Keep Online Documents Secure

As companies look for better ways to secure online documents and E-mail, whether to protect sensitive information or to comply with government regulations, they're increasingly turning to a growing class of security software known as enterprise digital-rights management.

DRM software lets companies enforce security policies for documents, such as who can read, edit, print, and forward sensitive information. Encryption technologies typically are used. "You need to have your security policies travel with your information, and DRM lets you do just that," says Pete Lindstrom, research director at security research firm Spire Security.

JupiterResearch predicts corporate investment in DRM products will reach $278 million by 2008, up from $36 million in 2003. This wasn't lost on vendors at last week's RSA Conference, where Authentica, Liquid Machines, and Microsoft were among companies offering new or enhanced versions of DRM software.

Centralized management of access rights was a popular theme among the new products. Authentica introduced its Active Rights Management platform, an integrated management app that provides access-rights protection for E-mail, Microsoft Office documents, PDF files, and other types of documents.

The platform manages several Authentica applications, including MailRecall, PageRecall, and Secure Office, making it easier for users to centrally manage access rights with those applications. The platform also manages access rights for apps from other security vendors, including IronPort Systems and Proofpoint, and integrates with content-management apps from Documentum, eRoom, Hummingbird, and Microsoft SharePoint.

Wells Fargo & Co. is about to complete a pilot test of Authentica's software to bolster the security of E-mail and other sensitive documents, says Mike Lee, VP of encryption strategies at the bank. "We have to always be careful when it comes to the people that want to do us harm. They only have to be successful once," Lee says. "With DRM, the security protection follows the information, and that's a powerful thing."

Wells Fargo is finishing trials of Authentica's software in its test labs and soon will try the software with a limited number of E-mail users. The software also protects customers from Internet phishers and other E-mail scams, Lee says.

Microsoft's Service Pack 1 for its DRM software, Windows Rights Management Services for Windows Server 2003, now in beta, will be available by midyear. Service-pack enhancements will include the ability for customers to centrally manage access rights, says Suzanne Kalberer, product manager for Windows security business and technologies.

Liquid Machines released a beta version of Liquid Machines Document Control 5.0, DRM software that can be used with Microsoft Office 2000 and Microsoft Office XP; Windows RMS only supports Microsoft Office 2003. Document Control 5.0 also supports Microsoft Visio, Adobe Acrobat, and Adobe Reader.

Law firm Mintz, Levin, Cohn, Ferris, Glovsky and Popeo P.C., which employs 450 attorneys nationwide, is testing Windows RMS. The firm will deploy the software in coming months to better secure the internal communications of its employees and eventually use digital-rights-enabled E-mails for more secure communications with clients.

"Centralized management is extremely important for us," says the law firm's IS director, David Gregson. "If you want this software to be adopted and used, end users can't be deciding who should have access rights to which documents and E-mails. It has to happen as part of their normal workflow."

Illustration courtesy of Brook Trout Studio/Veer