Enterprise DRM products protect documents from prying eyes

Likewise, I didn’t find any gaps in how rights were handled. Policy changes were immediately sent to users’ PCs and enforced right away, including revocations, new rights, and time extension of existing rights. I designated offline rights so that trusted employees could use files when they were off the network but that limited access to a specific number of days. This forces users to connect from time to time, ensuring they will receive the most current policies. Auditing information is stored in a Microsoft SQL database, which I easily queried using a Web form.

Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft Free IT resource Attend the SOA Executive Forum: Breaking SOA Bottlenecks SOAExecForum.com/may2007 Sponsored by InfoWorld

Document Control 6.0 is somewhat unusual because it protects more than 65 applications and file formats, which is more than SealedMedia’s solution. Although I didn’t have the chance to test them all, Liquid Machines offers separate products for controlling e-mail, as well as gateways for BlackBerry, Documentum, file shares, and Google Mini searches. That said, I think it would be advantageous to offer the e-mail module as a standard feature because e-mail is such an essential part of how information travels inside and outside organizations.

SealedMedia E-DRM 5.0

First things first: You may have heard that SealedMedia was recently acquired by CMS vendor Stellent. SealedMedia’s tools will continue to be offered as stand-alone products, and they will be integrated with Stellent’s other offerings.

SealedMedia E-DRM is typically deployed with a License Server that manages user authentication and document-access rights; SealedMedia Desktop for viewing and encrypting files; and management tool -- a Web site or server console -- for provisioning users, audit reporting, and administering documents.

Click for larger view.

E-DRM 5.0 follows a three-tier security model, which allowed me to place the various components (License, Web, database, and directory servers) in the appropriate firewall-protected network zones, yet still allow public Internet access to the License Server. Moreover, you can distribute traffic or have a hot-standby License Server for high availability implementations.

This solution relies on a fundamental Context, which defines a group of documents, the people who can use the documents, and the roles those people can perform, such as opening, printing, or annotating documents. This strategy allows you to set up a full-scale system and manage thousands of documents and users in short order -- typically a day or so -- which would be impractical if you had to attach rights to each document and user individually.

SealedMedia offers pre-configured Context roles and associated workflows appropriate for Board Communications, Mergers and Acquisitions, Protecting Intellectual Property, Regulatory Compliance, and Secure Third-Party Collaboration. SealedMedia follows ISO17799 security-level mappings in these setups, which should help greatly in proving ISO17799 compliance.

Similarly, you can comply with Sarbanes-Oxley regulations for securing and maintaining the integrity of digital records. SealedMedia will restrict and track access to spreadsheets and other financial data, too.

I successfully used the M&A setup and didn’t have any trouble taking the five standard out-of-the-box roles -- contributor, reviewer, reader, no-print reader, and item reader -- and employing them in various Contexts of my own.

Using the system’s management features, I created the initial Context -- unannounced products for a marketing department -- and owners to share administration responsibilities. Owners then assigned roles: for example, who can create, edit, and e-mail documents; who has read access; and those with no access.