As companies look for better ways to secure online documents and E-mail--whether it's to protect sensitive information or to comply with government regulations--they're increasingly turning to a growing class of security software known as enterprise digital-rights management.
DRM software lets companies enforce security policies for documents, such as who can read, edit, print, and forward sensitive information. Encryption technologies are typically used.
"You need to have your security policies travel with your information, and DRM lets you do just that," says Pete Lindstrom, research director with security research firm Spire Security.
JupiterResearch, a division of Jupitermedia Corp., predicts corporate investment in DRM products will reach $278 million by 2008, up from $36 million in 2003.
At the RSA Conference in San Francisco this week, Authentica, Liquid Machines, and Microsoft were among the companies offering new or enhanced versions of DRM software.
Centralized management of access rights was a popular theme among the product announcements. Authentica introduced its Active Rights Management platform, an integrated management app that provides access-rights protection for E-mail, Microsoft Office documents, PDF files, and other types of documents.
The new platform manages several existing Authentica applications, including MailRecall, PageRecall, and Secure Office, making it easier for users to centrally manage access rights with those applications. It also can manage access rights for apps from other security vendors, including IronPort Systems Inc. and Proofpoint Inc., and integrates with content-management applications from Documentum, eRoom, Hummingbird, and Microsoft SharePoint.
Wells Fargo & Co. is about to complete a pilot of Authentica's software to bolster the security of E-mail and other sensitive documents exchanged among employees, partners, and contractors, says Mike Lee, VP of encryption strategies for the bank. "We have to always be careful when it comes to the people that want to do us harm. They only have to be successful once," Lee says. "With DRM, the security protection follows the information, and that's a powerful thing."
Wells Fargo is finishing trials of Authentica's software in its test labs and will soon try the software with a limited number of E-mail users. The software also can protect customers from Internet phishers and other E-mail scams, Lee says. "We're looking at all of the ways we can protect our clients and our business. We're interested in not just the perception of protection, but real protection," he says.
Microsoft executives say Service Pack 1 for its DRM software, Windows Rights Management Services for Windows Server 2003, currently in beta, will be generally available by the middle of this year. The service pack will provide several enhancements, including the ability for customers to centrally manage access rights, says Suzanne Kalberer, product manager for Windows Security Business and Technologies. In earlier versions of Windows RMS, it was primarily up to each user to build access rights for the documents and E-mails he or she created. "Businesses said they need a centralized way to manage these access rights," Kalberer says.
Liquid Machines released a beta version of Liquid Machines Document Control 5.0, DRM software that can be used with Microsoft Office 2000 and Microsoft Office XP; Windows RMS only supports Microsoft Office 2003. Document Control 5.0 also will support Microsoft Visio, Adobe Acrobat, and Adobe Reader.
Meridio, which makes software for managing electronic records and documents, said it has integrated RMS capabilities in Microsoft Exchange and SharePoint Portal Server for its archive and records repositories.
The law firm of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo P.C., which has about 450 attorneys nationwide, is testing Windows RMS, IS director David Gregson says. The firm will deploy the software in coming months to better secure the internal communications of its employees and eventually use digital-rights-enabled E-mails for more secure communications with the firm's clients, he says.
"Centralized management is extremely important for us," Gregson says. "If you want this software to be adopted and used, end users can't be deciding who should have access rights to which documents and E-mails. It has to happen as part of their normal workflow."
An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com. View Full Bio