Enterprise Digital Rights Management

... more suitable for my needs, but I'm not sure about it. So, lots of options, lots of doubts… Basically I need a platform that has the following features: Licensing methods: Hosted Web-Based Licensing OR Standalone Licensing; Distribution Controlling Mechanisms: Computer-Based Identification OR User-Based Identification; Supported User Rights: Printing Rights AND Clipboard Rights; Security Level: Good Level, but keeping good user experience... (PART 3)

Wed, 18 Apr 2012 22:48:35 +0100

Have a look at Zafesoft, as well as ArtistScope. Let me know if these fall short of what you are looking for.

Hi Peter,I am bringing up a website to sell e-books. I was counting on Watchdox as a platform to protect my documents, but recently they have changed their target, focusing on bigger clients, and I cannot afford their prices anymore. So I started to look for alternatives. The first one was Vitrium. The backend is very user friendly, and it seems to provide a good security level. But for my disappointment, I've seen an article and I became very afraid with this note... (PART1)

Wed, 18 Apr 2012 22:22:21 +0100

I need to know what your budget is before I can recommend a possible solution or solutions. It seems that price is a main issue, however it could be that Vitrium is the right solution for you. The article does not necessarily mean that it is a bad product.

The part 2 to your question is missing so I am not sure that I will do all your questions justice.

I work for a Venture Capital firm and I am looking to invest in this industry, I would appreciate your inputs on these concerns 1) What are the key success factors to succeed in this domain and How important is technology a differentiating factor 2) With established brands like Symantec and Adobe in the space, what do you think about prospects of a startup firm 3) How big is the untapped market opportunity and Who are the potential customers.

Sat, 14 Apr 2012 11:57:02 +0100

My advice to you is invest cautiously in this industry. As you know the trends in the IT industry is moving at an unbelievable fast pace. Organisations are beginning to allow their employees to bring in their smartphones and tablets into the workplace. Some have even gone further by allowing their employees to view corporate data on their personal devices. This along with corporate data in the cloud should begin to answer the question where your money should be going. Other than this, unless your investment has a big marketing machine behind it the risk of seeing a profitable return on your investment begins to wane.

All Enterprise DRM products have limiting features that give its customers a complete satisfaction. For example I am currently working on a project that is cloud based solution but only works with one web browser and not the others, this can always lead to frustration for the client, resulting in canning the whole idea altogether.

The market opportunity is still highly untapped especially in the Apple iPhone and iPad space, Android, Windows Phone, Blackberry (currently in decline, but still big in many parts of the developing world) and other personal electronic devices. There is also the Cloud, in other words you develop solutions that will make access to confidential data stored in the cloud seamless, but the true secret to such a solution is making it seamless in terms of access to all mobile and desktop operating systems.

Regarding potential customers, I would say from a corporate perspective banks, pharmaceuticals, legal firms, publishing, oil and gas, and manufacturing are your main targets. On the whole anyone who needs to control how sensitive and confidential information is distributed. Symantec and Adobe are great products, but have very limiting capabilities and are not the market leaders in Enterprise DRM, but as I said previously there is scope for growth. I hope I have answered all your questions.

Allegations of Leaked Exam Questions Hits Redbridge LEA

Sat, 14 Apr 2012 11:43:12 +0100

Last year some parents were questioning whether their child was denied a place in one of the selective schools in Redbridge Local Education Authority after it has been alleged that some students had practised the exact same questions a day before the day of the exams.

Many parents have called on Redbridge to investigate the source of the leaked exams, but Redbridge have denied that it is impossible for the questions to have been leaked, claiming they have a very thorough process of securing the questions before the actual exam.

Speaking to a 11 plus tutor, I was told that allegation exam leaks have been going on for over 10 years, but Redbridge have persistently denied the allegations. The integrity of the Redbridge LEA and the 11 plus selection process is at stake unless a public inquiry is undertaken to convince parents that the process is fair.

Redbridge can calm these accusations by reviewing its current processes. For example once the questions are selected from a pool of questions, the best way is to secure the questions is to have 3 sets of papers for each subject from which it will be determined at a date closer to the exams which one the papers the students will be sitting. The questions will be stored electronically and secured using enterprise rights management.

The selected papers are sent to the printer electronically, to be delivered to the exam centres on the morning of the exams by UPS or DHL with a robust backup system to cover any risks of the exam papers not getting to the centres. There are variations to the solution suggested above, and this needs to be communicated to give parents full confidence in the system.

Where is your evaluation of the various ERM products?

Sat, 14 Apr 2012 11:35:44 +0100

That will be done soon, hopefully you should see some progress before the end of the year.

Dear all,

is there any documentation availabe where major right management systems are beeing compared to each other ? (Pros and Cons, features, systematics)

Regards
Andreas

Sat, 14 Apr 2012 11:34:16 +0100

Hi Andreas, I am not sure there is anything that compares Enterprise DRM at the moment. It was a project that I was going to take on but I am yet to start.

I followed this blog and I think is very interesting....why have you give up this blog?

Sat, 14 Apr 2012 11:29:44 +0100

I have not given up, its just that I am so busy till now. I intend to return to writing again. Watch this space.

I am doing a Masters Degree Research on the implementation flaws of E-DRM. Do you have any research material and case studies that you can share? Please assist.

Sat, 14 Apr 2012 11:01:23 +0100

If you can reach me via email, I can send you some research papers and white papers.

I have a website to sell e-books. I need a platform that allow me to have full control over my files, controlling all third party permissions like sharing, saving, printing. The software listing on the right menu is very helpful but I really need to find a better solution for a start-up, low budget business. I've tried watchdox and it seems to be very reliable for a relative low cost. Can you recommend me any other software that can be suitable for my needs? Thanks and congratulations

Sat, 14 Apr 2012 11:00:27 +0100

Watchdox seems to be a fantastic product, for what you intend to achieve, where cost is a factor I will go for Watchdox.

Hi Peter, what do you think about Haihaisoft DRM-X 3.0?

Sat, 14 Apr 2012 10:45:20 +0100

From what I know Haihaisoft does more in the area securing of media files rather than document security. I am not really knowleageable in this area of expertise.

Data classification is at the heart of any EDRM deployment.
So what should be an approach of creating Data Classification Policy.
Most classification schemes attempt to define the sensitivity of data using three criteria confidentiality,integrity and availability.
this leads to 3 to 4 classification like Secret,Internal,Confidentia,Public is this right approach ?

Wed, 22 Feb 2012 19:18:56 +0000

Apologies for the delayed response. Data classification has not become a standard yet, so yes you could approach classification in the manner you mentioned. But most importantly, you have to understand the types of documents that your organisation keeps and define your classification on that basis.

Hello Peter - I am contacting you to ask your approval to cite some of your content from this excellent blog. I am writing a book that explores the use of E-DRM/IRM and other complementary technologies entitled, "Safeguarding Critical E-Documents: Implementing a Program for Securing Confidential Information Assets" to be published by Wiley & Sons this summer. I have found your posts on this blog to be very insightful and helpful and would like to cite them properly in my book. Will you approve?

Wed, 22 Feb 2012 19:11:58 +0000

That is not a problem at all. You have my permission.

Regards,

Peter.

What is the best IRM/DRM for 25-100 users on a self hosted server. Andrew Tannahill

Fri, 18 Nov 2011 08:59:27 +0000

Your answer depends on what you want to secure and what your budget is. There are some IRM solutions that are targeted at file servers, while some are targeted specifically at content management systems. I have to know which one you are aiming to secure to answer your question.

Also what is your budget?

Frost & Sullivan Recognizes Fasoo.com's Outstanding Innovation in Crafting and Executing Its Competitive Strategy

Fri, 15 Jul 2011 21:34:38 +0100

The company is uniquely positioned as an independent vendor of pure Enterprise Digital Rights Management products

MOUNTAIN VIEW, Calif. - July 11, 2011 - Based on its recent analysis of the enterprise digital rights management (EDRM) market, Frost & Sullivan recognizes Fasoo.com, Inc. with the 2011 Global Frost & Sullivan Award for Competitive Strategy Innovation of the Year. Fasoo.com (Fasoo) has successfully retained its leadership in the Asia-Pacific (APAC) markets and is seeing steady improvement in its global market position based on its unique technology, ongoing R&D improvements, comprehensive product capability and effective use of competitive intelligence.

In the global EDRM market Fasoo competes with Microsoft that has the strength of its Windows Server and Office products, which are mainstay applications for enterprises worldwide. Fasoo’s technology approach is driven by security and practical considerations. By overriding an application’s memory space, it provides a strong approach to document protection that integrates smoothly with the end-user experience even for third party applications, where EDRM vendors do not have access to the program code.

“This is a difficult approach for several reasons, including risk of performance impact and the requirement of keeping pace with application and document format updates,” said Frost & Sullivan Research Analyst Avni Rambhia. “Fasoo has developed the technical strength and deployment process to execute it well.”

Another unique Fasoo’s strength is its ability to scale operations across large enterprises, which are often a patchwork of identity management and client application systems across various enterprises. Fasoo has strong experience in securing information on an enterprise-wide level for large, globally distributed companies. For example, its flagship installation for Samsung spans more than 160,000 internal users and more than one million total users worldwide. No competitor has installations on this scale.

Today, enterprises are shifting from deploying EDRM on a need-basis to employing it uniformly for all enterprise employees. Fasoo’s strategy of combining a highly interoperable product with custom services as needed has positioned it well to organically fulfill this growing demand. In contrast, competitors have tended to focus on formats or deployment environments within their core competency, and to rely on systems integrators or value added resellers to develop and deliver an overall solution for the enterprise.

Fasoo dominates the APAC markets, notably Japan and Korea, and is now expanding into major markets such as China in the East, and North America and Europe in the West, through a combination of strategic partnerships and organic growth. Fasoo is the only major player in the EDRM market who has remained a pure EDRM vendor. While acquisition by large corporations offers competitors the strength of better sales resources and a more established customer base, Fasoo is countering this in two ways. In the North American and European markets, it is joining efforts with established channel partners such as IKON Office Solutions, a wholly owned subsidiary of Ricoh Americas Corporation, and Toshiba America Business Solutions, Inc to reach customers and win market share. Second, Fasoo is being proactively sought out as a partner by leading data loss prevention (DLP) vendors who are trying to break into the APAC region.

“Fasoo effectively articulates shortcomings in competing offerings, while highlighting its own strengths in the context of customer pain points, to craft compelling sales messaging and marketing communication,” said Rambhia. “Its blue ocean strategy is to position the company as a pure EDRM vendor with the technology that is agnostic to asset management, server software and DLP systems, but which interoperates with all market leading applications and platforms and is scalable to meet the needs of large enterprises with global footprints.”

In recognition of its innovative competitive strategies, Frost & Sullivan is proud to recognize Fasoo with the Global Frost & Sullivan Award for Competitive Strategy Innovation of the Year in the EDRM market. Each year, Frost & Sullivan presents this award to the company that has demonstrated uniqueness of strategy, leveraging competitive intelligence to improve market position.

Frost & Sullivan’s Best Practices Awards recognize companies in a variety of regional and global markets for demonstrating outstanding achievement and superior performance in areas such as leadership, technological innovation, customer service and strategic product development. Industry analysts compare market participants and measure performance through in-depth interviews, analysis and extensive secondary research in order to identify best practices in the industry.

Source: Frost & Sullivan

Should Government Intervene In the Protection of Corporate IP?

Thu, 17 Mar 2011 00:42:00 +0000

Should government intervene in the protection of corporate IP? This is the thought provoking question that needs to be answered in light of the recent loss of corporate IP mainly to emerging economies like China? Is the government a stakeholder when IP is lost or stolen?

From a government perspective there are numerous issues that happen when a company looses its IP to a foreign competitor. To name a few an obvious impact on government is the loss of revenue in the form of taxes that can be directly or indirectly linked to that IP. Another impact for government is the unemployment benefits that have to be paid as a result of loss in revenue.

In the UK small businesses form almost 80% of the economy and a considerable number gain their competitive edge through intellectual property rights and trade secrets. Considering the impact these businesses have on the economy as a whole, tax breaks should be given to these businesses to enable them invest in protecting their IP and trade secrets, as well as setting aside funds for any legal challenges.

Such tax breaks are bound to yield a return for the government in terms of safeguarding jobs and increased tax revenues, overall it is a win win for all involved. The competition coming from the far east is a reality that is quickly catching up with the western economies, and the protection of IP and trade secrets is of great concern to governments in the west.

In the recent visit of the Chinese premier to the United States, the protection of IP was one of the key agenda items that was discussed. Nevertheless, the governments in North America and Western Europe need to be seen to play an active role and continue dialogue with various industries on the best way forward to achieve IP and trade secrets protection.

When network security is not enough

Sat, 26 Feb 2011 18:43:11 +0000

You may be in control of all within the perimeter of corporate security, but when data leaves that safe haven, information rights management is essential, argues security partner of Deloitte, Paul Boichat.

Controlling access to the most sensitive information and data in an organisation is an age-old problem with a trusted technical solution, but is it fit for purpose in today’s environment.

Click here to access the remaining article……..

Controlling Confidentiality

Thu, 24 Feb 2011 11:12:08 +0000

Cara Garretson has written an interesting article in the State Tech Magazine on using Enterprise Rights Management tools to help government agencies protect their most sensitive documents.

Cara puts forward a solid case why agencies should adopt Enterprise Rights Management. I believe that 2011 would see the highest rate of adoption for Enterprise Rights Management, as WikiLeaks remains centre stage and many emerging nations turn a blind eye to intellectual-property theft.

To read Cara’s article in the State Tech Magazine click here.

China: The Intellectual-Property Battleground

Thu, 24 Feb 2011 01:12:27 +0000

If the survival of your organization revolves around patents and the protection of intellectual property then read what James Dyson, the founder of Dyson vacuum cleaners has to say about why businesses need to keep their eyes on the ball, when it comes to protecting their IP as well making sure the patents are watertight and properly registered.

Access the full article by clicking here

UK Government Bodies Are More Vulnerable To Data Breaches

Mon, 21 Feb 2011 15:02:22 +0000

UK government bodies are more vulnerable to data breaches now than ever before. Last week saw the London borough of Ealing and Hounslow council fined £80,000 and £70,000 respectively by the Information Commissioner’s Office (“ICO”) following the loss of two laptops containing sensitive personal information.

I have been consulting with one of these councils for over a year now to consider the deployment of Enterprise Rights Management across the entire organisation but this has not yielded a positive result. The last time I spoke to one of the managers responsible for data security I was told that the council was deep in the middle of their ICT strategy and would not be in a position to review anything outside of that until at least late 2012.

With many jobs on the line in local government, there is a great risk that staff could leave with confidential information with the aim of starting their own businesses or selling the information to third parties. However, it is a shame to say that out of 36 local government authorities I have made contact with, not one seems to have a solid strategy to prevent this from happening.

Even those who eventually keep their jobs will be less motivated to put data protection at the top of their agenda, and as such leave the council vulnerable to all kinds of data breaches. This picture is reflective of all government establishments up and down the country, and if there is the potential for financial gain the more vulnerable the organisation becomes.

The very low uptake of tools like enterprise rights management and data loss prevention is a true reflection of where the government at both the national and local levels. It is unlikely that anyone would loose their jobs when a data breach happens, and as such unless the ICO enforces the adoption of data security tools, it will be hard to stem the data breaches.

When Unauthorized Access To Confidential Information Could Cost You

Tue, 15 Feb 2011 11:33:12 +0000

The UK government cancelled a highly lucrative contract last week because the company that won the contract illegally gained access to confidential information that allegedly gave it competitive advantage over other businesses bidding for the same contract.

According to the BBC the cancellation of a deal which would have privatised the UK’s search and rescue helicopters raised “serious questions” because the private consortium Soteria that had been named as preferred bidder for the £6bn contract, which was due to run by 2012 had gained access to commercially sensitive information according to the Ministry of Defence.

There have been many occasions access to such sensitive information could lead to a competitive advantage, however, on this occasion it has resulted in a £6bn loss in revenue. This is an situation where going through a due and fair process is the best route to follow even if you loose the contract.

The military police are currently investigating how a former RAF officer now working with Soteria was able to gain access to commercially sensitive information and pass it on to his current employers.

It will be interesting to see how the whole story unfolds, but for now it is unlikely that the contract will be awarded to the private sector and will remain under the Royal Air Force operations.

This story reveals that information security is still not watertight at some of the UK’s most important and strategic organizations and a lot of work still needs to be done to make it highly secured when it comes to managing confidential information.