About DRM Configuration
You can use Skyhigh CASB’s integration with DRM vendors to classify and protect documents to prevent unauthorized access to confidential data by external users or departments within your organization.
DRM policies can ensure that:
- Only users within the organization can open company-confidential documents.
- Only users in specific groups can access relevant documents. For example, DRM policies make sure that only the marketing department can access promotion announcement docs.
- Time-sensitive content is protected. For example, you can make sure that price information sent to business partners can't be opened after a specified date.
Currently Skyhigh CASB supports integration with Ionic and Seclore DRM products.
Ionic
Enabling data protection using Skyhigh CASB and Ionic takes the following steps:
- Define Data Markings and Data Marking Values in Ionic to identify varying types of confidential data.
- Define data policies in Ionic and attach to the data marking values previously defined to restrict or allow access to users based on user, group, device, location, IP address, or time elapsed.
- Define DLP policies in Skyhigh CASB to detect sensitive or confidential data in documents by using Skyhigh CASB’s built-in Data Identifier templates, keywords, regular expressions, or structured and unstructured Data Fingerprints.
- Use the Apply DRM response action with the appropriate data marking value in the DLP policies to protect the document.
- All DRM policies (data policies defined in Ionic) attached to the data marking value specified in a DLP policy are applied to the document.
Seclore
Enabling data protection using Skyhigh CASB and Seclore takes the following steps:
- In Seclore, create an Enterprise Application.
- Define Hot Folders and assign data protection policies to them.
- In Seclore, a Hot Folder is a logical entity that binds a set of data protection policies together. Policies govern which users have access and what kind of permissions they have for sensitive documents protected with a given Hot Folder.
- Configure Seclore Enterprise Application details in Skyhigh CASB.
- Define DLP policies in Skyhigh CASB to detect sensitive or confidential data in documents by using Skyhigh CASB’s built-in Data Identifier templates, keywords, regular expressions, or structured and unstructured Data Fingerprints.
- Use the Apply DRM response action with an appropriate Hot Folder in the DLP policies to protect the document.
- All DRM policies (data policies defined in Seclore) attached to the Hot Folder specified in DLP policy are applied to the document