« Mobility and Security | Main | More Than Roles: Using Data-Centric Security To Fight Fraud »

October 22, 2008


Simon Thorpe

Trent, an interesting blog. I think the future in this space is only just starting to grow across many areas in the enterprise. I responded to some of your comments here;


Stephen Martin

The ERM hype is yet another rebranding of encryption with access controls. I worked at a computer desktop security company 15 years ago when we were doing this stuff. Data was encrypted and access controls determined who could view it. Anything saved to external media was automatically encrypted ensuring it could not be passed on unless the receipient had a key to view it. It turns out however that in reality companies have very few secrets. There is not much point protecting email text if it only composes of a few lines of importance that can be easily typed from scratch and then passed on to others outside the organization. The real value of protection is usually for large documents (the attachments) that must be read but not modified by others or passed on. Adobe PDF format is great for the conversion of all file types into PDF, and you can get extra protection by purchasing a PDF DRM solution (see LockLizard amongst others). Also DRM solutions work outside the enterprise so you control use of protected information sent to third parties, whereas ERM solutions tend to be focused internally since many use Windows RMS. So companies should save themselves the pain and expensive of implementing an ERM solution and opt for a PDF DRM alternative instead for a tenth of the price.


ERM/IRM is getting a new surge in interest as analysts and customers alike realize its potential for protecting their most valuable content. I've just started blogging on the Oracle IRM technology.


Hey!Good article.What I don't understand is why corporate America has not turned to the folks who have been working on the Semantic Web for ages starting on SGML and moving to XML. It's those MLIS-heads who have dedicated a good portion of their careers working on meta data and DATA CLASSIFICATION schemas and solutions.

What we're seeing now with DLP is that you really need to "know what you've got" before you can protection, meaning companies are now being forced to implement data classification. It's already been done several times over...just on a smaller scale and many cases in specific industries.

It certainly would save many security folks from recreating the wheel and could give them another ally within their organizations

Account Deleted

Trent, an interesting take on IRM and subscrive wholly to your views. There is an interesting post on the future of IRM as well as comparison with consumer DRM technologies which was posted by Vishal Gupta, the CEO of Seclore ( http://www.seclore.com ) on his personal blog i.e.


Have a look ..

The comments to this entry are closed.

  • Burton Group Free Resources Stay Connected Stay Connected Stay Connected Stay Connected

Blog powered by Typepad