Categories
Blog File Server Security Inside Story Insider threats NEWS

4 Reasons Why Google IRM is not Enough for Corporate File Sharing

Google has implemented a new security feature in order to allow file owners to control whether or not the users for shared files can copy, print, or export them on Google Drive. I wanted to explore the usability of Google’s IRM feature within a corporate environment to see if it could help to prevent data leaks caused by insider threats from employees, as well as data leakage threats from partners, and third-parties. If the feature is sound, it could be a convenient method of safely sharing data since Google is linked up with many useful applications.

Unfortunately, upon further investigation and usage of Google’s IRM, I found that it was a good feature in some aspects but not quite good enough to be suitable for corporate use.

Here are my four reasons why I believe it is not well suited for corporate file sharing.

Rights Management Concerns
There were two key issues with management of the Google IRM feature. The first is that the IRM features are set file by file making it a big headache for any security administrator. Imagine managing just 20 users and each of them made just 1 file per day. This is around 600 files per month that they would have to try and manage. Now imagine that on an enterprise scale. That would be thousands of file daily.

IRM is also set by the file owner instead of the security administrator. It basically leaves each employee in charge of the security of each individual file leaving you highly vulnerable to employee-related data leaks.

Collaborative Editing or IRM
Personally, I find that the collaborative editing is one of Google Apps’ best features so you can imagine my disappointment when I found that the IRM doesn’t extend to editors.

Google’s IRM is only applicable for users with read or commenter access rights (Previous Post: Top 3 Things to Know about Google’s Information Rights Management (IRM)) meaning I ultimately have to choose to have IRM security without the ability to edit or have the convenience of collaborative editing without IRM security. Why can’t I have both?

Google Apps Only
The Google IRM is mostly centered on protecting Google App files and for all other files in Google Drive, the functionalities are limited. For non-Google App files, the IRM only removes the options for copying, exporting, and printing but content can still be copied using clipboard copying. So, Google IRM is not a viable option for confidential data. Also, since many of my organization’s files are from Microsoft Office as well as other standard applications such as those from Adobe Creative Suite, a large majority of my files will not fall under the full protection of Google’s IRM.

Lack of Compatible Protected Applications

As previously mentioned, Google IRM is focused mainly on Google App files, so it leaves the large majority of my other files to fend for themselves. The only files that I could protect are Microsoft Office files but they would have to be converted into Google App files in order for me to get the full protection.

I personally share a lot of Adobe Illustrator, Photoshop, and Premiere files for marketing content on the website. These files do not have a Google-App counterpart and cannot be used within Google’s browser-based platform. So essentially, the feature provides very little usability and security for myself and my team.

For other organizations, I can see this being an even larger barrier. For example, R&D for a manufacturing company could need protection for their AUTOCAD files, website developers could need protection for their HTML files, or a gaming software design company would need protection for their source codes.

Google IRM’s Role and an Alternative Solution
Google IRM could be a good start to trying to protect you from data leaks caused by your own employees and colleagues. As it is now, it doesn’t seem good enough to be used in a dynamic enterprise-level environment. But if you want to create a more secure environment that is convenient and better suited for the enterprise, we have a solution that would be able to allow for secure file sharing within file servers and the cloud by using advanced rights management technology. [Next Post: 3 Ways SECUDRIVE is a Better Alternative to Google IRM in an Enterprise Environment]

Categories
Blog File Server Security Inside Story Insider threats NEWS

Top 3 Things to Know about Google’s Information Rights Management (IRM)

Google Apps for Work released a security feature last July which enables the owner of a document to disable the download, print, and copy functions for Google App files using Information Rights Management (IRM).

I was excited to see that Google was looking more into rights management solutions as it is not a common feature in most cloud service solutions. As I mentioned in one of my previous posts (Link: 5 Security Concerns when using Google at Work), I use Google Apps for work regularly so I was eager to test out the IRM functionality and implement it within my own work environment as it looked like it could solve some of my security concerns.

Blocking Copying Functions for Google Apps
Upon testing the feature, I found that I was able to block copy & paste, clipboard copy, export, downloading, and printing functions for Google App files, specifically for viewers and commenters. This feature is most useful in situations where I want to receive feedback on a Google Document but I do not want the shared users to copy or save the data to their own machines. [Link: http://googleappsupdates.blogspot.com/2015/07/disable-downloading-printing-and.html]

Though I should mention that you cannot control each of these blocks individually, it wasn’t too big of a problem since when I want to block copying, I typically want to block printing and exporting as well.

IRM in Google Drive
The IRM feature also expands to non-Google Apps files stored in Google Drive and disables the menu items for export, copying, and printing. But I noticed that the features aren’t as in-depth for Google Drive files in comparison to Google App-files since content can still be copied using the copying keyboard shortcuts.

I have some concerns with the fact that files can be opened and then screen captured for Google Apps and Non-Apps files alike. The protection for Google Drive files only applies when the files are viewed within the browser as well.

Feature Does Not Cover Editors
The IRM only applies to users that have a viewer or commenter access. So the feature cannot prevent editors from copying information. I had hoped that the IRM function would have covered all user types because there are instances where I do not want editors to be able to copy the information to their own systems but I still want the collaborative functionalities that make Google Apps so great. If Google expands the protection to editors as well, it could help to greatly improve the usability of the IRM feature. [Next post: 4 Reasons Why Google IRM is not Enough for Corporate File Sharing]

Overall, it is nice to see Google being proactive in regards to security by providing more options for users to protect their shared data. Though it’s a positive step in the right direction, the IRM feature does have room for improvement.