Securing documents in the WikiLeaks era, Part 2
[Editor's Note: In the first installment of this two-part series in the June 2011 issue of KMWorld, author Robert Smallwood wrote about the critical nature of electronic document security, the use of enterprise rights management (ERM) software in safeguarding information and Microsoft's role in the ERM market. The second part of this series includes a sampling of other vendors in the e-document security space.]
In addition to Microsoft, Adobe is a major player in enterprise rights management (ERM). Adobe has a large installed presence of its LiveCycle Rights Management, which provides data-centric security with user access and control policies to documents. It supports various types of data including PDF and Flash Video-and also native formats including Word, Excel, PowerPoint and select computer-aided design (CAD) and computer-aided three-dimensional interactive application (CATIA, marketed by IBM) output formats. This is done by the client software that authenticates users with the server when opening up a document. It can provide protections without server interaction over a specified period of time. LiveCycle Rights Management includes detailed audit trail reporting for rights protected information, document version control and expiration, and dynamic watermarking.
Early entrants into the enterprise rights management marketplace included Sealed Media, which was acquired by Oracle (oracle.com) in its early 2006 acquisition of Stellent, and Authentica, which was purchased by EMC later that year. But the promised integrations and additional development have apparently been slow to arrive.
Steve Coplan, a senior analyst at The 451 Group, says, "Looking at the ERM technology acquisitions that Oracle and EMC made, they really haven't done much additional development or integration, and, in fact, most of the original development teams have moved on. As a result, the technology has gotten a little long in the tooth, and they're falling behind, compared to the competitive field."
Brian Hill, senior analyst with Forrester Research, agrees, "It's fair to say that some of the infrastructure vendors who acquired ERM companies have fallen short on the promise of integration with their enterprise content management offerings and improved ease of deployment, which would allow for more widespread adoption. This has opened the door for other players in the market."
Rising stars and additional players
Some of the rising stars and additional players in the enterprise rights management market include:
Avoco Secure offers enterprise rights management software to link security policies to an individual's or group's identity to enforce the access to and use of digital assets, but it goes further, offering digital signing and information card provisioning linked to digital identities. The software uses an individual's (or group's) identity and other forms of authentication to enforce security policies for access control or verified digital signatures. The software encrypts content and authenticates users to control what they are allowed to do with that content. Customers are able to design completely electronic steps for processing transactions.
The company began with supplying the software to the defense sector and expanded into commercial applications. It reaches its customers through a partner network. Avoco Secure's suite of products allows digital signatures to be added to content (a digital signature is the equivalent of a handwritten signature that can be used to sign a digital document on a computer or online, so that documents no longer need to be printed, signed and mailed or faxed back-making it possible to create workflow systems that push documents along the signing process, while maintaining an audit trail of signatures).
Its product, secure2sign for Word, allows users to digitally sign a MS Word document or form using a digital certificate to identify the signatory. It supports multiple signatures on a document as well as sectional signing--both features are requirements if a document is to be part of a workflow process involving multiple parties. In addition, it allows signatories to apply a time-stamp, at the time of signing. Avoco Secure also offers that capability for MS Excel documents, and HTML or xHTML web forms, which is useful in applications such as insurance claim submission and mortgage loan applications.
Check Point Software Technologies has an appetite for acquisitions: Last year it purchased an early entrant in the enterprise rights management market, Liquid Machines. In 2009, it bought FaceTime Communications' application database and Nokia's Security Appliance business. In response to an inquiry, the firm issued the following statement: "In order to protect corporate data, computers, devices and infrastructure, organizations need to deploy a holistic and multilayered security approach. The first step is to define and implement strong data security policies. Businesses need to establish the appropriate privacy settings and clearly define who is entitled to access specific types of information, as well as what confidential data is visible and to whom. Second, businesses need to implement specific data security solutions that secure their sensitive data in multiple forms and throughout its life cycle: data at rest, data in motion and data in use. They must choose an approach that can effectively prevent data loss before it occurs, rather than just detect it, after it occurs."
Covertix is led by CEO Alon Samia, who says, "Our software is next-generation enterprise rights management, as compared to the offerings of the major infrastructure and content management vendors." When asked to define which features set his firm's software apart from established players, Samia replies, "We do content- and context-based policy assignment. The owner of the document can decide context level rules, which means not just who, but where--that is, it's not just who you are, but where you are. So, for instance, you may be able to print a financial document in the accounting department, but not in the IT department. Or you may access a file on your desktop, but not on your laptop. Everyone now knows that even authorized users can go bad and misuse internal documents, or leave the organization and take them with them. It happens every day."
Samia believes that part of the problem with flagging ERM implementations lies not only in the complexity of policy management, but in the actual approach to ERM projects, "Implementing this type of security requires a phased approach," he says. "You have to pilot and fine-tune. For instance, some ‘violations' are actual valid uses, so you have to go back and refine your policies. And you continue to do that as you roll out the system to handle more document types and departments."
FileOpen Systems is an early provider of rights management, with deep Adobe roots. It delivered protections for Adobe products initially in 1997. Since then, the firm has added support for MS Office, BlackBerry and other formats. Although noted analysts assert that Microsoft leads this market, FileOpen may be flying underneath their radar, claiming to have millions of users in more than 1,000 corporations. Customers have the choice from toolkit, server or hosted options. The software utilizes its own proprietary viewer, which obviates the need for client software.
Elizabeth Murphy, VP of sales and marketing, says, "We've experienced a significant sea change in recent years caused by high-profile security leaks and loss of revenue due to piracy of intellectual property and online document sales. What's becoming more and more apparent is that the exchange of electronic data is so widespread and so easy that it's impossible for most companies to protect without implementing security tools."
GigaTrust has close ties to Microsoft, stating it is "the only provider of ‘intelligent rights management' that extends and enhances the capabilities of Microsoft's RMS." GigaTrust's technology is based on XrML (extensible rights markup language), although that standard "never really went anywhere," according to Coplan at The 451 Group. He describes GigaTrust as "a pure-play ERM provider." The ERM software is deployed through Microsoft Windows and Microsoft Office. The company did not respond to press inquiries, but according to its website, GigaTrust's client-server architecture automatically applies policies to Outlook-based e-mail and desktop files, including non-Microsoft Office documents on PCs running Office 2000 or Office 2007. The GigaTrust Web filter software dynamically applies the same policies to content delivered from databases, Windows, SharePoint Services portals and websites using Internet Information Services (IIS).