The Rights Stuff: The Integration of Enterprise Digital Rights Management into an Enterprise Architecture

Page 3 of 3

E-DRM and Network Security
Beyond securing individual files and the collaborative process, E-DRM is increasingly being integrated with network security, particularly in the rapidly growing market of network access control (NAC). E-DRM and NAC are naturally complementary technologies: NAC locks down endpoints to prevent unauthorized access to a network and can catch network traffic that defies company policies, such as pornography or large streaming media files that clog the network. NAC, however, does not extend to granular file-level protection, such as to prevent leakage of a public company's prerelease earnings data. With NAC alone, a user could still inadvertently email that data to an unauthorized third party outside of the enterprise.

At Gilbane 2006, Intelligent Wave USA and Nikko Cordial Securities presented a case study of Nikko's global deployment of CWAT, which integrates endpoint monitoring and control via a host agent and server-based network access control. Before E-DRM, it was the "Wild Wild West," where anyone could attach a confidential file to an email and send it anywhere. Nikko Cordial Securities selected CWAT for its Insider Threat Management solution.

Insider Threat Management is becoming a standard set of line items in IT security RFPs. Organizations even want to "monitor the monitors" by keeping audit logs or other controls on users with administrative rights access.

Workshare Protect Enterprise Suite provides endpoint and network-level outbound content security. Workshare Network Protect is a network channel gateway that provides IT security staff with visibility and policy enforcement for content leaving the organization via network channels such as HTTP and SMTP. The solution offers integration with Outlook, Documentum, Hummingbird, Interwoven, and SharePoint.

In June 2006, the Decru division of NetApp and FileNet Corporation announced that they are teaming to deliver secure enterprise content management solutions to enhance privacy for sensitive and regulated data. Decru and FileNet are extending interoperability testing for the combined solution and will undertake cooperative sales and marketing efforts.

The joint solution addresses growing customer requirements for high-security content management for regulatory compliance; it combines FileNet's P8 ECM platform with Decru DataFort storage security appliances.

Cloakware Robustness Solutions harden DRM systems and Conditional Access (CA) systems to meet content protection standards, such as OMA DRM, DTCP-IP, and WMDRM. This allows content to be securely distributed with confidence that the rights of the content owner are protected.

Another approach to integrating DRM with Network Security, Content Monitoring and Filtering (CMF), is generally sold as plug-in network appliances. CMF performs deep packet inspection on inbound and outbound network communications traffic and performs keyword inspection to detect and block specific content, such as personal nonpublic information (e.g., credit card or social security numbers). CMF products monitor email traffic and one or more other channels such as IM, FTP, or Web HTTP. Unlike E-DRM policy servers which protect specific files, CMF depends on linguistic or statistical analysis, or other pattern matching techniques, to identify content, track activity, and stop the transmission. Accordingly, E-DRM offers an important additional layer of policy protection for critical documents. Likewise, CMF does not prevent copying to a USB card or printing a document, two of the important functions fulfilled by E-DRM.

What's Next: E-DRM Ahead
As E-DRM becomes an integrated extension to content management, collaboration, and information security, expect to see more purchase options, including appliances with pre-built policy templates, Application Service Providerhosted options, and more peer-to-peer architectures (e.g., the Groove Networks software acquired by Microsoft and the the Avoco secure2trust E-DRM system deployed by the Atlas Consortium for the U.K. Ministry of Defense.) By avoiding lookup to a central policy server, peer-to-peer architectures can aid scalability for distributed organizations and also move E-DRM down market for use by mid-sized companies.

For endpoint security such as the control of sensitive data on laptops, a very interesting area in the second half of 2006 and in 2007 will be the announcements of E-DRMsystems that take better advantage of the embedded security chips that are becoming common in Lenovo, HP, and other enterprise- and government-grade laptop computers.

We can also expect to see more E-DRM product development and partnerships by the network content monitoring and filtering (CMF) vendors. CMF's purchase rationale mirrors that of E-DRM: Insider Threat Management to protect sensitive internal information from being made public, either by accident or by malicious intent.

E-DRM's Future Depends on Usability
You can't stress enough the importance of usability in making an E-DRM purchase decision. After integration with other elements of the IT architecture, usability is the major factor that will shape the E-DRM market in the second half of 2006 and in 2007. Two good steps toward increased usability are preset policy templates, for example, for Sarbanes-Oxley compliance, and the ability to slave E-DRM to existing software such as Microsoft Office or ECM software. For E-DRM to cross Geoffrey Moore's chasm from early adoption to widespread use, both business users and IT administrators need to see E-DRM as integrated seamlessly with their existing workflow processes.

Companies Featured

Adobe, Inc.


Avoco Secure


EMC Documentum

Intelligent Wave USA

Liquid Machines

Microsoft, Inc.

SealedMedia, Inc.


Page 3 of 3