Two weeks ago I read a press release about WatchDox about the latest round of funding for this online document security business. In his comments Moti Rafalin, the WatchDox CEO said “Legacy enterprise digital rights management and data loss prevention products are failing to address the problem, and enterprises are realizing documents need to be seamlessly protected and controlled wherever they go.”

So what does Rafalin mean by Legacy enterprise digital rights management and data loss prevention products? Considering that both document security tools are less than 10 years old, what makes them legacy? To understand what he meant by legacy I revisited the WatchDox website to try and understand what WatchDox does that other enterprise rights management solutions don’t do.

First of all I watched the video and everything demonstrated in this video is what most other vendors like Oracle, Fasoo, NextLabs, Covertix and CheckPoint to name a few also have the capability of doing also. So what does Rafalin actually mean by his criticism of WatchDox’s competitors?

On the web page titled “WatchDox vs. DRM, IRM or eDRM”, 4 key differentiators are mentioned between WatchDox and enterprise rights management, namely:-

• Ease of use
• Facilitating sharing and collaboration
• Extended control
• Cost

Under ease of use the main claim is WatchDox’s no client installation; no passwords; no enterprise deployment; no IT; and no hassle. Like WatchDox other vendors like NextLabs and Covertix offer the same no client installation, while a majority of the other vendors offer the remaining features like no passwords and it does not have to be an enterprise deployment, and apart from the server software installation, no further IT involvement is required.

Under facilitating sharing and collaboration WatchDox mentions that traditional DRM solutions typically deal with the insider threat. I definitely know that this is not the case as Fasoo, NextLabs and Oracle have always had a view to providing security both inside and outside the corporate firewall.

Under extended control WatchDox claims that it allows tracking, updating, revoking and changing document permissions even after they had been sent. Again, these are standard features that other enterprise rights management vendors offer in their software.

Regarding cost, other vendors are providing cheaper solutions. Fasoo has a file server solution that costs $5,000 and is implementing a number of SaaS solutions through its partners to lower the entry barrier. Costs from other vendors are also falling in line with the current economic situation in order to remain competitive.

So is WatchDox an enterprise digital rights management solution? I am certain it is, but is it any different from other vendors out there? Yes it is on the basis that it only offers a web based solution. However, there are opportunities for non web based solutions which its competitors offer.

WatchDox is an innovator in the enterprise rights management space because as a business has found a way to lower the barriers to entry from a cost perspective and will continue to challenge the status quo, but is not any significantly different from any other enterprise rights management solution in the marketplace.

Below is a list of blogs that discuss topics on enterprise rights management.

1. eDocument Sciences

2. i-Cubed

3. Oracle

4. Seclore Technology

Side note: If you have a enterprise rights management blog that is kept up to date regularly, I would like to hear from you to get you listed.

I just read an interesting artcicle on eWeek titled “How to Prevent Data Security Leaks Caused by Human Error” by Angel Mehta, the chief executive officer at Sterling-Hoffman Executive Search. Angel is an advocate for Enterprise Rights Management and explains why he has deployed this tool in his organisation to prevent data security links caused by human error, make sure that you read the turning point for Angel under a case for ERM. As an idea, it will be good for executives considering Enterprise Rights Management to link up with him for advice so they can get a thorough understanding of how to best deploy this security tool and whether it is the right tool for their organisation.

To access the full article click here

As a side note: The eweek website is typical example of how not to design a website, the clutter from ads and other information placed on this website is just unbelievable, I think eweek could learn a few lessons from Google, Bing etc on how to design a good website.

Last week I did a review on a Gartner paper released in May 2010 titled “Enterprise Digital Rights Management”, following on from this, Gartner released another paper in June 2010 titled “Key Selection Criteria for Enterprise Digital Rights Management Solutions”. This paper before its release was much anticipated by myself and many other professionals who work with Enterprise Rights Management. So does this paper help potential clients know what to consider when it comes to selecting an Enterprise Rights Management solution? Well read on and let’s find out.

This paper was authored by Eric Quellet and Ray Wagner, and they start out by stating that the success of Enterprise Rights Management deployments depends heavily on features, functionality and livability of the solution with end users. Every requirement is different, and organisations should choose their Enterprise Rights Management solution based on what their requirements are and not on what the Enterprise Rights Management solution has to offer. Sometimes an Enterprise Rights Management solution is not what is required, as such a thorough analysis should be carried out as to whether it is the right solution.

Read More

If your organisation is considering implementing Enterprise Rights Management, hold on, not too fast! Do you know that the success of your Enterprise Rights Management project depends on how successful your organisation’s data classification has been implemented? When I talk about data classification with organisations, it fills many managers with trepidation but this does not have to be the case.

Data classification is core to a successful enterprise rights management project, it ensures information that needs locking down is locked down, while information that does not need securing is not in anyway difficult to access. Apart from the need to successfully implement your enterprise rights management project having a well implemented data classification program means you are able to efficiently manage your information lifecycle without having to pull in massive resources across the organisation when decisions about what to do with data once its lifecycle has changed.

Read More

Oracle Information Rights Management Separation of Duties

This video presentation by Simon Thorpe demonstrates how Oracle IRM can allow IT to take control over the creation and definition of IRM classifications whilst allowing the business to manage them. This clear separation of duties is one of the important aspects of the Oracle IRM solution.

As a matter of interest I am always monitoring news and what is being said about Enterprise Rights Management. A couple of days ago I came across a blog post titled “ERM The forgotten data security space”, I posted a comment as a response to this post shown below. To read the blog post go here…

Peter’s response

I am not sure ERM was ever a forgotten data security space as mentioned in this post. Part of the challenge that Enterprise Rights Management faced stemmed from the overwhelming task of organisations having to classify their data to get it to work. Also ERM in its early days was not as feature rich as it is today.

Read More

I read this interesting article by Marilee Veniegas and Zachary Price and posted by Valerie Levine on her blog. This article discusses why email and document security is no longer simply an option for companies, it is a necessity. According to the article implementing encryption solutions doesn’t have to be a financial burden. Enterprise rights management solutions are now accessible small to medium-sized businesses or sole-proprietorships too. Small Business Rights Management(SBRM) solutions provide businesses of a smaller scale an equal level of enterprise rights management and encryption previously available to large enterprise business.

To read the full article click here

Yesterday, I did a quick introduction to Trusted Virtual Domains and how it can help resolve many information security challenges we face today. Today we are going to do a high level view on how a TVD infrastructure is set up. First the premise for a TVD is that you can operate multiple TVDs on a single computer infrastructure network, each TVD can be independent of any other TVD if the business process requires. At the same time there could be intra and inter-communication between TVDs making possible a different access control to a file created in another TVD. A TVD itself consists of a number of virtual machines that share a common security policy and enforce it independently of the the physical environment that those virtual machines are running on.

In a virtualized environment, different applications and services together with their underlying operating systems are executed by different Virtual Machines (VMs) that share the same physical infrastructure. Each virtual machine runs in a logically isolated execution environment (which we call compartment), controlled by the underlying Virtual Machine Monitor (VMM). In such an environment, the user’s work space is executed in a virtual machine[1].

Read More

A few weeks ago I referred in one of my blog posts that Gartner has had its radar on Enterprise Rights Management. I also mentioned in my post that I will review the 2 most recent papers on Enterprise Rights Management, and that is what I intend to do here by reviewing the first paper published in May this year.

Enterprise Digital Rights Management by Eric Quellet is a must read paper for any organisation that is considering Enterprise Rights Management. It helps decision makers consider the implications of using Enterprise Rights Management to protect its intellectual property and how best to implement it. Eric starts of with the latest key findings about this security tool in which he refers to the proprietary nature of current EDRM solutions to which there are no industry wide standards. This has benefits from my perspective because it drives innovation for EDRM to become more user friendly and help reduce the total cost of ownership. There is something inherent about standards that slows the pace of innovation and development.

Read More

In a recent blog post, Simon Thorpe of Oracle IRM does an analysis on a recent article in the Register by Jon Collins based on a survey conducted by research company Freeform Dynamics. This survey asked about general use of encryption and what people thought were the main areas where cryptography should be used to protect sensitive information.

In this post Simon goes on to mention how information rights management or enterprise rights management can take the sting out of the need to encrypt everything when in the true sense only a small part needs encrypting. Simon also reveals the weaknesses in hard disk encryption, and how enterprise rights management fills that gap.

To access this interesting post click here

In line with what many IT and security analysts have been predicting Seclore Technology a major player in the Enterprise Rights Management* (ERM) marketplace and Websense a leading Data Loss Prevention (DLP) solution provider have teamed up to provide an integrated solution that will help organisations protect their intellectual property and confidential data, as well as lower the total cost of ownership.

The integrated solution will enable companies to reduce the application of manual rights, as well as reduce cost and complexity, and ensure that policies are applied consistently and pervasively. As a result, customers will be able to automatically discover, tag, and protect confidential information within and outside of the enterprise.

Read More

Photo Credit: gmotors.ie

Last week Audi revealed the design of the new Audi A7 sportback, the luxury sportback that is to go head to head with the Mercedes-Benz CLS and the Porsche Panamera. In the midst of all the fanfare on the launch was the fact that Audi suffered an information breach. The launch which was scheduled for Monday July 26, 2010 was widely available on the web on Sunday July 25th.

Read More

This is a reminder to register for this much anticipated webcast if you have not done so.

When: Aug 05 2010 12:00 pm (EST)

Presenting: Jay Leek, Nokia, Global Manager, Corporate IT Security

It was not too many years ago when companies thought they were secure by simply deploying a firewall or other network security related solutions. Then came other infrastructure related security solutions, followed by the application security related buzz. While all of these solutions are important and still needed today, they often miss target of what’s most important to an organization protecting the data, or intellectual property, itself.

Read More