Compromise DRM Better Than None

Computerworld - Ive been getting my hands dirty working on our digital rights management implementation. DRM is something Ive been working toward implementing since I came to this company, and were finally within a couple of weeks of announcing its availability internally.

DRM will address some core security issues for us. We have a lot of documents, from product designs to service manuals, that we cant let slip out of our control. It would be disastrous for us if any of them fell into the wrong hands. For example, we have contracts that are worth up to $100,000 for maintaining and servicing the equipment we build. The service engineers who do this contract work in our customers fabrication plants typically take along our service manuals on CD-ROM discs. Anyone who got a hold of one of those CD-ROMs could sell our manuals or use them to offer service to our customers at a discounted rate. By protecting the manuals with DRM, the loss of a CD-ROM wouldnt be a dire event, since whoever found it wouldnt be able to access the documents.

This project has been a high priority for our CIO, and thats why Ive been deeply involved in it. Its actually refreshing to work on projects at a technical level for a change, although its not as if Im writing shell scripts or compiling code.

I had wanted to deploy a robust DRM product such as Oracles Stellent Information Rights Management (formerly SealedMedia) or Liquid Machines Enterprise Rights Management software, but our budget wouldnt accommodate that. Instead, were rolling out Microsofts Rights Management Server. Were also saving money by installing RMS on one of our virtual machines.

VM is all the rage these days, since it allows you to run multiple server environments on a single piece of hardware. That saves both money and data-center rack space. And current VM technology makes it very easy to provision a new server.

On the negative side of the ledger for VM are security implications, but I feel that VM environments can be designed to be just as secure as stand-alone platforms.

For the most part, installation and configuration have been point and click. The RMS software installs within minutes, and basic setup takes about one hour, which includes the configuration of the Microsoft SQL database and a couple of Active Directory groups. We need those two new groups so we can configure two new policies for rights management.

In addition to our central deployment of the RMS server, a SQL database and new directories, users will need to install the RMS client on their desktops, but that will be pretty simple as well. Whats nice about this client is that no additional configuration is needed. Once the client is downloaded from Microsoft or obtained from our companys software download site, the client will listen for the service locator point configured on our domain controller and will automatically be configured to talk to the RMS server.