Information Rights Challenges

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> We talked about the importance
00:00
of information rights management,
00:00
some of the functional requirements
00:00
for implementing it effectively,
00:00
but let's talk about some of
00:00
the challenges for implementing
00:00
information rights management in cloud environments.
00:00
In this lesson we're going to talk
00:00
about the common challenges
00:00
for implementing information rights management,
00:00
and talk about the cloud specific issues that crop up
00:00
around implementing and
00:00
monitoring information rights management.
00:00
The first major issue is replication.
00:00
Remember, part of
00:00
the point of information rights management,
00:00
whether you are the one who has purchased
00:00
something that's protected or
00:00
you have some type of intellectual property that you're
00:00
protecting is that you don't want it duplicated.
00:00
You don't want someone to just
00:00
make unauthorized copies of this.
00:00
But in the cloud, we're duplicating and
00:00
building environments and scaling things all the time,
00:00
that's part of the benefit of cloud environments.
00:00
When you're utilizing some piece of
00:00
media or software that's protected
00:00
using information rights management,
00:00
this can be a problem.
00:00
Replicating in an environment that has
00:00
access or a copy of the software on
00:00
it will cause it to not
00:00
work or disrupt the replication process.
00:00
From an architectural perspective,
00:00
you really have to do some thinking of how are we going
00:00
to maybe host this software,
00:00
grant it shared access to
00:00
various instances to prevent
00:00
this replication problem from happening.
00:00
Another one is that APIs
00:00
decrease the effectiveness of
00:00
information rights management,
00:00
the performance of it, I should say.
00:00
Remember, if we're using software as
00:00
a service or platform as a service,
00:00
either our customers they may utilizing APIs to
00:00
access software as a service
00:00
>> or how we are deploying it,
00:00
>> the software as a service that we're
00:00
providing to our customers.
00:00
Then also in platform as a service,
00:00
you're going to have to use those APIs to gather and
00:00
utilize resources that are
00:00
maintained by the cloud services provider.
00:00
Information rights management,
00:00
they're accessing it through the API may affect how
00:00
the IRM tool performs
00:00
and may cause issues when trying to
00:00
access something that's protected through an API.
00:00
The third one are agent conflicts.
00:00
Remember we talked about
00:00
how IRM can be enforced through the use of agents.
00:00
Now, some organizations may use
00:00
agent to monitor other things
00:00
>> within their environments,
00:00
>> and if there are all these agents
00:00
on an instance or a server,
00:00
it can impact how that server performs.
00:00
You've got to really want to be wary about
00:00
how many agents are running on something that's in
00:00
the cloud and these virtualized environments
00:00
and how that's going to affect performance,
00:00
as well as whether the IRM solution
00:00
>> will cause conflicts.
00:00
>> Another one is jurisdiction and all conflicts.
00:00
This is really, we've talked
00:00
about this before that, remember the cloud,
00:00
one of the benefits is that some of
00:00
these providers have data centers that are all over
00:00
the globe and that can help with things such as
00:00
redundancy or storage and
00:00
protect your data through dispersion.
00:00
However, when it comes to
00:00
>> information rights management,
00:00
>> this can cause a problem because
00:00
the purpose of it is to protect intellectual property.
00:00
But what if one of the jurisdictions were,
00:00
this material is being propagated or sent,
00:00
doesn't have the same laws around protecting this,
00:00
or maybe it has different laws.,
00:00
that can cause some problems for
00:00
implementing information rights management.
00:00
The diffuse nature of cloud infrastructure,
00:00
it poses a challenge for the enforcement of
00:00
information rights management in cloud environments.
00:00
Then finally, we have information rights management,
00:00
but then we have our own concerns
00:00
around identity and access management,
00:00
which is making sure only the
00:00
>> correct people have access
00:00
>> to information in
00:00
our cloud environments or applications,
00:00
and this may cause
00:00
conflict with the information rights management,
00:00
which also has its own rules related
00:00
to who can access and how the information can be used,
00:00
and these two can often conflict.
00:00
Quiz question. Which aspect of the cloud is impacted
00:00
by information rights management
00:00
replication restrictions?
00:00
Scalability, availability, or confidentiality?
00:00
If you said scalability,
00:00
you are correct because one of the great aspects of
00:00
the cloud is that it is very scalable.
00:00
We can spin up new environments or
00:00
get rid of environments that we no longer need to use.
00:00
However, we talked about
00:00
one of the main facets of information rights management
00:00
is to prevent unauthorized duplication
00:00
of that intellectual property.
00:00
If things are architected properly,
00:00
it can prevent you from
00:00
scaling and creating new environments because it'll
00:00
be in conflict with
00:00
the information rights management
00:00
protections on that media.
00:00
Availability is not affected because
00:00
you still have that direct connection to the cloud,
00:00
so that should not be a problem.
00:00
Then confidentiality, IRM enforces that to
00:00
a certain extent depending on how it's set up
00:00
so that [inaudible] isn't impacted,
00:00
and we're also talking about replication here.
00:00
In summary, we talked about the challenges with
00:00
information rights management and enforcing it,
00:00
and then we talked about the cloud specific issues that
00:00
can crop up around the use of
00:00
information rights management or the consumption of
00:00
media or software that
00:00
has information rights management protections on it.
00:00
See you in the next lesson.
Up Next