Why enterprise rights management matters: How to keep corporate data from walking out the door

ERM locks down corporate secrets but still allows employees to do their jobs

1 2 3 4 5 Page 5
Page 5 of 5

Even more promising is growing industry support for Extensible Access Control Markup Language (XACML), an industry standard that would enable different policy engines to share information. A number of ERM vendors have tied into Microsoft's Active Directory (AD) and Rights Management Services, enabling their products to automatically propagate AD access rights.

Link to existing enterprise apps

That would be a big help to BCA, which is considering using FileOpen's IRM, or perhaps DLP, to "impose controls on internal employees so they can't just send out unencrypted research to whomever," says Chow. The research firm's IT group currently uses AD to push user access-rights policies to various internal security systems, but not to FileOpen. "If we do deploy IRM internally, we might tie it into AD," says Chow.

Of course, simpler ERM installations that do not involve complex security rules may not require a policy engine.

Digital rights management

Select Milk Producers, for example, uses LockLizard's IRM product to provide its customers and board members, who are all dairy farmers, with secure access to the information on its Web server. "These are dairy farmers, not high-end users, and sometimes they don't log off or save passwords to their Web site," says Craig Card, Select Milk's systems hardware analyst. The dairy farmers are also often competitors with one another, and only some are board members; therefore, it's important they get access only to the information they are entitled to.

"LockLizard provides security that works automatically, with minimal user involvement," says Card. The DRM product has no policy engine, but with only about 125 users and 25 board members, manually setting up the policies wasn't a big deal, he adds.

Similarly, BCA has so far deployed only a limited number of FileOpen's access controls on the research documents it sells to customers, Chow says. "Some of our clients pay us a lot of money for research. If you tell them they can only read a document online and not print it, or if their access rights expire after such-and-such a date, you can lose the client."

Indeed, successful ERM implementers need to walk a fine line between meeting security priorities and not stepping too hard on customers' toes, whether external or internal, industry sources agree.

At Flextronics, for example, "we wanted to be proactive, not reactive" when it came to enforcing security rules, says Bauer. "Most security tools use a traffic-cop model: OK, I caught you speeding -- but the guy gets away with speeding first. [ERM] helps us prevent people from speeding so we don't have to give a ticket."

Elisabeth Horwitt, a freelance reporter and former Computerworld senior editor, has been reporting on information technology for over 25 years. She is based in Waban, Mass., and can be reached at ehorwitt@verizon.net.

Copyright © 2010 IDG Communications, Inc.

1 2 3 4 5 Page 5
Page 5 of 5
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon