Product Group Tests
DRM (2008)October 01, 2008
A solid product with a high amount of document granularity, ease of administration and the price just right, Avoco Secure's secure2trust is our Best Buy.
With a comprehensive feature set and a good price, EMC's Documentum IRM gets our Recommended rating.
Digital rights management is more than copy protection, it is about access control of intellectual property. This month's crop has effective all-rounders and niche players. Peter Stephenson reports.
Some people think of digital rights management (DRM) as copy protection. More correctly, DRM applies fundamental principles of access control to intellectual property. DRM enforces access to and use of documents, art, music and video and so on, rather than simply preventing the copying of it. That makes DRM a bit more complicated than copy protection or watermarking.
Critics of DRM tend to oversimplify the problem in order to overemphasise the solution. This tends to make DRM seem like a solution looking for a problem. Electronic freedom watchdog the Electronic Frontier Foundation (EFF) says of DRM, "Major entertainment companies are using 'digital rights management' or DRM (aka content or copy protection) to lock up your digital media. These DRM technologies do nothing to stop copyright pirates, but instead end up interfering with fans' lawful use of music, movies, and other copyrighted works" (see www.eff.org/issues/drm). This misdirects analysis of the issue, for a couple of reasons.
First, DRM is not just copy protection (although copy protection is a legitimate DRM function). Second, DRM, properly implemented, does not interfere with legitimate use of the intellectual property.
Like any other technology, DRM can be abused, but for the purposes of our reviews we were not interested in that. So while we may or may not agree with the EFF, we have evaluated these products in the context of what they purport to do and how well they do it.One of the challenges when evaluating DRM products is knowing when you have a DRM product in the first place. Another is understanding what types and extents of protection are present. The two are interlocked because types and extents of protection may dictate whether the product is, in fact, a DRM product.
A key issue in analysing a DRM product is what the product does. For example, does a DRM product need to take an active approach to protecting intellectual property (IP) rights? If the answer to that is "yes", watermarks do not qualify as DRM because they do not really do anything, they just identify the owner of the IP. But if a product takes measures to prevent copying as well as transmission of the product to another user it may be a DRM product. Unfortunately, there are few accepted standards that define what DRM really is.
DRM functionality includes encryption, required authentication to access the IP, copy protection, digitally-signed media and the ability to control the lifecycle of the media. Some of these capabilities are extreme and required only in special cases, but some are common. For example, a protected document may shred automatically some period of time after it is opened initially. This is not uncommon but requiring encryption as part of DRM is.
Even so, there are times, such as when the IP is in transit between authorised users, when encryption makes sense. The problem is that none of this functionality itself defines DRM.
How to buy DRM
If you are planning to buy, be sure of your application. For many applications, enterprise rights management (ERM) may be better for you. This manages access to information assets within an enterprise. ERM focuses more on protection against unauthorised access from within the enterprise than DRM does. If your interest is in intellectual property that you are going to distribute outside of your direct control, you may have a case for DRM. For this review, we looked at ERM and DRM.
Other DRM functionality is copy protection, protection from conversion to other formats and automatic shredding.
How we tested
Testing this product group was straightforward. We installed the product as directed and created appropriate IP. Then we protected the IP and tried to circumvent the protection. We were interested in ease of deployment, ease of management and effectiveness of protections. We insisted that the products be either true DRM or ERM. We avoided single-function (for example, copy-protection or watermark-only) products.
Value for money required that the product have both a reasonable acquisition cost plus a reasonable cost of ownership over time. We did not judge products on whether or not they could be used in a politically unpopular way (for example, preventing fair-use copies with no way to circumvent a legal function).
All we cared about was the efficacy of the product. We leave the politics to the politicians.
All products in this group test
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- The information security implications of M&A deals
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears
- Report: Mirai 'is just the tip of the iceberg'
- Avalanche takedown involved searches in 40 countries
- India Supreme Court calls on tech giants to curb sexual assault, cyber-crime