Enterprise Rights Management over the years has made great inroads into the protection of computer aided design files. 95% of CAD files represent intellectual property of businesses around the world, however the dark-side to CAD is that in electronic format can be emailed or transferred to another party without the knowledge of the owner of the content.

Today many designs are sent to countries like China, Indonesia and India for manufacturing with confidential disclosure contracts binding on the manufacturer, but what happens if a rogue employee gets hold of the designs and sells it on to other businesses? As an owner of intellectual property like computer aided designs you owe it to the survival of your business to make sure you can monitor where your IP is and be in control of it no matter where it may be located.

Read More

Yesterday, I wrote a post titled “What Global Companies Are Spending on Google” in which confidential information about advertising spend on some of Google’s major accounts was leaked to the public domain. From an outside perspective one may ask what is all the fuss about that information becoming public? Well here is one reason, one can roughly work out who is paying less or more for their advertising and come to the conclusion that they are operating on different price lists. So you can see why this information is so critical to Google that this information is tightly secured.

Read More

Recently we learnt that BP went about cost savings during the development of the deep water well Horizon. In an attempt to save a mere $10 million by going against the advice of its contractors, methods employed to get the well up and running were below the optimal requirements. Whether BP dismissed Halliburton’s advice we don’t know, but one thing we can say for sure is that in an attempt to save $10 million the following 6 adverse situations have resulted:-

• Costs almost approaching $2 billion and growing
• Loss of ½ its market value
• A significant downgrade in credit rating from AA to BBB; down 6 notches and just above junk status
• Reputational damage likely to linger on for years to come
• Operating in a more regulated environment in the future resulting in increased costs.
• An environmental clean-up bill that will linger on for many years to come.

Although BP’s problem is an environmental issue and top of the agenda of many, so is information security. The public do not tolerate companies that cannot properly secure their personal data entrusted to it. When there is a data breach it is almost as a result of neglect or failure to listen to what the IT security experts are advising. With the cost of a data breach around $200 per data record, how can you justify not spending $50K or $100K on that security tool or taking on additional resources that will reduce the risk of your organisation being found negligent in the way it secures personal data?

Cost cutting is a great tool for businesses to increase profitability, but this has to be done within reason and the best way to achieve this is by identifying were there is waste and cutting it out. However, cost cutting in IT security should be executed with ultimate caution and due diligence. Regulatory compliance requires that certain standards be met, however it makes sense for businesses to go beyond what is required from a regulatory viewpoint because as often found regulatory requirements fall behind the times.

Governments around the world are taking data breaches very seriously by imposing fines and calling the organisation’s management to become accountable. Data breaches like the one experienced by Heartland can last for years, with ongoing costs running into millions, class action law suits and fixing the damage done. Even areas of data security that are not governed by regulatory requirements need to be secured by the best tools and resources available because it impacts the bottom line.

Tools like database encryption, enterprise rights management, data loss prevention and all other forms of perimeter and endpoint security tools are available in the marketplace today, which will in one way or the other give you an edge over the “bad guys”. When it comes to decisions about the environment as well as IT security, when you cut costs you may save a few dollars in the short term you may save pennies, but in the long term you could end up being liable to untold amount in costs. You don’t have to end up like BP or Heartland, take action and secure that data by plugging all your vulnerabilities.

1. Enforce a subscription model and protect the value of your intellectual property.
2. Distribute important information and make its access/availability to a future date and time.
3. Communicate safely and effectively with partners outside your firewall in a way that does not compromise your intellectual property.
4. Protect your revenue stream by allowing only authorised sharing and copying of your intellectual property.
5. Revoke access to intellectual property to customers that do not maintain their subscription dues.
6. Carefully control how confidential matter is printed by watermarking printed documents with the user’s identity as part of the watermark.
7. Take a document out of circulation regardless of its location.
8. Continuously track document access and activity especially if an approval process is required.
9. Collaborate on the development of a confidential document or design and prevent unauthorised distribution of these documents/designs.
10. Achieve regulatory requirements through the use of a verifiable audit trail.

Fasoo Secure Exchange Server

Do you work with external partners and suppliers? Do you have to share confidential or sensitive information with these partners and suppliers, but worried about that information going beyond the permitted parties? This video from Fasoo explains how you can secure information that travels beyond your firewall, with the ability for you to monitor and control that information.

This video tells you about the capability of enterprise rights management, which is also known as information rights management and how it can help secure your sensitive documents.

Avoco Secure2trust

Avoco demonstrates a new and innovative application that shows the power of combining the Microsoft Windows 7 Touch interface, with the Windows Sensor platform & Avoco enterprise rights management software. This application utilizes windows 7 touch screen technology to control and apply persistent security to protect documents depending on the GPS location they opened in.

This week saw the acquisition of the Enterprise Rights Management software vendor Liquid Machines by Check Point. This acquisition is a confirmation of further consolidation and integration needed to raise the profile of enterprise rights management software.

In a number of past blog posts I mentioned the superiority of Enterprise Rights Management over full disk encryption and file encryption, and Check Point’s acquisition confirms this because it already has its own file encryption tools. This is a recognition that the benefits of enterprise rights management around persistent security will always be the main advantage it has over any other encryption tool.

From Check Point’s perspective, this acquisition helps the company to leverage their suite of security tools, helping the company to draw from a wider selection of possible tools when recommending solutions to their clients.

I am hoping Check Point has not has not paid way above the market price as there are current pressures for enterprise rights management price tags to come down as price is another key factor to wider acceptance of this technology.

I believe that there will be further mergers and acquisitions in the enterprise rights management area over the next 12 months, but because of the downward pressure on product prices and implementation costs, return on investments will take longer than initially expected. Finally, this acquisition indicates that enterprise rights management is coming of age and will have its place in the enterprises’ overall information security strategy.

Over the years I have seen many software applications become resource intensive that they cause a drag on other resources. Anti-virus programs are normally guilty of falling into this category commonly called as bloatware. Bloatware is normally a result of poor and inefficient programming techniques.

I have observed a new class of software which is persistent on hugging your system resources, and no matter what you do to terminate the application it simply does not go away. This type of software I’ll call goatware, derived from the four legged hoofed animal called goat.

The goat is a very stubborn animal in nature because it has the tendency to return to a crime scene no matter how much you take steps to chase it away, hence goatware. Goatware leads to computer rage and frustration, such as the one seen on Youtube where the man smashes his computer because of the persistent nature of the problem. Although I am a keen supporter for Enterprise Rights Management, my concerns are that as this software evolves it might go down the route of becoming goatware where it hugs system resources like some encryption tools and antivirus software we all know.

The success and continuous acceptance of Enterprise rights management is predicated upon having little or no impact on system resources, as well as not impacting the way users perform their normal duties. So it is imperative that all enterprise rights management software do not hug system resources in a way that will bring about its demise before it becomes a main stream product.

Redwood City, CA — June 09, 2010 

Check Point® Software Technologies Ltd. (Nasdaq: CHKP), the worldwide leader in securing the Internet, today announced the acquisition of privately held Liquid Machines, a leader in enterprise rights management.  Liquid Machines’ award-winning products prevent the misuse, modification, loss or theft of intellectual property and sensitive information residing in documents. Liquid Machines specializes in data protection and has 12 issued and pending patents for document encryption and content security. The acquisition……..

Forrester has just released a market overview on Enterprise Rights Management by Brian Hill and Andrew Jaquith. This is a well written research document with the latest perspective on the Enterprise Rights Management market. Products from 8 key vendors are evaluated namely Adobe Systems, Covertix, EMC, GigaTrust, Liquid Machines, Microsoft, NextLabs and Oracle. Forrester believes that Enterprise Rights Management is among the most robust information protection technologies available to organisations today, yet it is regarded as optional.

This paper asserts that Enterprise rights management enquiries are not as high data loss prevention and is described as a “tweener technology” with very few enterprisewide deployments. The largest deployment I know is 50,000 seats at Samsung in Asia through the software vendor Fasoo, after which many other deployments I know of are 1,000 seats or less. Forrester also expressed that high costs are still a concern and a barrier to adopting this technology, but I can see this barrier being lowered with cost effective solutions now becoming available.

Forrester is optimistic about the future growth of enterprise rights management and describes strategies for deployment. The future for Enterprise rights management lies in further integration with other security tools like DLP and resource management tools like document management systems.

Although this market overview does not cover all the major enterprise rights management vendors; Brainloop, Fasoo and Seclore Technology are among the vendors missing from the list. I highly recommend that any organisation or department considering how to protect their information assets refer to this paper before a final decision is reached.

To obtain this document please go to the forrester website via the following link.

When I explain what Enterprise Rights Management or Information Rights Management is and what it can do. The common response in form of a question is “You can do that?” DRM or Digital Rights Management started in the music industry and has quickly spread to the IT industry with the aim of security confidential data. Today, Enterprise Rights Management complements document management systems, perimeter security, and other methods of restricting access to sensitive information.

Enterprise Rights Management takes a different tact to confidential information security by actually marrying security with application specific information itself and enforcing policies persistently across users and locations. In this way, access protection and usage control enforcement travels with electronic documents from machine to machine protecting against confidential information loss, theft, and modification.

Only Enterprise Rights Management solutions control data across its lifecycle and its common states: at rest, in motion or transit, and in use. Leading Enterprise Rights Management solutions like Fasoo, Oracle, Liquid Machines, GigaTrust, EMC and Adobe contain enterprise features like central management, strong reporting and auditing, and integration with other critical components of the IT infrastructure, making this a superior solution today.

So when would you use Enterprise Rights Management in your organisation? Enterprise Rights Management would be used in the following situations:

• When you need to retain control of sensitive information, even after it has been delivered.
• When you want to track content forwarded to internal and external audiences.
• When you want to prevent unauthorized access to, extraction from, or editing of information.
• When you want to revoke information access when business requirements dictate.

A good Enterprise Rights Management software would support many file formats beyond Adobe Acrobat file types, and should have sufficient backward compatibility, i.e. it should be able to support older file types for current software, for example MS Office 97.

The beauty of Enterprise Rights Management is that security is persistent, which means whatever or wherever the file is stored it can never be accessed by anyone without the correct permissions. Ultimately, Enterprise Rights Management is the superior approach to data security in that when a firewall is breached it is still impossible to gain access to files that have been DRM secured. So whether your data is at rest, in motion or in use you can be rest assured that your confidential information is safe.

Executives need to audit their organisations based on this single question. If this data gets into the wrong hands what will be the implication that will result from this breach? If it will cause untold reputation damage and sleepless nights then Enterprise Rights Management is the tool that you need to deploy to prevent this from happening.

Reference:
Enterprise Rights Management: A Superior Approach to Information Protection and Control by Jon Oltsik. Enterprise Strategy Group, March 2008.

In May 2010 details relating to a “significant” number of companies who do business with Tralee Town Council in Ireland was sent to rival suppliers by email.

The incident was a result of an error using a mail merge application used in the generation of pre-electronic fund transfer checks. This resulted in emails being issued out of sequence. Consequently, bank details of companies who do business with the council were released to other companies.

A similar breach occurred when in 2008 when one of Eli Lilly’s (a major pharmaceutical) outside lawyers at Philadelphia-based Pepper Hamilton had mistakenly emailed highly confidential information on settlement talks with the US government to New York Times reporter Alex Berenson instead of Bradford Berenson, her co-counsel at another law firm Sidley Austin. The content of the email was regarding a $1b secret settlement on the Zyprexa drug investigation.
 
To prevent embarrassing moments like these, Enterprise Rights Management can prevent situations like these where an email that contains confidential information like financial details, trade secrets, and boardroom communications are encrypted and need to be authenticated before access to the content is granted.

This solution does not have to be deployed across the enterprise but only in business units that deal with confidential data on a daily basis. If you think that your current operations could expose you to the same risk as Tralee Town Council or Eli Lilly, then you need to investigate how Enterprise Rights Management can resolve this problem

If you have any questions on Enterprise Rights Management, send me your comments.

Google’s decision to start moving away from the Windows operating system because of its vulnerabilities in my opinion represents a seismic shift in the IT industry. Although Google is still silent on this matter, if true many big enterprises will start to look into the feasibility of migrating to other operating systems like Linux, OS X and in the future Chrome OS.

It could be that the security vulnerabilities that we have suffered over the last three decades have been due to our dependency on a predominant operating system namely Windows. Maybe, if we had ten or more operating systems to choose from, and all with equal share of the market we would be less vulnerable than we are today, who knows?

However, no matter how many operating systems are available to us in the future, there will still be the need to protect confidential information like trade secrets, boardroom communications, financial data etc both within the corporate firewall and beyond. So it is becoming imperative that Enterprise Rights Management software vendors begin to observe the current trends and begin to develop a strategy to support the other operating systems like Linux, OS X and Chrome OS.

Enterprise Rights Management vendors that are able to respond to these changes will competitively place themselves to capture the new opportunities on the horizon.

All comments are welcome

If you are familiar with my blog, you know there are many Enterprise Rights Management Solutions (also called Information Rights Management or Enterprise DRM) out there. This is a technology that is gaining in popularity, but you have to choose a solution that will meet your requirements. Remember, you don’t have to compromise.

So what are the 10 top must haves in the selection of your enterprise rights management solution?

1. Support for all file formats
   Must support all file formats within your organisation, and extendable to support native file formats
   
   
2. Scalability
   Depending on your requirements, you should always ask what their largest deployment is by users. If this is going to be used by a small department then this requirement may not be pertinent.
   
   
3. Integration with all applications
   The enterprise rights management solution must be application agnostic. In other words it will keep up with the updates of rendering applications no matter what file format.
   
   
4. Support for Role based policies
   Role based policies ensures flexible access to protected documents instead using a person’s name. The individual name is entered under a policy, while the policy is applied to the document.
   
   
5. Support for both internal and external collaboration.
   Your Enterprise DRM solution should enable you protect files within and outside your Firewall.
   
   
6. Integration with the Enterprise’s Identity and Access Management (IAM).
   Using enterprise rights management integration feature will further the enterprise’s goal of using IAM to provide appropriate access to enterprise resources. IAM encapsulates people, processes and products to identify and manage the data used in an information system to authenticate users and grant or deny access rights to data and system resources.
   
   
7. Offline capability.
   You should be able to work with enterprise rights management protected files even when offline or when a network is not available.
   
   
8. Less administrative overhead in terms of transparency to the user.
   The Enterprise DRM solution selected must not significantly disrupt the way users perform their normal work.
   
   
9. Integration with Data Loss Prevention.
   Depending on your network infrastructure your Enterprise DRM solution must integrate with data loss prevention solution or possess its own context sensitive solution.
   
   
10. Unpackage protected files.
    There will be times when confidential documents no longer remain confidential and can be released into the general domain. You should be able to remove the Enterprise DRM protection on such documents.

Other names for Enterprise Rights Management are:-
1. Enterprise DRM
2. Enterprise Digital Rights Management
3. Information Rights Management
4. Intelligent Rights Management and
5. Document Rights Management