Google has implemented a new security feature in order to allow file owners to control whether or not the users for shared files can copy, print, or export them on Google Drive. I wanted to explore the usability of Google’s IRM feature within a corporate environment to see if it could help to prevent data leaks caused by insider threats from employees, as well as data leakage threats from partners, and third-parties.
If the feature is sound, it could be a convenient method of safely sharing data since Google is linked up with many useful applications. Unfortunately, upon further investigation and usage of Google’s IRM, I found that it was a good feature in some aspects but not quite good enough to be suitable for corporate use.
Here are my four reasons why I believe it is not well suited for corporate file sharing.
Rights Management Concerns
There were two key issues with management of the Google IRM feature. The first is that the IRM features are set file by file making it a big headache for any security administrator. Imagine managing just 20 users and each of them made just 1 file per day. This is around 600 files per month that they would have to try and manage. Now imagine that on an enterprise scale. That would be thousands of file daily.
IRM is also set by the file owner instead of the security administrator. It basically leaves each employee in charge of the security of each individual file leaving you highly vulnerable to employee-related data leaks.
Collaborative Editing or IRM
Personally, I find that the collaborative editing is one of Google Apps’ best features so you can imagine my disappointment when I found that the IRM doesn’t extend to editors.
Google’s IRM is only applicable for users with read or commenter access rights (Previous Post: Top 3 Things to Know about Google’s Information Rights Management (IRM)) meaning I ultimately have to choose to have IRM security without the ability to edit or have the convenience of collaborative editing without IRM security. Why can’t I have both?
Google Apps Only
The Google IRM is mostly centered on protecting Google App files and for all other files in Google Drive, the functionalities are limited. For non-Google App files, the IRM only removes the options for copying, exporting, and printing but content can still be copied using clipboard copying. So, Google IRM is not a viable option for confidential data. Also, since many of my organization’s files are from Microsoft Office as well as other standard applications such as those from Adobe Creative Suite, a large majority of my files will not fall under the full protection of Google’s IRM.
Lack of Compatible Protected Applications
As previously mentioned, Google IRM is focused mainly on Google App files, so it leaves the large majority of my other files to fend for themselves. The only files that I could protect are Microsoft Office files but they would have to be converted into Google App files in order for me to get the full protection.
I personally share a lot of Adobe Illustrator, Photoshop, and Premiere files for marketing content on the website. These files do not have a Google-App counterpart and cannot be used within Google’s browser-based platform. So essentially, the feature provides very little usability and security for myself and my team.
For other organizations, I can see this being an even larger barrier. For example, R&D for a manufacturing company could need protection for their AUTOCAD files, website developers could need protection for their HTML files, or a gaming software design company would need protection for their source codes.
Google IRM’s Role and an Alternative Solution
Google IRM could be a good start to trying to protect you from data leaks caused by your own employees and colleagues. As it is now, it doesn’t seem good enough to be used in a dynamic enterprise-level environment. But if you want to create a more secure environment that is convenient and better suited for the enterprise, we have a solution that would be able to allow for secure file sharing within file servers and the cloud by using advanced rights management technology. [Next Post: 3 Ways SECUDRIVE is a Better Alternative to Google IRM in an Enterprise Environment]