X
Business

Document DRM moving into the enterprise

Digital Rights Management (DRM) may be a dirty phrase for home users trying to play their music files or movies on unauthorised players but the technology is being embraced by enterprises.DRM or Information Rights Management (IRM) helps companies avoid confidential or sensitive information being seen by unauthorised parties through accidental or malicious acts.
Written by Munir Kotadia, Contributor

Digital Rights Management (DRM) may be a dirty phrase for home users trying to play their music files or movies on unauthorised players but the technology is being embraced by enterprises.

DRM or Information Rights Management (IRM) helps companies avoid confidential or sensitive information being seen by unauthorised parties through accidental or malicious acts.

DRM technologies can allow, for example, Word documents to be protected and encrypted and only read by certain individuals. If the document -- or part of it -- is copied onto a USB drive or sent in an e-mail attachment, the data will still be safe from prying eyes.

Peter Croft, APAC managing director of e-mail security firm Clearswift, said one of the best uses of the technology is to automatically enforce security policies and restrict the sharing of confidential information.

"One of the theories behind IRM is that the document has to look after itself once it gets into the wild -- from a known sender to unknown recipients," Croft told ZDNet Australia.

Last month, investment bank Goldman Sachs implemented a document DRM solution from Liquid Machines, which is capable of protecting information even if it is moved from one document to another or from one application to another.

"The features include enabling the end user to cut/copy/paste protected data from one application to another and persist protection; distil source data such as PPT [Power Point] or Word doc to an Adobe PDF and again persist the data," said Ed Gaudet, vice president of product management and marketing of Liquid Machines.

Croft highlighted similar solutions from vendors such as Vontu and Tablus, but he said an important feature, which he pointed out is available on his company's e-mail appliances, is where the gateway can look inside e-mail attachments for potential violations of the security policy.

"There is a text tab in the subject line -- so the human can understand it -- but also in the x-header of the e-mail so the gateway system can understand it and perform a policy routing decision.

"Militaries have been doing this for years. If you have ever received an e-mail from the defence department you will see 'sec=unclassified' in the subject line. We are finding more and more corporates adopting a scheme of protective marketing," he said.

Croft explained that if the gateway is able to look inside e-mail attachments, the security policy can be enforced automatically.

"I may mark something as 'confidential' but I shouldn't have to ask 'is it confidential enough for me to encrypt?'. That should be a gateway decision," Croft said.

"The decision [to send the document] is taken by the user but the technical decision on routing and disposal is out of the users hands and is a policy. The gateway can make the decision and say 'that routing is a policy violation'."

Editorial standards