DRM Branches Out in Real-World Rollouts

At the DRM Strategies conference, enterprise customers and vendors talk up actual commercial deployments by companies in banking, law and other industries.

After years of pilot technology tests, big and small businesses are now launching real-world, commercial digital-rights-management deployments, said customers and vendors at this weeks DRM Strategies conference, who outlined their experiences across fields as diverse as finance, law, market research and auto racing.

DRM started out as consumer-side technology, making its first appearances in television set top boxes and online music, according to Brett Sheppard, CEO and founder of Absolutely Inc., a technology consulting firm.

But about five years ago, DRM began branching out into a discipline known variously as either ERM (enterprise resource management) or EDRM (enterprise digital resource management).

Sheppard described both DRM and its ERM offshoot as combining elements of CM (content management) and IS (information security).

In a series of conference sessions and meetings, Sheppard and other presenters gave their perspectives on how enterprise-side DRM is solving business problems in environments ranging from Wells Fargo Bank to Pratt & Miller Engineering & Fabrication, an automotive design firm.

DRM is getting use across a smorgasbord of industries as a means of assuring that IP (intellectual property) doesnt get into the wrong hands.

Pratt & Miller, for instance, has deployed DRM technology from Authentica Inc. to protect the confidentiality of auto performance racing results.

"The company works with a lot of different road crews. They want to make sure that performance information [on a particular car] goes to the right crew. Also, theres a lot of turnover among road crews. A guy will leave one crew and go to another," Mark Overington, Authenticas vice president of marketing, said in a meeting with Ziff Davis Internet.

Yet a high preponderance of case studies talked about at Jupitermedias show this week revolved around early adopters in the financial industry.

Financial firms have been hit over the past few years with a rising number of government regulations, Sheppard said in a conference session called "Financial Services Applications." At the same time, the industry faces "diversification in types of content."

The collision of these two factors is pointing up the limitations of the access controls and encryption security traditionally used for guarding confidentiality.

In response, banks, insurance firms and other financial service providers have been testing new technologies—ranging from DRM to EIM (enterprise instant messaging) with audit trails—in an effort to find solutions.

Wells Fargo, for example, recently moved from the pilot phase to commercial deployment that combines Authenticas DRM technology with a product from Adobe Systems for digital signature capture and a third-party SSO (single sign-on) server, for secure access to all enterprise applications from a single place.

How is enterprise DRM useful? Earlier access-control systems for online financial data were server-based, according to Keith Banda, director of U.S. consulting for SealedMedia. In effect, this meant that the controls disappeared as soon as somebody downloaded the document to the desktop.

/zimages/1/28571.gifClick here to learn about some restrictions of DRM.

In contrast, DRM systems let the author maintain control of a document after it has left the server, even if the document later gets forwarded from one users desktop to another.

Moreover, DRM access controls are typically stronger. SealedMedias technology, for example, allows the document originator to prevent the document from being copied or printed, Banda said in a conference session.

"You can also control [whether access] will be online or offline, [and you can] revoke access to out-of-date documents," Banda said.

Wall Street trading firm SAC Capital is using SealedMedias technology to protect top secret information in M&A (merger and acquisition) deals. Additional SealedMedia customers in the financial services field include Winterhur, a Swiss insurance agency.

Majestic Research, another customer, has turned to DRM to protect its market research IP from being copied by clients, who might otherwise be tempted to share the information with colleagues.

But other industries outside of financial services are up against regulatory compliance pressures, too, said Authenticas Overington, who cited legal services and health care as examples.

CaseCentral, another Authentica customer, runs a secure ASP service for attorneys involved in M&As.

Before the advent of electronic services such as CaseCentral, parties in M&A transactions had no choice but to physically visit locked rooms in order to view sensitive information, according to Authenticas Overington.

The five-year-old hosting service has been using Authenticas DRM for the past two years, said CaseCentral president and CEO Christopher Kruse.

"Were getting much tighter control over customer data, along with ease of implementation," the customer told Ziff Davis Internet.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.