Agree with you on most points with you. The first thing that IMHO enterprises have to ensure is "end-to-end" encryption of data through the life cycle of creation – storage – transmission – use & destruction. Hearltland CEO himself underlined this need ( http://www.networkworld.com/news/2009/012309-hear… ). I believe that IRM can solve a lot of the issues provided it is built into the transactional systems themselves. We recently had SAPs global head of delivery blogging on our blog on the need for IRM within transactional and KM kind of systems ( http://seclore.blogspot.com/2009/02/knowlegde-man… ).

This however still does not prevent the man behind you and keystroke loggers for which the solution lies in basic antivirus-antispyware-anti-… kind of systems.

The holy grail, is to make IRM technology format and platform agnostic, which, like you said, is no easy task and looks difficult for out-of-the-box solutions but I think a rapidly customizable IRM framework might be the answer here.

Vishal