The Rights Stuff: The Integration of Enterprise Digital Rights Management into an Enterprise Architecture

Page 1 of 3

How much is your company's data worth? For Jason Elizaitis, director of information technology at asset management firm Fairfield Greenwich Group (FGG), the price tag was staggering: With $9 billion in assets under management, FGG needed to better protect its client lists and proprietary trading formulas from insider threats, such as inadvertent emails sent to the wrong person or, worse, malicious acts by an employee. FGG chose electronic digital rights management (E-DRM) software from Liquid Machines to safeguard its confidential fund and client information. Elizaitis's colleagues on the business side of FGG found an added productivity benefit: They can now prepare for regulatory approval documents created in Microsoft Word or Excel and housed in Microsoft SharePoint, with content security across the document lifecycle. Liquid Machines' SMTP email protection gateway unprotects a document for FGG's outbound virus protection software to validate the file and then reprotects the file when it is emailed.

E-DRM offers an important extension for document security and secure collaboration both within an organization and among multiple organizations. With E-DRM, the content creator or security administrator can protect the content from being emailed, copied to USB or other external media, and printed. E-DRM-safeguarded content may be date stamped to withhold read rights within a set time period.

One of E-DRM's early commercial applications has been corporate M&A deal rooms, where financial securities companies need to grant access for the content to be read for a few days and then revoke the access rights. For E-DRM adopters such as Goldman Sachs, which also uses Liquid Machines software, there is a significant financial savings in creating virtual M&A deal rooms, compared to the cost in travel and time of flying everyone to one physical location to review documents.

Among government organizations (while not a substitute for Sensitive Compartmentalized Information Facilities for viewing top secret and higher-level classified information), E-DRM holds promise to empower secure multi-agency collaboration and document sharing for sensitive but unclassified and for confidential/secret content.

A key theme that emerged from the Gilbane Enterprise DRM Conference held in San Francisco in April, and from vendor product announcements made during the second half of 2006, is the integration of E-DRM into the enterprise IT architecture, specifically with content management, collaboration, and information security.

As E-DRM deployments increase in number and scale from singledepartment to organization-wide, integration with other elements of the enterprise architecture and ease of use by both business and IT users are the two essential requirements for the E-DRM market to cross Geoffrey Moore's chasm from early adoption to widespread use. A May 2006 article ("Technology: Enterprise Rights Management Aims Digital Rights at Sensitive Documents") in CIO Insight astutely points out that E-DRM "is a feature, not a standalone market."

E-DRM and CM
For most Enterprise Content Management (ECM) systems, once a document is downloaded by an authorized user, security controls end. Thus, a user can email, print, or modify the document without restraint. In addition to the data leakage risks mentioned above, another problem is version control, with old versions of documents remaining in circulation. With E-DRM, the document is locked down by the content creator, with the security protection in place end-to-end across the content value chain for documents that are extracted from the ECM repository or that were never uploaded to that repository. When a new version of the document is available, E-DRM can turn off access rights to the older document versions and direct users to download the file from a secure central server. E-DRM thus can serve as desktop content management.

Among ECM vendors, EMC Documentum has led the work for integration of E-DRM with its acquisition of E-DRM vendor Authentica and integration by Documentum with E-DRM software from SealedMedia and Liquid Machines.

In August 2006, SealedMedia was acquired by ECM vendor Stellent, to extend Stellent's content security both inside and outside of the enterprise. Stellent paid $10 million to buy SealedMedia, offering up to an additional $5 million if SealedMedia achieves several financial objectives. SealedMedia offers E-DRM and Content Management integration with both EMC Documentum's eRoom and Open Text's Livelink ECM. As SealedMedia founder and CTO Martin Lambert noted in his presentation at the Gilbane 2006 conference in San Francisco, E-DRM offers important capabilities not found in standalone ECM systems:

  • Provides security for documents outside the repository (in other repositories; on desktops, laptops and wireless devices; in backups and archives; inside and outside the firewall)
  • Audits all actual and attempted usage beyond the repository
  • Revokes access to obsolete content versions stored outside the repository (and automatically routes users to up-to-date repository versions)
  • Deletes decryption keys to dispose of records stored outside the repository

The U.S. Office of Civilian Radioactive Waste Management, which is responsible for overseeing the transport and disposal of high-level nuclear waste from across the U.S., deployed SealedMedia E-DRM for secure distribution of sensitive documents to employees, contractors, suppliers, oversight groups, and stakeholders.

Both SealedMedia and Liquid Machines offer the ability to slave rights to ECM repository access controls. In addition to facilitating ease of use by organizations that already have an ECM system, rights slaving can alleviate the concerns of CIOs about integrating E-DRM software with backup and recovery. Documents with rights attached must either be unprotected or shipped with policy keys before they are released to thirdparty records-management providers.

Authentica allows EMC Documentum and eRoom users to maintain the same control over and audit access to content distributed outside the Documentum environment, outside the corporate firewall, and over the internet. Authentica Secure Mobile Mail integrates with Secure Mail for Outlook and Secure Mail for Lotus, while leveraging the push architecture of BlackBerry Enterprise Server. First Tennessee Financial Securities Corp. uses Authentica's PageRecall software to protect against inadvertent and unauthorized access, forwarding, and printing of internal documents. The software allows First Tennessee to revoke access to documents and to change document access and usage policies regardless of where the documents are located.

Setting Standards
The Interoperable Enterprise Content Management (iECM) Consortium, launched in May 2006 by AIIM (Association for Information and Image Management), hopes to become the clearinghouse for the development of the standards needed for the creation of interoperable ECM systems. The iECM seeks interoperability for ECM for documents, graphics, video, audio, and other forms of content. iECM could benefit government agencies for whom official documents are shared across multiple federal, state, or overseas organizations with differing ECM systems.

Initially, iECM will focus on three major areas of compliance: services, information/metadata models, and component descriptions. Services will address common content management operations, while information/metadata models will address how content metadata can be ubiquitously utilized, despite potentially differing term sets and vocabularies. The component descriptions will formally specify all aspects of the information ecosystem, so that information sources may be discovered and automatically made available.

Hopefully the iECM initiative will be more successful than the Mobile DRM interoperability impasse, which remains stalled among the competing choices of the OMA standard: Windows Media Audio and Windows Media DRM 10 for Portable Devices; Apple FairPlay; the Marlin standard led by Intertrust; and vendor offerings from Groove Mobile, Irdeto, Melodeo, and SDC, among others.

Page 1 of 3