April 26, 2010, 4:52 PM — Information rights management, sometimes known as digital rights management (DRM), has a growing customer base among industry sectors that need to share intellectual property in a secure fashion with outside entities.
Such products are now used in a wide variety of industries. For example, FileOpen's Web site FileOpen.com lists manufacturing giants like Alcoa, American Honda, Intel and NorthropGrumman, financial powerhouses like Deutsche Bank and JPMorgan Chase, pharmaceutical firms like Pfizer and Astrazeneca, and the U.S. departments of Homeland Security and Transportation.
Consulting and research firms that sell intellectual property are also common users of the technology.
A typical IRM product works this way: A customer or contractor who is entitled to access certain sensitive records on a company's database must first register with the IRM server, usually via the Web. After authenticating the user, the server downloads a piece of code to the user's desktop. Each time the user wants to access a new document or read a document that already resides on his computer, the code residing on the client must reauthenticate on the IRM server, which then downloads the key that allows him to de-encrypt the document, along with controls that determine exactly what he can and cannot do with it: read or write, print or e-mail, or download to a USB device.
Some IRM products enable administrators to grant time-limited offline access privileges -- to an executive who wants to peruse a document during a flight, for example, or in some remote region with no Web access. Administrators can also revoke privileges at any time, say, when a laptop is stolen or an employee or contractor is fired for malfeasance.
ERM fills a critical gap in enterprise security strategies, observers agree. Recent research by Enterprise Strategy Group found that 42% of security professionals consider "internal mandates" to protect intellectual property to be a crucial factor in their organizations' data security strategies and infrastructures. Furthermore, ESG found that 60% of enterprises share confidential data with external constituencies like partners, suppliers or customers.