Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
FBI warns of holiday cyber scams
U.S. Open used Web filtering to prevent online gambling
Google Earth used by terrorists in India attacks
Mumbai terrorist attacks don't deter technology companies
Google layoffs: 10,000 jobs being cut, report claims
Experts to Feds: Sign the DNS root ASAP
Cisco shutting down between holidays
Sprint completes Clearwire WiMAX deal
Mobile sales to beat economic gloom, forecasts Ovum
Start-ups starting to feel economic pain
Spam levels fluctuate as crooks try to revive botnets
Mozilla eyes extra beta for Firefox 3.1
Grim forecast for holiday e-commerce sales
Talking Web, memory assistants and solar-powered cell phones headed mainstream, IBM says
Massive botnet returns from the dead, starts spamming
Security /

Audio primer: Digital Rights Management

Related linksToday's breaking news
Send to a friendFeedback

Network World Fusion

Digital Rights Management, or DRM, is a hot topic in the media and entertainment business as record and movie companies try to figure out how to protect their content from piracy and mass distribution over peer-to-peer networks.

But DRM is more than just protecting movies and music. When implemented correctly, it can have a profound effect on the way enterprise data is used and shared.

Advertisement:

However, implementing DRM from a technological and business model standpoint can be tricky. In this primer, we'll look at 10 things that you should be aware of when implementing DRM in the enterprise.

The premise behind DRM is relatively simple: An individual is given rights to a piece of content based on certain conditions. For instance, you may be allowed to view a file once, view a file for a set period of time, or view a file on a particular machine or device. The content, if stored locally on a user's machine, is usually encrypted so it cannot be accessed without the proper authentication or electronic key.

Obviously, in an enterprise setting there are many data types - documents, spreadsheets, and rich media - that need to be secured. Organizations should take inventory of the content they want to control with DRM and select a technology that will cover them all. There's no need to have five or six unique solutions to cover each data format.

When selecting which product, vendor or service to use in a DRM implementation, it's important to have the ability to define rights generically across all media types. That said, there will always be some idiosyncrasies on how those rights are managed and implemented based on the delivery method and format. For instance, streaming media files could have a right that says whether or not they can be saved after they're streamed or not, where a document can be read-only or read-write-print.

Whichever DRM system is put in place needs to be integrated with the existing enterprise infrastructure including file management systems, databases, e-mail and Web servers. Also, think about what systems may be needed to support the DRM operations. A database of sorts will be needed if you're going to be managing licenses and accounts, and if you're going to issue passwords via e-mail, you'll need an e-mail server to send that information to the end user. Many of the technologies may already be in house, but it's a good idea to map out what's available, what's needed and how all the pieces will fit together ahead of time.

As with any type of security infrastructure, you need the right support in place to manage problems such a lost passwords or transitioning workers. When DRM locks a piece of content to a specific PC or person, what happens when a user gets a new PC or the worker takes a new position? The license needs to be moved to the machine or employee taking over the job task.

Also, look at how to manage end users that may have multiple rights associated with them. For instance, when accessing data from home, do they have read-only rights as opposed read-edit rights while in the office? Can such a situation be managed with a single logon or are multiple digital identities needed for the same user?

If using a third-party to serve and authenticate licenses, it's important to keep local copies of the user data in case something happens to the provider. In the event the service provider goes away, you need to have a transition period to get access to data they have been collecting. One way to ensure this is to get data on cycle basis. If something happens, you can take your data to a new provider and quickly start issuing keys again.

DRM is an excellent way to help share corporate data with partners outside the firewall. However, you usually can't control the security or monitor what happens at these partner sites. One way to overcome this challenge is to have secured content authenticated more often when outside the firewall. For instance, the user may have to re-identify themselves every time the content is accessed. Users inside the firewall may have a little more leeway on how many times they have to enter the proper password.

For traveling workers not connected to a network, there should be a policy implemented with some requirement to "phone home" to check the permissions that allows the users to work offline on the local desktop. When taking a trip off network, some DRM applications can allow the user to take a key with them. To make sure the road-bound data stays secure, one can first take a snap shot of the traveling user's system that is accessing the document or content, then download that content to the computer and bind it to the machine, ensuring the DRM policy remains in force.

If your enterprise deals with distributing content to mobile devices such as cellphones, PDAs or BlackBerrys, you need to be able to recognize the capabilities of the device to ensure the restrictions that DRM is placing on the content. For instance, if it's a device with no date/time feature then it cannot track time-based expiration restrictions. If the device cannot help support the restrictions, the content should not be able to reside on it.

On the delivery and management end it's important to integrate with existing systems and workflows, the same can be said for the way the end user consumes the data. If information is delivered via a standard Web browser, it may make sense to allow cutting-and-pasting of information, since users are accustomed to being able to do that when browsing a site.

The use of Secure PDF files can help as well since they are tagged and can "report" back whenever they're opened, forwarded or transferred, so the company always knows who is doing what. For printed pages, using a digital watermark that is applied to each printed piece of paper helps determine the identity of the person wrongly distributing hard copy information.

One benefit of DRM is that it can allow content owners to change the rights and conditions of a given license on the fly. When an updated version of a document becomes available, DRM technology can be used to revoke the keys to documents, rendering them useless. This keeps outdated material from being accidentally used or maliciously distributed.

It can also be handy for those testing product-pricing models. One can set up rules, go to market and see if customers are happy with that rule set. If not, the rules can be tweaked until the masses are satisfied.

DRM products and services now are typically proprietary offerings that do not interoperate well beyond the content they control. For instance, the DRM technology embedded in Microsoft's Windows Media Technology only supports the Windows Media Format and not competing formats such Real and QuickTime. But there are a number of groups looking to standardize how DRM rights are defined and how different pieces of the puzzle can operate.

One standard that could gain considerable momentum is coming out of ISO's MPEG-21 committee. MPEG-21 is a framework for delivering and using multimedia services across a wide variety of devices. One of the major underpinnings of the specification is the Rights Expression Language, based on the Extensible Rights Markup Language (XrML) developed by ContentGuard, which will provide a standard way of describing rights and methods of any object.

The Open Mobile Alliance is working on standard that will allow for the different handsets and devices to be served by a specification-compliant server. Individual device makers will not have to worry about creating the server mechanism for delivering rights-protected content and the server makers will not have to worry about creating clients to run on the remote device.

Back to main primer: "Digital Rights Management"

RELATED LINKS


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.