[Blogger: Trent Henry]
Burton Group has long covered enterprise digital rights management (known varyingly as ERM or E-DRM). Our most recent report on E-DRM describes the technology as “driving security to the data.” Similar to consumer DRM schemes that protect Windows media or Apple iTunes content, E-DRM uses cryptography and fine-grained policies to limit what a user can do with data. Unlike consumer media, however, E-DRM is used exclusively by enterprises to protect corporate data and is typically targeted at word processing files, spreadsheets, email, and related content.
Here in Prague at Burton Group’s Catalyst Conference, many of our security talks have been geared around the trend of information-centric security. As a result, several attendees have approached me to ask, “Where is E-DRM going?”
Good question, but a hard one, because even Burton Group is of a mixed mind on the topic. On one hand, we see E-DRM as software-based technologies whose consumer counterparts have suffered one break (attack) after another. In short, they’re low-surety solutions. In addition, the products suffer from an in-your-face user experience that necessarily adds complexity for employees. On the other hand, E-DRM is arguably the finest example of security surrounding data itself: fine-grained policies (e.g. “You cannot print this document and may only email to other Finance Group members”), cryptographic protection, and prevention of other sorts of leakage (e.g. no copy/paste to unauthorized applications).
The vendor landscape for E-DRM has changed substantially in the last 18 months. Microsoft has made significant strides in adding E-DRM support to SharePoint. Oracle, through its acquisition of Stellent, picked up SealedMedia. And EMC, through its acquisition of Documentum, did the same with Authentica. The remaining standalone vendors are Adobe and Liquid Machines. It’s clear that vendors are solving one typical objection to E-DRM: the management of yet another silo of policies. By linking Enterprise Content Management (ECM) and E-DRM, the content repository’s security settings can automatically be reflected in DRM-protected documents that leave the ECM environment.
Where does that leave us?
- We have cautious optimism that E-DRM will continue to receive uptake, even though today’s deployments tend to be relatively small and tactical.
- We expect vendors to enhance protection, making use of trusted platform modules for integrity validation and hardware cryptomodules for improved cryptography handling.
- We expect additional integration between rights management and content management solutions.
- Ultimately, we think there will be interesting synergies between virtualization and E-DRM, where mobile workloads (on virtual machines) and the sensitive content they contain can be managed, tethered, and persistently secured via rights-management no matter where a machine image lands.