Digital rights management's role in business explained

Sohn, in London for a Documentti conference on DRM issues yesterday, told his audience that, whilst enterprise DRM technology has been available for more than a decade, it is only in recent years that the security technology has started to take off.

In China, he explained, it is becoming commonplace for employees with one company to simply turn up at another rival firm a few days after leaving their original company.

"Intellectual property and its protection is a major issue for a growing number of organisations there and, as many companies are discovering, once a file leaves the company, they lose control over it", he said.

But as well as protecting a data file and its intellectual property contents from being seen by a rival, Sohn said that DRM is also proving useful when it comes to external audits in companies.

A problem can arise, he says, when an external auditor – because of the job s/he has to do – has to have full access to a company's files, including its intellectual property.

"It's a possibility that these guys may have relations working with a rival of the company they are auditing, so you have to protect your data", he said, adding that DRM allows management to grant access rights to a given group of files and, when the external audit is complete, access is then revoked.

This limited access rights window can either be enabled as a feature of the DRM-enabled file at its point of creation – for example, allowing access to the file for as little as a day, if required. Or, since the DRM-enabled file 'phones home' across the internet each time it is accessed, access rights can be revoked at any time.

Fasoo.com's deputy general manager then outlined the situation of a movie studio wanting to offer a part to one of two actors. If the first actor reads the script and turns the part down, but then sends the file on to his agent, if he has turned the part down, the access rights to the script can be automatically revoked.

Then, even if the agent has attempted to read the file and is refused, the audit log from the DRM software will show the unauthorised accesses, right down to the time, date and IP address, from when the agent tried to access the script.

"With DRM, the problem of email access to files can be very carefully controlled. Even though the data has left the company, the company still retails granular control over it", he said.

And regardless of whether the data is at rest, in transit or in use, DRM controls the access, he added.

Other real-world applications of DRM, he went on to say, include the provision of price lists; if a list is updated, access rights to the old list are simply revoked, ensuring there is no confusion.

Medical data, including patient records, can also be carefully controlled, but allowing access to the right people, including those external staff that need access on a temporary basis, to verify compliance issues, is also possible with DRM, he explained.

"Even in the financial services industry, people still make mistakes – one mistake can cause a data leak", he said, adding that, even if someone takes an analogue photo of a screen, DRM technology creates visible and invisible digital watermarks that allow audit and legal staff to trace a screen image back to its source.

What’s Hot on Infosecurity Magazine?