With the rise in regulation, privacy and confidentiality requirements, companies are realizing the need for investing in the right enterprise digital rights management (DRM aka Information Rights Management or IRM) solution. It is fast becoming a major business requirement and is no longer just an option. A well-implemented DRM solution will make a big difference in the way that organizations do business, meet compliance requirements, ensure privacy, and protect the digital assets of the company. Although DRM has been of immense value to CIO/CISO, the technology never really saw widespread corporate adoption and many enterprises have failed to implement it enterprise-wide.
DRM implementation means a big investment for companies, not only financially, but also in terms of time, resources, disruption and the risk of failure. Hence it is not a type of investment that one can simply scrap if it doesn’t work out. With that in mind, here is a list of 6 essential things you should consider before choosing an enterprise DRM:
1 – Ensure Friction-free User Experience
With most of the traditional DRM solutions, the end-user experience involves a lot of friction because of poor usability. Hence they avoid or try to bypass the system – defeating the very purpose of it. The challenges are:
- Most of the DRM solutions are complex to use (plug-ins, downloads, password management tools and the like) and have a poor user experience - creating friction in the user community. These days, people spend their time on mobile apps that are beautifully and intuitively designed and they expect the same from their enterprise apps. Better-designed applications like enterprise file sync & share (EFSS) solutions have very friendly user interfaces and are starting to displace harder-to-use enterprise file transfer solutions like FTP/SFTP. Hence it is important that rights management comes with good usability and is embedded in the normal user workflow like Outlook, right-click, drag-and-drop and file sharing
- Client installation at the sender as well as recipient side is often a problem for end-users, particularly in large enterprises where installation of any software is either restricted or requires IT involvement
- External parties (like partners or contractors) need to sign-on (e.g. into AD or other SSO) to use the DRM-protected documents and hence managing these accounts need a lot of involvement from IT – a precious resource
2 – Go for a File-format Agnostic Solution
Most DRM solutions in the market are tied to certain file formats - mostly MS Office and PDF.
- They require format specific plug-ins, which for IT means more software to manage and more issues to deal with. Such solutions also pose challenges working across different versions of the same format (e.g. MS Office 2003 vs 2010)
- Many DRM solutions rely on encryption provided by Microsoft Office or Adobe products, making them prone to attacks and untrusted third parties
- Basic protections like passwords, automatic expiry after certain date/time or number of accesses, auditing and tracking should not require the DRM solution to be dependent on specific file formats or applications.
3 – How well it integrates with content-aware Data Loss Prevention (DLP)
Integration of DRM with content-aware data classification (offered by most DLP vendors including Symantec, McAfee, Websense) is core to a successful DRM implementation as it ensures that the information that requires highest security is locked down, while information that does not need securing is not touched.
4 – Enterprise Mobility Support
Earlier, company-owned devices represented the majority of endpoints but over last few years the enterprise mobility trend has picked up. In the coming years, it is expected that there will be far more mobile devices (including bring-your-own-device (BYOD)) than laptops/desktops accessing and sharing the corporate data as a normal workflow (and even beyond corporate firewalls). Enterprise mobility management (EMM) solutions - like MDM, MAM, MCM - protect and containerize the device, application and content respectively, but do not have the capability to apply access rights before the end-user shares the data from the mobile device. The DRM solution you select must be able to support your enterprise mobility requirement – allowing IT to apply DRM policies uniformly across all end-users irrespective of what devices they use
5 – Look for Vendor Independence
DRM solutions from vendors like Enterprise Content Management (ECM) are specific to contents stored in these repositories. The DRM solution you choose must be able to control content across the all types of devices (file servers, laptops, desktops and mobile devices) and content repositories.
6 – Don’t Just Buy, Invest
Companies have their own philosophy on purchasing – some always choose the cheaper (or free) option while others choose the one that has best ROI. In purchasing any enterprise solution, at least one like DRM that is critical to the success of business, the latter is really the only way to go. Installing an enterprise DRM in your business has a long-term impact that should not only meet today’s needs but also solve tomorrow’s unforeseen problems. Going the cheapest route (including the one that comes free with some existing solution) won’t solve the purpose and a year later you may end up looking for another solution - uprooting the previous system! Revisiting the purchase process and implementing a new solution takes extra time and effort - which can be avoided if you choose the right option first time itself.
Robert Palmer, chief analyst for BPO Research in his recent blog post titled Embedded DRM solutions gaining traction in the effort to secure information mentions: “Some off-the-shelf DRM packages provide top-level control but are often restricted to certain file formats, and may not necessarily integrate well with existing workflow. As a result, users often invest time and resources to develop workarounds or to avoid using the controls altogether, which obviously defeats the purpose.”
Thinking about the six key points above will help set you on a path of discovery and ultimately drive you towards the best enterprise DRM solution.
In the next part of this post, we will share how Vaultize takes information-centric approach and integrates DRM into the normal end-user workflow by embedding security controls within the document itself - providing a more seamless and effective user experience.
Download our free whitepaper – Don’t Get Fired For Critical Data Leaks: 6 Essentials For 100% Secure Enterprise File Sharing. You can also try our virtual appliance (for free) at our Free Download page.