appliance detects the token “[Secure]” within the email subject line, and routes the communication through the Seclore product to apply the appropriate eDRM policy.
  2. Content-initiated. Using Clearswift’s Deep Content Inspection (DCI) technology and granular security policies, the Clearswift appliance can identify the context of the email and decide whether it needs to be secured. Policies can be created to detect content in text formats, such as PDF and Microsoft 365 or within images (using Optical Character Recognition), and can include the following:
    1. PCI – credit card information
    2. PII – personal information
    3. Intellectual Property
    4. Sensitive information
  3. Route-initiated. This is when all mail from senders or recipients is automatically secured using eDRM – irrespective of content.


Deployment of the solution can be on-premise or hosted in the cloud depending on requirements. The on-premise SEG can also be used in conjunction with Microsoft 365 to augment the security it provides.


The configuration of security policies is carried out to enable the appropriate level of secure collaboration. For example, authenticated users may have access to read content, but not to edit it. The source material is also watermarked so that even screen capture from a mobile phone will expose who is leaking data. 


New recipients of information, which has been protected by eDRM, are automatically enrolled into the system. Once registered, they can access the information in a seamless manner from any device. Then all actions are logged in a central audit database to enable tracking and forensic analysis should the need arise.


The combined Clearswift and Seclore solution:

  • Provides granular usage controls (read, update, print, and time-based access)
  • Removes the burden from employees to know when and how to secure data used in collaboration
  • Provides visibility and control of information accessed by recipients
  • Is easy to deploy and seamless to use
  • Works in conjunction with conventional encryption options and Clearswift’s Adaptive DLP functionality


Professional Services

A range of consulting options are available to help with the deployment and configuration of this solution:

  • Architecture design
  • Policy design
  • Solution implementation


Enterprise Digital Rights Management is an optional, priced module for the following solution:


Clearswift provides 24/7 global support as standard, with additional options for premium support.

Discover how we can work for you

Find out how Clearswift can work for your organization with a demo from one of our experts.