The company is uniquely positioned as an independent vendor of pure Enterprise Digital Rights Management products

MOUNTAIN VIEW, Calif. - July 11, 2011 - Based on its recent analysis of the enterprise digital rights management (EDRM) market, Frost & Sullivan recognizes Fasoo.com, Inc. with the 2011 Global Frost & Sullivan Award for Competitive Strategy Innovation of the Year. Fasoo.com (Fasoo) has successfully retained its leadership in the Asia-Pacific (APAC) markets and is seeing steady improvement in its global market position based on its unique technology, ongoing R&D improvements, comprehensive product capability and effective use of competitive intelligence.

In the global EDRM market Fasoo competes with Microsoft that has the strength of its Windows Server and Office products, which are mainstay applications for enterprises worldwide. Fasoo’s technology approach is driven by security and practical considerations. By overriding an application’s memory space, it provides a strong approach to document protection that integrates smoothly with the end-user experience even for third party applications, where EDRM vendors do not have access to the program code.

“This is a difficult approach for several reasons, including risk of performance impact and the requirement of keeping pace with application and document format updates,” said Frost & Sullivan Research Analyst Avni Rambhia. “Fasoo has developed the technical strength and deployment process to execute it well.”

Another unique Fasoo’s strength is its ability to scale operations across large enterprises, which are often a patchwork of identity management and client application systems across various enterprises. Fasoo has strong experience in securing information on an enterprise-wide level for large, globally distributed companies. For example, its flagship installation for Samsung spans more than 160,000 internal users and more than one million total users worldwide. No competitor has installations on this scale.

Today, enterprises are shifting from deploying EDRM on a need-basis to employing it uniformly for all enterprise employees. Fasoo’s strategy of combining a highly interoperable product with custom services as needed has positioned it well to organically fulfill this growing demand. In contrast, competitors have tended to focus on formats or deployment environments within their core competency, and to rely on systems integrators or value added resellers to develop and deliver an overall solution for the enterprise.

Fasoo dominates the APAC markets, notably Japan and Korea, and is now expanding into major markets such as China in the East, and North America and Europe in the West, through a combination of strategic partnerships and organic growth. Fasoo is the only major player in the EDRM market who has remained a pure EDRM vendor. While acquisition by large corporations offers competitors the strength of better sales resources and a more established customer base, Fasoo is countering this in two ways. In the North American and European markets, it is joining efforts with established channel partners such as IKON Office Solutions, a wholly owned subsidiary of Ricoh Americas Corporation, and Toshiba America Business Solutions, Inc to reach customers and win market share. Second, Fasoo is being proactively sought out as a partner by leading data loss prevention (DLP) vendors who are trying to break into the APAC region.

“Fasoo effectively articulates shortcomings in competing offerings, while highlighting its own strengths in the context of customer pain points, to craft compelling sales messaging and marketing communication,” said Rambhia. “Its blue ocean strategy is to position the company as a pure EDRM vendor with the technology that is agnostic to asset management, server software and DLP systems, but which interoperates with all market leading applications and platforms and is scalable to meet the needs of large enterprises with global footprints.”

In recognition of its innovative competitive strategies, Frost & Sullivan is proud to recognize Fasoo with the Global Frost & Sullivan Award for Competitive Strategy Innovation of the Year in the EDRM market. Each year, Frost & Sullivan presents this award to the company that has demonstrated uniqueness of strategy, leveraging competitive intelligence to improve market position.

Frost & Sullivan’s Best Practices Awards recognize companies in a variety of regional and global markets for demonstrating outstanding achievement and superior performance in areas such as leadership, technological innovation, customer service and strategic product development. Industry analysts compare market participants and measure performance through in-depth interviews, analysis and extensive secondary research in order to identify best practices in the industry.

Source: Frost & Sullivan

Two weeks ago I read a press release about WatchDox about the latest round of funding for this online document security business. In his comments Moti Rafalin, the WatchDox CEO said “Legacy enterprise digital rights management and data loss prevention products are failing to address the problem, and enterprises are realizing documents need to be seamlessly protected and controlled wherever they go.”

So what does Rafalin mean by Legacy enterprise digital rights management and data loss prevention products? Considering that both document security tools are less than 10 years old, what makes them legacy? To understand what he meant by legacy I revisited the WatchDox website to try and understand what WatchDox does that other enterprise rights management solutions don’t do.

First of all I watched the video and everything demonstrated in this video is what most other vendors like Oracle, Fasoo, NextLabs, Covertix and CheckPoint to name a few also have the capability of doing also. So what does Rafalin actually mean by his criticism of WatchDox’s competitors?

On the web page titled “WatchDox vs. DRM, IRM or eDRM”, 4 key differentiators are mentioned between WatchDox and enterprise rights management, namely:-

• Ease of use
• Facilitating sharing and collaboration
• Extended control
• Cost

Under ease of use the main claim is WatchDox’s no client installation; no passwords; no enterprise deployment; no IT; and no hassle. Like WatchDox other vendors like NextLabs and Covertix offer the same no client installation, while a majority of the other vendors offer the remaining features like no passwords and it does not have to be an enterprise deployment, and apart from the server software installation, no further IT involvement is required.

Under facilitating sharing and collaboration WatchDox mentions that traditional DRM solutions typically deal with the insider threat. I definitely know that this is not the case as Fasoo, NextLabs and Oracle have always had a view to providing security both inside and outside the corporate firewall.

Under extended control WatchDox claims that it allows tracking, updating, revoking and changing document permissions even after they had been sent. Again, these are standard features that other enterprise rights management vendors offer in their software.

Regarding cost, other vendors are providing cheaper solutions. Fasoo has a file server solution that costs $5,000 and is implementing a number of SaaS solutions through its partners to lower the entry barrier. Costs from other vendors are also falling in line with the current economic situation in order to remain competitive.

So is WatchDox an enterprise digital rights management solution? I am certain it is, but is it any different from other vendors out there? Yes it is on the basis that it only offers a web based solution. However, there are opportunities for non web based solutions which its competitors offer.

WatchDox is an innovator in the enterprise rights management space because as a business has found a way to lower the barriers to entry from a cost perspective and will continue to challenge the status quo, but is not any significantly different from any other enterprise rights management solution in the marketplace.

I found this interesting article on the computer weekly website on how to protect data that is circling outside the enterprise firewall on non-IT-controlled devices, written by Andrew Jaquith of Forrester Research. This article recognises that the enterprise security perimeter is quickly dissolving, therefore organisations should take the necessary steps to deploy the right tools that allow for persistent security.

I previously reviewed a research paper on enterprise rights management authored by Andrew on this blog, and I recommend that you also read this article, especially if data protection is one of the area of concerns for you and your organisation. Now head off to the computer weekly website and read the five patterns for securing data on devices you don’t own.

To access the article click here…..

Below is a list of blogs that discuss topics on enterprise rights management.

1. eDocument Sciences

2. i-Cubed

3. Oracle

4. Seclore Technology

Side note: If you have a enterprise rights management blog that is kept up to date regularly, I would like to hear from you to get you listed.

I just read an interesting artcicle on eWeek titled “How to Prevent Data Security Leaks Caused by Human Error” by Angel Mehta, the chief executive officer at Sterling-Hoffman Executive Search. Angel is an advocate for Enterprise Rights Management and explains why he has deployed this tool in his organisation to prevent data security links caused by human error, make sure that you read the turning point for Angel under a case for ERM. As an idea, it will be good for executives considering Enterprise Rights Management to link up with him for advice so they can get a thorough understanding of how to best deploy this security tool and whether it is the right tool for their organisation.

To access the full article click here

As a side note: The eweek website is typical example of how not to design a website, the clutter from ads and other information placed on this website is just unbelievable, I think eweek could learn a few lessons from Google, Bing etc on how to design a good website.

A few weeks ago I referred in one of my blog posts that Gartner has had its radar on Enterprise Rights Management. I also mentioned in my post that I will review the 2 most recent papers on Enterprise Rights Management, and that is what I intend to do here by reviewing the first paper published in May this year.

Enterprise Digital Rights Management by Eric Quellet is a must read paper for any organisation that is considering Enterprise Rights Management. It helps decision makers consider the implications of using Enterprise Rights Management to protect its intellectual property and how best to implement it. Eric starts of with the latest key findings about this security tool in which he refers to the proprietary nature of current EDRM solutions to which there are no industry wide standards. This has benefits from my perspective because it drives innovation for EDRM to become more user friendly and help reduce the total cost of ownership. There is something inherent about standards that slows the pace of innovation and development.

Read More

In a recent blog post, Simon Thorpe of Oracle IRM does an analysis on a recent article in the Register by Jon Collins based on a survey conducted by research company Freeform Dynamics. This survey asked about general use of encryption and what people thought were the main areas where cryptography should be used to protect sensitive information.

In this post Simon goes on to mention how information rights management or enterprise rights management can take the sting out of the need to encrypt everything when in the true sense only a small part needs encrypting. Simon also reveals the weaknesses in hard disk encryption, and how enterprise rights management fills that gap.

To access this interesting post click here

In line with what many IT and security analysts have been predicting Seclore Technology a major player in the Enterprise Rights Management* (ERM) marketplace and Websense a leading Data Loss Prevention (DLP) solution provider have teamed up to provide an integrated solution that will help organisations protect their intellectual property and confidential data, as well as lower the total cost of ownership.

The integrated solution will enable companies to reduce the application of manual rights, as well as reduce cost and complexity, and ensure that policies are applied consistently and pervasively. As a result, customers will be able to automatically discover, tag, and protect confidential information within and outside of the enterprise.

Read More

Photo Credit: gmotors.ie

Last week Audi revealed the design of the new Audi A7 sportback, the luxury sportback that is to go head to head with the Mercedes-Benz CLS and the Porsche Panamera. In the midst of all the fanfare on the launch was the fact that Audi suffered an information breach. The launch which was scheduled for Monday July 26, 2010 was widely available on the web on Sunday July 25th.

Read More

This is a reminder to register for this much anticipated webcast if you have not done so.

When: Aug 05 2010 12:00 pm (EST)

Presenting: Jay Leek, Nokia, Global Manager, Corporate IT Security

It was not too many years ago when companies thought they were secure by simply deploying a firewall or other network security related solutions. Then came other infrastructure related security solutions, followed by the application security related buzz. While all of these solutions are important and still needed today, they often miss target of what’s most important to an organization protecting the data, or intellectual property, itself.

Read More

Report Watch

Aberdeen Research is releasing a report titled “Putting the P in DLP: From End-User Education to Encryption to Enterprise Rights Management” to be published on July 31, 2010. For all those interested in Enterprise Rights Management this will be a good one to watch out for as Aberdeen have always done a thorough job in this field.

Like most of their reports if you register on their website, you might be able to obtain this report for free online for a month after the publishing date.

In light of the latest intellectual property theft at General Motors, below is a list of data breaches that could have been prevented by Enterprise Rights Management. After you have gone through the list ask yourself am I as vulnerable as any of these organisations that have been affected?

1. In 2010 a former General Motors engineer and her husband conspired to steal trade secrets about hybrid technology and use the information to make private deals with Chinese competitors.
2. In 2010 a rogue MI6 agent attempted to sell MI6 confidential documents to the Dutch intelligence services for £2M GBP ($3M USD)
3. In 2010 bank details relating to a significant number of companies who do business with Tralee Town Council in Ireland was sent to rival suppliers by email.
4. In 2010 Motorola Inc, the US maker of mobile phones and two-way radios, sued rival Huawei Technologies Co for allegedly conspiring with former employees to steal trade secrets.
5. In 2009 a former Ford product engineer steals over 4000 confidential documents containing trade secrets from his former employer.
6. In 2008 a former Intel Corp. design engineer was charged with theft of trade secrets from the chip maker while secretly working for rival Advanced Micro Devices (AMD) Inc.
7. In 2008 one of Eli Lilly’s (a major pharmaceutical) outside lawyers at Philadelphia-based Pepper Hamilton had mistakenly emailed highly confidential information on settlement talks with the US government to New York Times reporter Alex Berenson instead of Bradford Berenson, her co-counsel at another law firm Sidley Austin. The content of the email was regarding a $1b secret settlement on the Zyprexa drug investigation.
8. In 2008 an HP employee distributes trade secrets he received while at his former employer IBM

As you know Enterprise Rights Management also referred to as Information Rights Management is all about protecting unstructured data. Derek Brink of Aberdeen Group gave an interesting webinar on BrightTalk in May of 2009 on how organisations manage and address security for unstructured data and how best-in-class manage to serve and protect their unstructured data.

To access this webinar you need to create an account with BrightTalk if do not have one. This webinar is located under Governance, Risk and Compliance under Information Technology. The research paper on which this webinar is based can be accessed via the Aberdeen Group website.

You can access the webinar here.

Length of webinar: 33 minutes

There are occasions when information that has been protected by Information Rights Management is no longer required, this could mean information can be put out into the public domain to encourage further innovation, to address past issues, adopt lessons learnt or to abide by some regulatory or legislation requirement about making information accessible to everyone.

This key factor should be considered when information or data owners should consider when choosing an Information Rights Management solution. I have seen many occasions where there has been a very high emphasis on protecting data with information rights management, but no question has been asked how to remove the protection so that it becomes accessible to all.

For example in the United States the Freedom of Information Act that was signed into law in 1966 allows for the full or partial disclosure of previously unreleased information and documents controlled by the United States Government. In the United Kingdom the Freedom of Information Act 2000 is an Act of the Parliament that introduces a public “right to know” in relation to public bodies in which members of the public can demand for information not in the public domain.  The full provisions of the act came into force on 1 January 2005. In the private sector there have been occasions where businesses have released trade secrets into public domain to encourage further innovation.

Transparency means that for full disclosure protection has to be completely removed from all documents previously protected with information rights management, but partial disclosure means that information protection has to be organised in a logical order to take into account the need to release part of that information into the public domain without compromising information that still needs to be protected.

A lack of strategy to address putting information previously addressed as confidential into the public domain could prove to be more of a headache than implementing Information Rights Management if not adequately addressed during the planning stage. Whatever information rights management solution you decide to go with you need to be assured that you can easily remove the rights protection on any data as easily as you can put it on.