Adobe Expands Its Digital Rights Software

From time to time over the years I've written about enterprise digital rights management software, including offerings from EMC, Authentica, SealedMedia, Liquid Machines, Digital Containers, Adobe and Microsoft. These products aim to protect sensitive, high-value, or confidential documents with authentication and security, no matter where they go within an organization and beyond it. With information leaks and intellectual property suits making the news regularly, you'd think there'd be a crying need for such products, yet the product category has never quite taken off. Some observers vehemently object to the idea of DRM, thinking the intent is to take away their right to digital content, e.g. download copyrighted music and video from public websites. Others believe it's impossible to password-protect a Word document once it has left the author's machine. Still others in corporate America are completely unaware of this category of software."In any new technology, there's an educational process that all the vendors in the industry need to incorporate," suggests John Landwehr, director of security solutions strategy at Adobe. The company has been providing a form of digital rights software since 1994, when it built encryption of PDF documents into Acrobat 2.0, enabling authors to prevent anybody from changing their work, printing, or copying and pasting it.

With its Policy Server, introduced a year and a half ago and this week released in its 7.2 incarnation, Adobe offers a rights server that provides authentication, authorization, auditing, watermarking, expiration, and revocation -- users and administrators set rules for who can see what and what they can do with it (e.g. any document labeled "confidential" can only be opened by employees, but not printed or modified by anyone). The rights server has always covered PDFs; newly added to the 7.2 version are plug-ins for native Microsoft Office documents and CAD files. "There are a lot of spreadsheets traveling the world containing sensitive financials, and whole business models have been developed in Excel formulas," Landwehr points out. "That's very sensitive intellectual property." Manufacturing bills of materials are another example; they often contain confidential part numbers and prices. As for CAD files, "the intellectual property in CAD files is significant because they contain every part and specification going into a product design and if a competitor gets a hold of that, there's significant damage," Landwehr says, noting that General Motors and Chery recently settled a high-profile lawsuit filed by GM, which claimed that Chery's QQ small car was a copy of the Chevrolet Spark.

Also new to Policy Server 7.2 is integration with existing identity and access management systems, such as LDAP and Active Directory, and a hosted version of Policy Server. Adobe Policy Server is web-service based and runs on Linux, Windows, and Unix servers with multiple databases and app servers.

Revocation is an interesting feature -- how many times have you wished you could recall a hastily written email? Although Policy Server wouldn't cover the email message itself, it will let you revoke attached documents. "Revocation is my second favorite feature of the technology," Landwehr says. "I can send you a document, click a button and no matter how many copies you've made, you can't open it." This could be useful for a price list, standard operating procedures or training manuals that -- whoops -- went out with old, missing or wrong information. Landwehr's first favorite feature is the software's audit logs that let you track who's opened a file, who's printed, who's modified, or who tried to do something they didn't have rights to. "If you do send out something that's sensitive that you don't want forwarded and it does get forwarded, you can find those people who are not respecting the policies and procedures of your organization." Then, presumably, you could trap and kill them.

One use to which customers are putting Policy Server is to create secure "board books" -- electronic binders of information to be discussed at the next board meeting, usually including non-public financials, product plans, and such. "HP didn't use this technology, but some high-tech companies have been using it," Landwehr says, not just to find the source of leaks but to prevent accidents. For instance, laptops get stolen. Sometimes an email client auto-completes an address and the wrong person receives the message. That wrong person would not be able to open the Policy Server-protected file.

What if users don't know how to tag a document to make sure it gets covered under the right policy? Adobe is working with partners whose engines that will look at a document and find keywords or patterns to determine how it should be classified.

Some might call this technology Big Brotherish, but for certain high-value files, some level of protection seems prudent.

Any thoughts? Please email me at [email protected].Vendors have been hawking enterprise digital rights management software since as early as 1994, yet few have bought. Board shenanigans and intellectual property lawsuits may start to propel solutions like Adobe's, which password-protects Word, PDF, and CAD files, to the forefront. Or not.