This is an excellent example of IRM being used in a cloud environment.

However, this only works for documents that are processed by "classical" desktop applications.

What about SaaS, where data are not processed locally, but everything is done in the cloud – e.g. with Google Apps or similar? If access control of the SaaS service is reliable (and manageable), in such a scenario one can collaborate without having to worry about uncontrolled dissimination. But I do not see how to use ERM/IRM to control the cloud service provider in that scenario. (Maybe SaaS is just not the way to go for critical company data…)

I had a chat with Martin Kuppinger on this some months ago and he has also blogged on the topic here ..

http://blogs.kuppingercole.com/kuppinger/2009/10/…

Cheers,

Vishal

http://edrm.blogspot.com/2008/02/hiccups-in-consu…

Frankly I think the DRM and IRM markets are unlikely to converge.

The DRM market will, in my opinion be dominated by "player" providers where they build in the rights management capabilities within the app itself like what itunes does or Windows player or Kindle.

The IRM market will be dominated by exactly the opposite profile i.e. cross-application rights management providers who give enterprises the freedom to choose their IT infrastructure and make sure that rights management can be an under lying infrastructure powering data within desktop, mobile devices, applications, …

After reading your post I see you were asking about Oracle technologies that actually protect the interface (HTML, images) itself. We've not yet created this sort of protection in the product mainly because the biggest risks right now are documents and in general, application access controls are adequate. We have built some very nice technology demonstrators which redirect entire application web based UI's via an Oracle IRM proxy which simply seals, in real time, all the traffic and sends onto the client.

Thanks for the response. You'll find a lot of in depth information on the technology on the Oracle IRM blog, http://blogs.oracle.com/irm/. The quick guide takes you through the process of installing and piloting an IRM solution. You'll also find the following articles give a good background on the technology. If you really want to get your hands dirty, please contact me and I can arrange for a evaluation of the technology. We have prebuilt VM's which require only a hostname and IP address and you are ready to secure some documents.

Oracle IRM allowing the business to balance security, usability and manageability for document security. http://blogs.oracle.com/irm/2009/11/the_importanc…

Oracle IRM and the evolution of "information-centric" security http://blogs.oracle.com/irm/2009/11/oracle_irm_an…

Oracle IRM contexts, a smart way to implement your corporate classification policies http://blogs.oracle.com/irm/2009/10/oracle_irm_co…

With regards to applications, we have already released one integration with the Oracle Beehive 2.0 collaboration suite. We have customers who have integrated IRM into SharePoint, SAP, Oracle applications and we are currently working with the leading DLP vendors to create synergy between IRM and DLP solutions.

The future of Oracle IRM is that it will be the document security solution for protecting sensitive content available for export from all the Oracle applications. As one CIO said in a meeting, "I understand the need to have centralized and strong security to my applications to ensure as employee's leave they no longer have access. However a greater risk and fear is how to control access to the hundreds of documents they've already copied to their external drives and DVDs"

But bear in mind, most of the IT innovations came through consumer apps (e.g. Banking), so I hope that Oracle will be successful with these types of applications…

Where this model breaks is when the content (a video, email, spreadsheet, etc) is being used in a highly collaborative environment or where the rights to the content changes and crosses many boundaries/domains. IRM allows you to secure information by simply classifying it. The rights are totally separate on a server which can be changed at any time. A customer list spreadsheet could be stored in the cloud, a thousand sales people have access to it. After 6 months, 1/2 that sales force leaves the company and we hire more… access changes on the IRM server… but the same document resides in the cloud. The rights change, the document doesn't. This is a core difference between IRM and DRM.

So I disagree that the iTunes store is the next big eDRM/IRM application. the iTunes store is ALREADY a successful DRM solution. But from the perspective of storing your sensitive information in the cloud, IRM is currently solving that problem and leading the way.

Rights management in general, both DRM and IRM, are good extensions to existing security of business information when it lives in the cloud. A current problem with the cloud is the obvious cost savings of someone else running the servers, managing system upgrades etc. But the big downside of not having control over the security of that information. Once IRM has secured the data, you can allow the cloud to manage the data, but you own the keys to manage the access to the data.

So key to this solution, is a model which allows the business to control the security, whilst the cloud manages storage, networks etc. Whatever solution is used MUST also support the constant change of business roles and policy. For example, someone secures an engineering research document with IRM and stores it in the cloud. Then lets say the engineer leaves the company… who owns the file? Who can take ownership? This is where DRM fails.. both IRM and DRM use cryptography and a rights model, but IRM focuses on the use cases which separate rights information from the information itself. DRM classically doesn't do this.

The leading technologies that could really solve the issue of protecting documents, rich media (video, images, music) and emails in the cloud come from Oracle, Microsoft and EMC via IRM solutions. Will these models start to integrate with DRM technologies to provide a wider array of security across more formats, more devices and also applications? It is likely… but this is a space which will be led from IRM not DRM.

Would Apple design and sell a DRM solution to a company to secure their intellectual property, engineering data, HR information, financial documents? Unlikely… Do Oracle, who sell the leading business application software, running on the industry leading middleware platforms, secured by the industry leading security software… integrate and deliver a solution for ensuring a business has total control over its information even beyond their enterprise perimeters and into the cloud?

They already do…

DRM is, and always has been, consumer focused. So there may well be DRM in the cloud solutions, but they will not work well for the business. IRM is business focused and already is securing business data that exists beyond the traditional enterprise networks…