Make sure to follow these guidelines carefully before executing your EDRM project
While EDRM is the only solution available to solve the security problems of unstructured data, oftentimes the term EDRM itself is the most dreaded one for many organizations. This is because many EDRM projects have failed miserably.
These projects have failed because of overzealous policies, loss of control over the policies, and no proper implementation guidelines. This oftentimes leads to access being denied to those who are authorized to have access.
With more than two decades of experience in data-centric security solutions, we have created a checklist for you to successfully implement an EDRM project .
1. Make your policies simple and understandable
Most often EDRM projects fail because there is either an overabundance of policies or policies are not properly defined. It is not enough if the policies alone are well-defined, their enforcement rules must also be centrally defined and as far as possible must be automated.
If users are allowed full rights to the project without any proper guiding policies, then it would be difficult for each user to make the right decisions. If possible these rules must be similar to the already existing access rules so that the user is not confused with too many new rules and regulations.
2. Use simple security tools
All users may not be very good at understanding the complex nature of the different data security concepts, data classification, encryption, etc. When they find it difficult to understand they may ignore the tools.
3. Train users properly with the various EDRM concepts
Proper understanding and training of access management, unstructured data flow, the complexity of the project with it many dependencies like applications, data, identity, connectivity, different policies, etc., is very essential to execute the EDRM project successfully.
4 . Gain the support of top-level executives
Generally complex and huge projects require a top-level executive buy-in. This is because a lot of money, time, and resources are involved in such projects. Therefore, when you want to implement an EDRM project it is better to get the support of top executives. Executive buy-in is essential to understand the impact of the project and also such projects may involve organizational/cultural changes.
5. Always develop a use case
It is always better to develop use cases for EDRM projects because EDRM products with a narrow focus will not meet all the requirements of the modern digital workspace.
When documenting use cases, it is critical to discuss several things such as objects in scope, application support, file origination, activities and toolsets that may be required when an organization decides to abort the EDRM project, data affiliation, EDRM affiliation, roles of users and administrators, application rollout, unmanaged devices, device type, vendor access, cloud access, inheritance, external collaboration, etc.
6. Understand the technology components while designing the solution
EDRM solution design is more than just product selection. The solution architects should understand the various EDRM technology components, and requirements of clients, servers, and the network. They should also plan for integrations with security products, business applications, and also endpoint applications.
7. Plan your implementation process with various steps
Start your EDRM project rollout with a small initial rollout and don’t be too overly ambitious. Include a few data asset types and user groups and maybe a single department. Draw your inference from this small scope and then expand it to a larger project.
Keep your policies simple and document all procedures. Consider your legacy content, the recovery process, and bulk decryption too. Have a training schedule designed for all your users.
8. Follow some best practices for the rollout
It is during the actual implementation process that you will discover real workflows in the organization as opposed to what you think they are. Mitigate all issues before deployment. Provide the right tools to your users and educate them to make the right decisions. Be ready to solve issues that crop up. As much as possible reuse what works.
9. Monitor the project
Carefully monitor the project. Check for any anomalies and rectify them immediately. Over time there is a tendency to keep adding more policies or policies will be changed without proper oversight. Don’t allow such policy sprawls. Detect them early and curb them.
10. Be Cautious while expanding the scope
Be very cautious while expanding the scope of the project. Plan for UATs on each expansion of scope.
If you follow the steps carefully then you can avoid all the pitfalls and be sure of a successful EDRM implementation. Here are some common pitfalls that that you should be wary about.
- Overestimating EDRM capabilities
- Underestimating EDRM capabilities
- Failure to get executive-level buy-in
- Missing developing critical use cases
- No proper planning for EDRM exit
- No proper use case planning – Too high a level will result in too much freedom and too many iterations while too low a level will delay the project
- Errors in translating the use cases
- Missing integrations
- Complex policies
- No proper DR plan
- Wrong product selection
- Inadequate communication, training, and monitoring
Planning and implementing the EDRM project is a challenge. However, if you are careful in your planning process and consider all the above points, you can avoid pitfalls and limitations in your EDRM project.
Microsoft Azure Information Protectionis the most popular EDRM product. It is easy to test and all components are readily available.
Microsoft’s partner, SECUDE is a leading data-centric security provider for protecting SAP data and CAD data protection. Our products and solutions apply appropriate labeling and protection defined in Microsoft Information Protection (MIP), the de-facto standard for rights management to the data and files downloaded from SAP and CAD software.
To learn more about how you can leverage Microsoft EDRM for your SAP and CAD data and automate data protection email us at firstname.lastname@example.org