Taking Care of Business
While mobile entertainment companies have made significant progress toward providing users with a seamless DRM scheme that will allow content access anywhere, anytime, and on any device, the mobile enterprise has a long way to go. Like DRM in the mobile entertainment space, enterprise DRM lacks standards. This means that content protected by one set of software cannot be easily played, watched, or read via a device or application that supports a different set of technologies. This wasn't an issue when the workforce was tied to PCs and concerned only with the management of content distributed within the company.
However, no company is an island. It is connected and must, therefore, share its DRM-protected content—with partners, suppliers, shareholders, and stakeholders. To complicate matters, a large proportion of the enterprise workforce is mobile and requires the ability to read, change, forward, and redistribute content on the fly.
To date, limitations such as screen size and memory make it difficult for remote workers to access—let alone interact with—content on mobile devices. But, as Erica Rugullies, a senior analyst at Forrester Research, points out, this hurdle is being overcome. "We see more of it in the healthcare profession, where the use of handhelds among doctors to view images such as x-rays is growing," Rugullies says.
An additional driver is HIPAA, the Health Insurance Portability & Accountability Act, which requires that personal health information be stored in a proper manner and guarded against improper use. The privacy of patient records extends across devices, so the industry will need DRM solutions that extend across those devices as well, she adds. "But the mobile technology capabilities aren't there yet," she says. "When the technology reaches this point, then we'll see DRM solutions emerge to protect that content."
Authentica Inc., a provider of enterprise DRM (E-DRM) solutions, has recently completed a study of current and future customer requirements for E-DRM systems. Customer feedback underlines the desire to have the same control over email, whether it's viewed on a PC or on a BlackBerry, Victor DeMarines, director of marketing and product management at Authentica, says. "Customers that have an email retention policy of 60 days, for example, want that email to expire at all the different points the email touches." For this reason, Authentica has placed mobile DRM on its product roadmap for next year. "We want to extend secure viewing to the BlackBerry as it becomes more of a requirement [from our customers]."
Authentica has seen customer interest in E-DRM solutions surge this year, according to DeMarines. "Companies—particularly in the manufacturing and government sectors—can't just use their perimeter security technology to protect their data. They must increasingly share data across different nodes and devices, and so mobile is becoming a key part of their total E-DRM strategy."
SealedMedia, another leading provider of document security solutions, is also convinced mobile is an important part of the product roadmap moving forward. "Many of our customers would like secure documents to open up on devices such as BlackBerry," notes Alan Cornwell, the company's COO.
Clearing Desktop Chaos
As Cornwell sees it, most E-DRM products work according to what he calls the "M&M" principle. "The ‘M&M' approach to security relates to the hard perimeter reinforcement and relatively soft-in-the-center strategy adopted by most organizations. Firewalls and other solutions are aimed at building a wall, or a hard outer shell, to protect the enterprise from itself and the outside world," he says. "A hard shell is too confining to enterprises today to achieve information security so a new approach is required." Remote workers armed with laptops and PDAs want to work outside the walls of the enterprise. "So the problem becomes not how do we protect the enterprise," he says, "but much more how do we protect information when it's external?"
Many E-DRM solutions try to keep all content in a secure repository. But, Cornwell argues, remote workers also create confidential content on their laptops and PDAs in the form of emails, Word documents, and PowerPoint presentations. "What we therefore need is a product that is complementary to a content management system and controls this chaos on the desktop," he says. To this end, SealedMedia has teamed up with partners including Documentum to extend its security and tracking capabilities past the repository to the desktop, providing rich document security and control capabilities to new and existing business processes.
Indeed, mobility is a key focus for Xansa, an international business process and IT services company with delivery capacity in India. It relies on SealedMedia solutions to secure the company's so-called Method abc, a delivery framework that spans the complete service cycle from proof-of-concept to continuous improvement and service measurement.
Every six months, thousands of copies of Method abc are produced and distributed via CD-ROM and an extranet for Xansa consultants to use in their work with clients. Previously, Xansa encrypted the CDs, but still risked losing control of the documents once the CD had been unlocked. Today SealedMedia E-DRM technology effectively allows Xansa staff to convert and seal documents on the fly. To ensure that consultants always have the latest version, these licenses are refreshed monthly when consultants collect email and submit time sheets.
"The very essence of our delivery system is tied up in mobility," notes Paul Weston, Xansa service manager in charge of Method abc. "When work with a particular client is over, the consultant can depart with the confidence that he is not leaving Xansa's intellectual property behind to be reused…When we walk out, so does our CD."