Anyone who works in information security knows that security is often a treated as a token afterthought. It is the necessary evil that is begrudgingly tacked on with duct tape and chewing gum after a hot new product or technology gains mainstream acceptance. Anyone in information security also knows that security can be done more effectively, at lower cost and with fewer headaches, if it is built into the fabric of the product or technology in the first place. To that end, Vera has unveiled an information rights management (IRM) solution to make it easier for organizations and developers to weave security in from the ground up.
In most cases, security essentially boils down to data security. It’s nice to be able to prevent malware from infecting a laptop or prevent an attacker from compromising your network, but the real goal is to prevent the malware or attacker from gaining access to or exposing sensitive data. The ability to limit and control access to data, track who has accessed the data—including when and where—and monitor where that data goes and how it is used is crucial to providing security.
Vera’s core business is based on the notion of securing data no matter where it goes. Vera’s new product is IRM-as-a-Service (IRMaaS), which uses Vera’s software development kit (SDK) and RESTful APIs to allow developers to directly protect and manage access to data within custom-built applications. The ability to easily integrate IRM into an application and automate as much of it as possible has the potential to make better security accessible to a much larger audience.
“In today’s world, we can no longer afford to treat data security as an add-on or afterthought. Instead, we must establish a security model that can be woven directly into the enterprise software and hardware stack,” said Ajay Arora, CEO and co-founder of Vera, in a press release statement. “We’re building a future where businesses don’t have to worry about where their data travels or who has access. Our team is establishing Vera as the trusted standard for securing and sharing any type of business information. The next step in this journey is to make our IRM platform available as a service to anyone, because this kind of impenetrable and invisible security is key to the success of every business application.”
One of the defining goals of security—at least security that you want people to actually use—is convenience. The negative perception of security is largely a self-perpetuating cycle. Security is often cumbersome and ineffective because it’s tacked on as an afterthought, which leads both developers and users to dislike security and also treat it as an afterthought. Anything that makes it easier for developers to weave security in at an earlier stage and that provides invisible (as much as it can be) security is a definite win-win.
Developers can use the Vera client SDK to include the ability to secure data, set IRM policies and permissions and even revoke access to sensitive data right into custom business applications. Legacy applications can be retrofitted with IRM capabilities using the RESTful APIs in Vera’s cloud platform.
Regardless of its reputation and generally negative perception, effective security is crucial for the long-term success of any application or service. Lowering the bar for implementing effective security—both in terms of cost and complexity—and providing developers with the tools necessary to protect sensitive data is definitely a step in the right direction.