Practical InfoSec Part 2 Experience with Seclore IRM Information Rights Management tool

Seclore IRM 

Seclore is a rights management solution used for protection critical company confidential and customer PII data. Below I have given a brief description of usage of Seclore in our organisation

We are using Seclore IRM in our organisation with the objective of restricting access to PII data only to authorized users and providing those users minimum rights as required over the files that are shared. Primary focus area here is data that is shared with  vendors. Following Seclore solutions are being implemented for data sharing with our vendors -

·         Seclore Hotfolder - We have made one folder over our FTP which is implemented as Seclore Hotfolder. Any file that is put in this Hot-folder gets auto Seclore protected that is shared further with our vendors.

·         Manual protection of files -  Files can also be Seclore protected manually. We have approx. 50 licenced users who can manually assign Seclore protection over files and share further with other users or vendors.

·         Seclore App Connect - This solution is used for Secure printing of files. It is currently implemented for one of our vendors who does printing jobs for Max life.

·         Seclore API - Seclore API can be integrated with applications to make processing of data over the applications secure. This option can be used for vendors who use their own vendor applcations for processing of Max Life data. 

Challenges - Many vendors finding it difficult to use Seclore protected files. Such vendors are being provided full rights over files shared with them. Thus eventually we don’t have any control of data that is shared with those vendors. Also, we have not yet implemented any Seclore API integration for any of the vendor applications.  

Current Status and way forward - The full potential usage of Seclore is yet to be achieved and is currently WIP. We are gradually moving vendors which are using Seclore to manually protect files to allowing them to use Seclore as hot-folder option to automate file protection. Also, as applicable, vendors are to be  gradually moved towards implementing Seclore API solution for data sharing for respective vendor applications.

Comments

Post a Comment

Popular posts from this blog

API Security - A risk based approach for CISOs

       APIs or Application Programming Interfaces are the building blocks of modern applications. As the usage of APIs  and API traffic increases it is likely to be the major attack vector for hackers. APIs are utilised for a variety of purposes such as - share data with partners, customers, and other third parties. As per Akamai, 83 % of internet traffic is driven by APis. While APIs are a powerful enabler of digital transformation, they also present new security challenges. In fact, Gartner predicts that in 2023, API abuses will be the most frequent attack vector. To substantiate that prediction, OWASP has come out with a separate OWASP Top 10 for APIs in 2019. Also multiple organisations such as Coinbase and IRCTC have been affected by API security vulnerabilities in their applications.  To tackle this emerging attack vector, CISOs should understand the key risks associated with APIs. These include: Data Breaches or Data Leakages -  Risk of data le...
Read more

2024 Year Review and thoughts

  My review of 2024.  The year was a mixed bag with a overall positive outlook and a few hiccups. My ratings on key parameters  Health - Average  Family - Good  Professional - Good  Career - Good  Finances - Average  Health -  My health has been a mixed bag with several notable improvements and some setbacks. Exercise - I was able to regularly attend Gym and do strength training.  Due to improved leg strength I was able to run a 10 k run in Dec in a time of 67 mins . I was 40th out of 120 runners in the Veteran category which I am satisfied with keeping in mind the several issues I had been having at the start of the year.  Gut Health : My stomach and gut issues continued which led me to a take a nutritionist led meal plan. This has helped but I still continue to have gas and loose motions intermittently  and outside food does not suit me at all. The worry is that my weight has reduced from 68 Kg to 63 Kg in las...
Read more

Key Steps for Building an Effective Data Protection Program: From Analysing Business Needs to Ongoing Protection

Key Steps for Building an Effective Data Protection Program: From Analysing Business Needs to Ongoing Protection In today's world, data is often referred to as the new oil, given its immense value to organisations. Companies have access to vast amounts of data, from customer information to intellectual property and strategic plans.  Over the last decade cyber criminals have targeted organisations repeatedly related to multiple breaches. Some organisations like Uber have faced multiple breaches and even government organisations are not spared as we observed in the Snowden case where confidential data of US  govt was leaked online. Protecting this data has become essential, and having an effective data protection program is crucial to achieving this requirement.  In my role as a CISO for the last five years I have found data protection as the most complex initiative yet most closely related to business enablement. This can be related to protecting customer data to prevent c...
Read more