Leakage of information is rapidly becoming accepted as a serious problem by both government and industry.
So what is information leakage?
It is the propensity for people to pass on the ‘juicy bits’ of information that come into their possession/control to others. People may, and do, have different rationales. For some it’ s simply to prove how important they are, for others it’ s to make a fast buck, and for some it’s revenge for a wrong (not being paid enough, being passed over for promotion, being pushed out), or a hello gift for a new employer.
So the motivations for information leakage can be many and complex.
And, as many are finding, as a result of embracing the digital age, people are able to collect and distribute far more information far more easily, and with far less chance of detection, than was ever possible in the paper world.
Now if you look at the general kinds of companies touting for business in this sector, they are pure-play encryption businesses. And that seems rather strange.
You see, the really serious problem that the pure-play encryption people cannot solve is that once something is decrypted then the user can do (almost) anything they like with it. Yes, it’s true that you can try to stop them from making copies onto different devices, or sending email attachments, but it’ s not that easy.
The significant advantage that DRM providers will always have over encryption providers is the ability to prevent easy subsequent use of information.
Encryption alone has no power to prevent the authorized user (whether they are inside of your organization, or outside) from manipulating that information in any way they choose. This can include changing the form or format, saving to a portable device, sending by email, or many other things, including printing information without any attribution as to which licensed user is carrying out the printing.
DRM services, by comparison, provide a feature rich environment to prevent leakage of information.
One of the primary tenets of DRM providers is to allow the authorized recipient of controlled material(s) the peaceful enjoyment of their rights. But that also means, from a DRM provider’ s point of view, that a recipient does not have a peaceful time if they try to misuse or abrogate their rights. Because that is the flip side of the coin. DRM controls are not merely about making sure that authorized users have access to information. They are also about making sure that information does not get used for purposes for which it was not authorized.
It would be nice to say that DRM services are standardized, universal, applied equally to databases, Web 2, XML, EDI, SWF, eBooks (of any persuasion you like) and so on. But the truth (Pilate famously asked Christ, “What is truth?”, but it is above and beyond our calling to address such great philosophical questions) is that there is no common position on this topic.
In the music and film worlds the real powers are fighting in the Courts as to who has what rights and if piracy is committed by those who (for whatever purpose) permit hosting and uncontrolled copying of Copyright materials.
In the lower world (Shakespeare captured the thought in his play, Julius CAESar, when in the persona of Cassius he said, “We petty men walk under his huge legs, and peep about to find ourselves dishonourable graves.”) to provide DRM protection to the most commonly adopted (and now standardized by ISO) PDF format or the common web formats such as html, fsh, jpg and so on, must be a proprietary matter. The big players tough it out on music and video, and refuse to have any common standard because they are big and they want to dominate the world.
The less in your face DRM vendors provide their own interpretations as to what controls their publishers are asking for, and what controls they are capable of providing. That is a good thing for industry, because there is actual competition, even if it is totally clear to the market that some players are the leaders, and others merely camp followers.
At this stage in the maturity of the DRM controlled document market this is not a ‘bad thing’ (for the proper definition of a ‘bad thing’ please see 1066 and all that by Sellar and Yeatman).
You can, like Nero is supposed, fiddle whilst Rome burns (ignore the fact that your vital information can be stolen by all and sundry and you can’t be bothered to do anything about it because there isn’t an ISO standard for solving this problem so doing nothing is obviously less risky than doing something that might have to be changed – please don’t try this argument on a risk manager unless you have an urgent need to find out what a kebab feels like whilst cooking).
Or you could find out what DRM solution(s) might address your current information leakage problems. You never know, it might be money well spent.
Download copy protection software that uses DRM controls to protect pdf documents and web based content against information leakage and stops documents being leaked.
Prevent copying, printing, modifying, screen grabbing, and downloading of your content. Control what users can view your content, what they can do with it (copy, print, etc.) and when it can no longer be viewed (expire). Instantly revoke information at any stage. Information leakage protection software that ensures the security and use of your information. Stop leakage of documents and information.