How to Manage Rights – at the Source

New Update

By: Vishal Gupta, Founder and CEO, Seclore


According to Gartner, around 80% of an organization’s information assets exist in the form of files and emails. A large amount of this ‘file-based’ data today is extracted from enterprise applications. These may include ERP systems, DMS or ECM systems, CRM systems, and transactional applications. Both internal employees and external users (such as contractors, vendors, and partners) may possess access to these systems. This data could be highly sensitive: customer information, financial reports, sales data, health files, crime reports, technical specifications, drawings and designs, SOPs and more. Once this critical information is out of the application boundary and subsequently the corporate boundary, it becomes insecure and uncontrolled – and remains so forever.

EDRM (Enterprise Digital Rights Management) technology offers a way to extend the security and control offered by your enterprise applications – to wherever the actual your information travels – even outside the application.

For example, when a report is extracted from SAP or a CRM system, it gets automatically protected with the relevant EDRM policies just before being downloaded. This extends SAP access controls to the actual file or report which is extracted from it. Your data governance and security thus become truly comprehensive. Whoever receives and accessed the file is now subject to these policies. In other words, you can make anyone in the world comply with your security policies whenever they want to access your data.


EDRM is capable of existing as an infrastructural element – not just a security solution - but a full-fledged infrastructural layer. This Rights Management layer can be plugged into existing enterprise IT solutions – IAM, Federated Identity Management, ERP, DMS, DLP, Email and Messaging system, and many more - to augment their respective functionalities.

What EDRM Integration can Achieve

1. Functionality Enhancement

Integration with EDRM causes a system’s functionality to be significantly enhanced with Rights Management capabilities. For example, documents stored in a SharePoint library or an IBM FileNet folder can be considered to be reasonably secure – with appropriate access control policies in effect. However, when the documents are downloaded to their desktops or laptops by authorized users, they become highly insecure. Access to the application is restricted, but access to the files downloaded from the application is not. The security offered by an application does not travel with the information once it is downloaded or extracted from it.


By integrating Rights Management with a transactional system or an ECM system, files extracted or downloaded get instantly protected with a predefined set of usage rights. This ensures that only authorized users are able to access a document – regardless of whether the document is inside or outside IBM FileNet.

By integrating EDRM with DLP systems, DLP security gets extended to areas beyond its control – such as vendor or partner networks

2. Complete Automation

The act of applying EDRM protection on a document is completely automatic and transparent to the user. For example, a document will get automatically protected when it is discovered by a DLP system. No user intervention is needed to apply the relevant Rights Management policies on the file. This virtually eliminates IT overhead and change management efforts.


3. No Effect on Existing Functionality

Any robust technology integration should be able to ensure that existing functionality of the integrating products is not affected. With EDRM integration, documents inside a Microsoft SharePoint library should be subject to all SharePoint features available to the user, such as content search or indexing. This consistency further eases the transition to a new security infrastructure and ensures that existing workflows remain unaffected.

EDRM works silently in the background and merges seamlessly into the application – remaining invisible to the end user.

The Need for Integration

EDRM technology is the only technology today that can achieve complete end-to-end, data-centric security – with complete indifference to where the data is being stored. This enables today’s global, flat, and hyper-connected enterprise to embrace offshoring, outsourcing, employee, cloud computing, BYOD, mobility and other productivity enhancing tools with maximum peace of mind. Enterprises can then focus on business objectives and employee productivity - while still being assured that their information is safe and secure wherever it goes.

sap byod gartner edrm dlp-security rights-management