I was recently called out to comment on the enterprise digital rights management (DRM) issue. Kind of surprising because RedMonk is a long time DRM critic, but usually in the consumer experience space (anyone for an iTunes boycott? Use eMusic instead.)
But there are some important questions to ask in an enterprise context.
I wrote here about the potential danger of vendor kill clauses a while back.
You see, if the vendor in question decides you have broken the terms of the software license, they could, in theory simply turn your documents off. The vendor , not the customer, holds DRM keys.
Of course you could argue the great majority of current documents usually require Microsoft anyway, to read them. But those documents are readable. DRM on the other hand adds a whole new level of difficulty.
I appreciate that enterprise DRM has a role to play, and even have a client in the space-Workshare, which protects documents from being used inappropriately. SealedMedia (recently acquired by Stellent) is another player here, while Adobe and Microsoft have their own solutions.
So what I would caution is that organisations thing long and hard about what they plan to restrict and why. Just what is a trade secret and why?
DRM would prevent, for example, serendipitous discovery of useful content by other people in the company, if the policy was too granular. We’re moving towards google-like search, but DRM could cut that approach off at the knees.
What I am saying is that DRM creates new escrow challenges, and organisations should know exactly what they are using it for, and why, and what risks they are mitigating, before embarking on an enterprise DRM strategy.
With DRM you can’t have mashups or lightweight content integration. Is that a price you’re willing to pay?
Workshare will ensure, for example, that document PDF metadata is stripped before a document leaves the company – very useful in avoiding reputational damage.
But not all documents need that protection.
So there you go – if information is the lifeblood of your organisation the danger is that DRM will clog your arteries.
James says:
September 2, 2006 at 2:23 pm
Gotta figure out how to get industry analysts to talk about XACML. If it were combined with say XML signatures this may allow for standards based DRM.
Thomas Otter says:
September 6, 2006 at 10:49 am
James,
Spot on.
DRM isnt document security.
DRM is essentially about embedding copyright law into digital documents. I sense a long post coming on this. (fair use etc)
To attempt to apply copyright control technologies to manage internal document access controls is plan dumb. It isnt a rights issue at all.