Introduction:
The globe is littered with opportunists with sticky fingers – and it’s never been more prevalent than in today’s digital landscape.
Whether it’s the one-off hacker who is trying to lock down your files and demand a ransom for your data; a government-sponsored collective that wants to steal your digital intellectual property and create an all-too-similar knock off; or even a legal purchaser of your product who attempts to redistribute it without paying for extra instances – companies who are in the business of delivering their products in bits and bytes are under assault.
Companies that are trying to lock down their leaky borders often take on this task internally – with less than stellar results. We’ve seen countless cases where a company will develop a proof of concept (POC) around a digital rights management project, only to watch the scheme fail upon its attempted implementation.* One mistake we see companies making repeatedly: Using existing infrastructure and network security resources who are woefully underprepared for the rigors of a significant and successful DRM effort.
There’s real value – measurable in dollars and cents – when a digital rights management project is implemented successfully. At Netwoven, we take on the burden of creating and implementing DRM projects that deliver real business value to our customers who wish to fend off insider risks or data exfiltration.
Why DRM?
In addition to the aforementioned reasons to implement DRM, there are legitimate “blue sky” reasons to have a robust DRM program serving as a gatekeeper to your data and content. These include:
- Enforcing copyrights
- Educating purchasers on what constitutes a legal use of the product
- Delineating ownership of the digital work
- Ensuring income streams that results from legal purchases
- Protecting the privacy of the underlying data and files
- In the case of age-restricted content, gatekeeping the data for those who legally can access it.
DRM technologies can be bespoke or off-the-shelf and can be software or hardware based. All do the same thing – prevent unauthorized usage and piracy.
You likely are already familiar with DRM schemes, even if you didn’t realize it. Such DRM solutions include:
- Licensing agreements (sometimes called EULAs) that you have agreed to before accessing programs or downloading data
- Watermarks that cover parts of works and images to prevent duplication or unauthorized use
- Metadata that allows copyright and licensing information to be captured and monitored
- Other processes that run in the background to restrict or prevent users from editing, saving, forwarding, printing, or screenshotting your content.
Why do DRM POCs fail?
- Undereducated or undercapitalized projects: It takes cutting-edge, dynamic technology to ensure DRM can stay apace of the sophisticated efforts to subvert it. Cloud, mobile, IoT, AI, and other new tech adds to the complexity.
- Scalability: Simply, as the corporate network grows in size and complexity, it expands the potential attack surface for nefarious actors. In some cases, the deployment of security products without a DRM plan can increase both inefficiency and risk.
- Customer experience: Often, the DRM program is found to create too much of a burden on consumers, who will vote with their feet if they find your rights management process to be needlessly complex or to have a clunky UI.
- Too invasive: Consumers too have shown a propensity for rebelling against giving away too much data as a tradeoff for using your product. If you collect too much personal information, it is seen as needlessly invasive – again putting off your end user.
Making your DRM project successful
Implementing DRM the right way requires a few things:
- Topmost level commitment – Obtaining topmost level commitment from the board is critical to make DRM projects well-funded and prioritized
- Developing a cross-functional team – Setting up a cross-functional team that understands security and content allows for successful execution and developing the capability internally.
- Prioritizing the content – DRM should not be applied the same way to all types of content. Classifying content so appropriate security can be applied will yield successful results with regards to security and user adoption. One should look at applying DRM to company’s most sensitive content.
- Selecting the right technology – DRM and other network technologies work together. Several products are departmental in nature. Selecting the right enterprise DRM technology that works well with Microsoft Office software and integrates with other elements of the security stack is important.
- Developing a robust Adoption and Change Management Program – DRM requires that proper training is provided to end users for better adoption. Helpdesk, training programs, and service management should all be funded and prepared appropriately to respond to user needs.
- Selecting the right partner – Selecting the right partner who has done this before is very important to ensure that appropriate decisions are made at each step along the way. The right partner can help overcome roadblocks from experience.
DRM has become a vital part of today’s digital world because it educates users about the sanctity of data and copyrights and helps organizations protect their sensitive business-critical data. A robust DRM strategy and implementation ensure that the organization’s data and content is distributed in a secure manner.