Cloud content hosting and redistribution is enabling convenient and easy access to online content thereby accelerating the adoption and penetration of internet in past two decades. The current Industry 4.0 revolution and adoption and acceleration efforts are leveraging cloud computing as a means to store, retrieve, and share data. This makes the internet a relatively vulnerable to content abuse and increase the demand of clear consent before data consumption and redistribution. The growth of cloud computing and management technologies is penetrating in the market, and digital rights management (DRM) practices are needed for better and ethically safe online space. This chapter talks about state-of-the-art DRM paradigms being proposed in the literature and critically discusses their technical performance, flexibility, and immutability challenges. This chapter will clarify internet governance implementation roadmap for Industry 4.0 revolution by critically analyzing the cloud technology stack and ethical features by advocating Cloud DRM.
TopIntroduction
The increasing popularity and use of the Internet, has resulted in huge amounts of personalized content being stored in Cloud storage. This private data is accessed and shared using heterogeneous devices such as mobile, web, and IoT (Salman et al., 2018). The open and inclusive nature of the Internet allows content to be redistributed, without explicit consent, which may infringe Intellectual Property rights. With the recent growth in the utilization of cost-effective and easy-to-scale Cloud computing, it has become a popular way of storing online content. However, the protocol and mechanisms in Cloud computing need to be questioned for the greater safety and security of the content they store. This is because of a paradigm shift from client servers to the distributed nature of Cloud protocols, which bring new challenges for content security. Digital Rights Management (DRM) is a technology used to safeguard data over the application layer from illicit usage, using some form of encryption. DRM technologies for Cloud content need to be explored to protect Cloud data from unauthorized usage and efficient revocation. (Q. Huang et al., 2013; Koulouzis et al., 2018; Xu et al., 2017). The unauthorized Cloud content sharing or maneuvering access licenses may infringe copyrights and online content security policies.
It is necessary to apply technical solutions to mitigate this content misuse threat to online safety. However, implementing strong and computation exhaustive encryption in a distributed mode, as well as content serving, introduces many performance bottlenecks and constraints such as synchronization, latency, low processing and storage, and client and communication overheads (Das et al., 2015; Ma, Jiang, et al., 2018). This overhead needs to be reduced by researching robust encryption in DRM solutions to meet the practical and flexible need for content protection in Cloud computing.
Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and increasing to 20.8 billion by 2020. A large percentage of these devices are going to be Bring your own device (BYOD), which carries a combination of personal and business data, and has major vulnerabilities – putting your enterprise data at risk. Attackers have shifted their focus from secure enterprise environments to these vulnerable devices, which gives them an easy gateway to enterprise data. Mobile Device Management has become an important risk mitigation measure for every organization.
Encryption of data at rest will evolve to target the resources, rather than where the resources are stored. Applications have become more complex, with some of them running on-premise and some in the Cloud. There is a business need for data to be transferred across these applications and thus blindly encrypting the entire repository where the content is stored will be rendered ineffective. With the amount of data handled increasing every day, it is too expensive and unmanageable for organizations to encrypt data blindly. Companies will have to start moving to solutions that can dynamically protect information based on the criticality of the data to comply with business and regulatory requirements.
Based on a survey conducted by Gartner, IT security ranks second in the list of priorities for corporate investment. This is primarily due to the increase in data breaches in the recent past and the impact these incidents have on the companies’ credibility.
So how can organizations secure their data effectively? This will require a multi-pronged approach to plug all potential loopholes and safeguard the ‘crown jewels’ of the organization. The first step in this approach is to have well-defined security policies that prescribe what information needs to be safeguarded and how it needs to be protected. Companies need to take a top-down approach to this, with the policies percolating from the CEO down to the lowest levels of the organization. A key factor is to ensure that the policies remain relevant to changing business needs and can be changed quickly to reflect new requirements. Solutions should automatically apply protection to reduce human error. Employee awareness about the latest cyber threats and protection methods is also important to ensuring security is properly enforced.
The constantly evolving data security risks are a huge challenge for the security teams, but with the right policies and tools, they can secure their most critical information. A data-centric security strategy that is flexible, dynamic, and provides central visibility needs to be a key part of any security portfolio.