Rights of Passage
Enterprise rights management software ensures that sensitive documents and e-mail can be circulated and don't end up in the wrong hands.
July 4, 2005 (Computerworld) --
When Corning Inc. began selling products for military and aerospace use, the optical-fiber and cabling product manufacturer needed a way to show that it was following export controls and handling sensitive documents properly. "The government regulations are very explicit," says James Scott, director of knowledge and information management. To meet those requirements, the Corning, N.Y.-based company deployed enterprise rights management (ERM) software from Liquid Machines Inc.
Corning's research and development staff uses the software to encrypt critical documents and apply rules that determine not just who has access to the files but also whether they can print, copy or forward them to others. The system also establishes a chain of custody, providing an audit trail of who accessed a document when and what they did with it. "We can put our hands on our hearts and say we know we are compliant," Scott says.
Government contractors such as Corning aren't the only organizations thinking about document security these days. Recent high-profile data thefts and government regulations covering everything from financial disclosure to customer privacy have businesses worrying about where sensitive e-mail is going. IT organizations are struggling to control both dissemination of and access to corporate data contained in e-mail messages, Word documents or other electronic document formats. Leaked customer data or an untimely release of financial information can lead to public embarrassments as well as legal fines.
But Corning, like many other organizations with large R&D investments, has another concern: protecting documents pertaining to intellectual property that it's developing. "Many companies are very lax in their understanding and use of [ERM] as a way to protect their intellectual property," Scott says.
ERM Inside
Like digital rights management software, ERM products lock documents by encrypting them. But while DRM focuses on the consumer, ERM systems are designed to support document security policies both within and between businesses and to provide an audit trail.
In an ERM system, a policy server stores encryption keys, authorizes user access to documents and maintains policy templates that store rules that dictate what users in different roles can do with different classes of documents. Users then apply those policies to documents as they create them. Most products require users to run agent software or plug-ins designed to work with specific applications, such as Microsoft Word or Internet Explorer. Others, such as Microsoft Corp.'s Rights Management Services (RMS), require that applications be modified to natively support the ERM system's application programming interfaces (API). Most also require an identity management infrastructure.
"If you don't have an enterprise directory, it will be more challenging," says Trent Henry, an analyst at Burton Group in Midvale, Utah.
The ERM market, initially dominated by many small vendors, was given a big boost in the past couple of years with the entry of Microsoft and Adobe Systems Inc. Both RMS and Adobe's LiveCycle Policy Server require applications to be rewritten to support their APIs. As a result, application support is very limited. Adobe's product supports PDFs only, although the company says third parties provide agents for some other applications. Microsoft's system supports only Office 2003 documents. It relies on third parties to offer centralized policy management features and provide agents to support noncompliant applications.

Here's the scoop on widespread fables about Bill Gates, the iPhone kill switch, Internet2, Al Gore and more.
Add these Wi-Fi devices to your network for a new world of wireless productivity and entertainment.
Users who abandoned Firefox and Internet Explorer for Google's Chrome browser are starting to revert to their old favorites.
One of the pleasures of Linux is that you can try out different distros to see which one works best for you. Here are five to take for a spin.
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
Four years from now, the IT field will be a vastly different place. Will you be ready?
|
 |
| Computerworld Executive Briefing: The Compliance Era Get this briefing free (a $195 value), for a limited time, courtesy of VeriSign. The new Computerworld report, The Compliance Era, explains why regulatory compliance has zoomed to the top of the IT agenda and shows how real-world IT executives are dealing with the storage, security and privacy challenges. Get this briefing free (a $195 value), for a limited time, courtesy of VeriSign. Download this executive briefing |
|
| From Laggard to Leader: Transforming the Data Center From Laggard to Leader: Transforming the Data Center Register for this complimentary webcast today! Go to the webcast |
|
| WINNING THE PCI COMPLIANCE BATTLE A Guide for Merchants and Member Service Providers Get this white paper now! This white paper explores the compliance requirements for PCI data security and helps online merchants select a PCI compliance service vendor. It also introduces QualysGuard PCI, which helps online merchants scan and remediate vulnerabilities, and submit PCI compliance status directly to their acquiring banks via its "auto-submission" feature. Download this white paper |
|
| White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. | View more whitepapers |
|
|