Limitations

By Karen S. Henrie  |  Posted 05-18-2006 Print Email

ERM products remain poorly integrated with other IT processes and applications.
Despite its promise, ERM has yet to attract widespread interest, even among small workgroups, much less across entire corporations. For one thing, it adds complexity to a company's -infrastructure at a time when IT departments are looking to consolidate and simplify. And according to Trent Henry, senior analyst with Burton Group, an IT research firm in Midvale, Utah, CIOs (especially at large companies) are also concerned about integrating ERM software with numerous other IT processes, systems and applications, including backup and recovery systems and records-management systems.

Consider FGG. As a registered broker/dealer, the firm must archive documents for seven years. Documents with rights attached must either be opened on FGG's network, or unprotected before they are released to its third-party records-management provider, Boston-based Iron Mountain Inc. At Bern, Switzerland-based Swisscom AG, a telecommunications provider with $7.6 billion in 2005 net revenues, documents must be archived for ten years. The firm plans to keep a copy of the policy server on hand for ten years, just in case it needs to access archived documents that inadvertently still have rights attached.

Burton Group's Henry also points out that many CIOs are suspicious of any security technology that places so much control, and responsibility, in the hands of individual users. That's why so many have settled for less invasive measures—such as network controls, or content sniffers—that can be managed by the IT team.

Companies that have deployed ERM usually cite ease of use and user acceptance as the most essential requirements for any ERM product. Says FGG's Elizaitis, "We're putting the onus on the authors to protect documents, so ease of use was the most important requirement." He claims their current ERM setup is minimally disruptive. "Applying rights involves two or three extra clicks for the author, who simply has to pull down a droplet and assign a policy."

Technology aside, ERM assumes all users are clearly versed in company policy, and know which documents to protect. Swisscom implemented Microsoft RMS for all 16,000 full-time employees when it upgraded to Windows 2003 server and Office Professional. According to Markus Schütz, project manager for Swisscom IT Services AG, certain documents need to be classified, and users simply need to know when to do that—with or without RMS in place. "Those decisions are made at the group company level, not at corporate. We've just provided technology that makes it easier to comply."

Finally, preserving document rights once the documents travel outside the company is generally difficult, unless recipients have rights-management software running on their machines and are connected to the policy server that enforces those rights.

Ask your business managers:

What are the key document formats that would benefit from document-level security?

Ask your COO:

Are we sufficiently protecting the information we exchange with trading partners?

Story Guide:
Digital Rights for the Enterprise Secures Sensitive Documents. Enterprise-rights management is still in its early stages, but most CIOs acknowledge a need for better document security.

  • Strategy: Enterprise-rights management controls who can do what with content, and when.
  • Limitations: ERM products remain poorly integrated with other IT processes and applications.
  • Future: Attaching rights to documents is poised to become easier, as vendors acknowledge that ERM is a feature, not a standalone market.

    Click here to download a PDF of our Enterprise Rights Management fact sheet



  •  

    Submit a Comment

    Loading Comments...