eDRM for Email

Business Problem

As a business there is a need to collaborate with third party organizations such as customers, suppliers, partners and regulators. While data can be sent securely using one of many traditional encryption methods such as TLS, S/MIME and Web Portals, at the point the data is received, the control ends.

In order to prevent further unauthorized file sharing there is a need to:

• Monitor when the file was opened and by who, or know if it wasn’t opened
• Stop the receiving person printing, or cutting and pasting the content
• Prevent the receiving person from opening the file in the future (retract the information) Clearswift in conjunction with Seclore delivers a complete eDRM solution that addresses these requirements, with full end-to-end security even after the message has been delivered.

The solution

Clearswift has partnered with Seclore to create a solution that addresses the challenge faced by organizations who require more control over their information in a collaborative environment. The benefit of using Clearswift’s Secure Email Gateway (SEG) or ARgon for Email products in conjunction with Seclore’s Email Gateway is that the process of securing information can be automated and delivered in a user-friendly way.

How it works

The Clearswift products decide which emails need to be sent securely using eDRM. The decision is based on the content and the context, the sender and recipient(s). Then the Seclore product applies the appropriate eDRM policy. Access to the email and any attachment continues to be controlled even after it has been delivered. The combined solution offers organizations three types of combined data loss prevention (DLP) and digital rights management options:

1. Client initiated. The user decides that the email communication needs to be secured and adds a token into the subject of the email – e.g. [Secure]. Once the email is sent, the Clearswift product detects the token “[Secure]” within the email subject line and routes the communication through the Seclore product to apply the appropriate eDRM policy.
2. Content initiated. Using Clearswift’s Deep Content Inspection (DCI) technology and granular security policies, the Clearswift product can identify the context of the email and decide whether it needs to be secured. Polices can be created to detect content in text formats such as PDF and Microsoft Office or within images (using Optical Character Recognition) and can include the following:
   1. PCI – credit card information
   2. . PII – personal information
   3. Intellectual Property
   4. Sensitive information
3. Route initiated. This is when all mail from senders or recipients are automatically secured using eDRM irrespective of content.

Deployment

Deployment of the solution can be on-premise or hosted in the cloud depending on requirements. SEG can also be used in conjunction with Microsoft Office 365, to augment the security it provides.

Image

The configuration of security policies is carried out to enable the appropriate level of secure collaboration. For example, authenticated users may have access to read content, but not to edit it. The source material is also watermarked so that even screen capture from a mobile phone will expose who is leaking data. 

Image

New recipients of information which has been protected by eDRM are automatically enrolled into the system. Once registered they can access the information in a seamless manner from any device. 

All actions are logged in a central audit database to enable tracking and forensic analysis should the need arise.

Benefits

The combined Clearswift and Seclore solution:

• Provides granular usage controls (read, update, print and timebased access)
• Removes the burden from employees to know when and how to secure data used in collaboration
• Provides visibility and control of information accessed by recipients
• Is easy to deploy and seamless to use
• Works in conjunction with conventional encryption options and Clearswift’s Adaptive DLP functionality