IRM, ERM, EDRM, DRM! What does it all mean?
By Simon Thorpe on Oct 09, 2009
When talking with customers they often ask if Oracle IRM is a DRM technology. I thought I would therefore go over the main differences between the consumer technology world of DRM and the business world of IRM (or ERM/EDRM). First lets detail what the acronyms stand for.
- IRM - Information Rights Management
- DRM - Digital Rights Management
- EDRM - Enterprise Digital Rights Management
- ERM - Enterprise Rights Management
- RMS - Rights Management Services, specific to the Microsoft IRM technology
Whilst at first glance it might seem like all of these technologies do the same thing, DRM is the odd one out and the others can be grouped together. In the early days IRM technologies were initially labeled as ERM in an attempt to separate them from DRM, the term IRM came later as the market matured. For simplicity sake in this article, technologies such as ERM, EDRM and RMS will be discussed under the acronym IRM unless specifically mentioned.
What is the difference between DRM and IRM?
All of the technologies above use encryption to protect digital content and apply some form of rights control so the owner of the information can control who can open it, that is where the similarities end and confusion begins. There are some general statements which can be made to define the differences between the two.
- DRM refers to technologies that control access to common media formats, such as music, video and digitally published material (e.g. high value financial analysis reports)
- IRM refers to technologies which control access to enterprise generated content, such as engineering intellectual property, HR documents, patient health records, company financial reports, sensitive email communication
- Most enterprise based technologies (although not Oracle IRM) were developed from either an existing DRM technology, or at least from the same ideals and methods
The first two points are very important with regards to how the technologies are perceived by end users and the main goal for the implementation of the technology. Consider the following scenarios.
1. You purchase a favorite song in a digital form and download to your computer. You want to play this song on both your laptop, mp3 player and also in your home CD player. Yet due to a technology used by the retailer that sold you the song, you can only play the music on a limited number of devices.
2. Your doctor stores your health information on his laptop inside documents that are encrypted and use rights controls to ensure only your doctor and authorized medical staff can open them.
DRM applies to the first situation and consumers are typically unhappy that technology is trying to dictate what they can do with content they've purchased. People are used to playing their music on a variety of devices and want to copy the information to whatever device they wish. DRM is typically about protecting the rights of the content owner from being abused, the consumer of that information doesn't necessarily care about the mis-use of the content. This has led to a constant battle between DRM technologies and the users, with thousands trying to break/hack the DRM so they can use content as they wish.
IRM however addresses a very different issue. It is about helping businesses keep secrets a secret. That information might be your health records, your personal HR data at your place of work, it might be the intellectual property your company owns which allow it to keep ahead of the competition and keep you employed. End users have a very different view of IRM, they want to use it, it helps protect them and their companies data.
So DRM focuses mainly on protecting business to consumer type content, where IRM focuses on enterprise content. This is important because it drives the technology in different ways. For instance, consider the following.
DRM protects a single file which is to only be opened by the purchaser, so the rights are embedded and delivered with the file. This works in a DRM model, because you want only the end user to access the content.
IRM typically is used in different scenarios, such as;
IRM protects a single file which is to be opened by 500 sales employees. After 6 months, 1/2 of the employees leave the company taking a copy of the file with them and another 250 people are hired. Of these people, 15 were promoted to manager and their rights to the document is increased so they are allowed to print copies.
To support the above you can't store any rights specific information in the document itself because the rights do change over time. You need to have a way to change rights to the document with having to re-distribute it. Oracle IRM does this by separating the rights from the content. Oracle IRM has, from day one, kept all rights information outside the file itself and on the network server. Access and rights are granted at the point when the document is opened. Locally cached rights, an authenticated user and the encrypted document, all come together at once.
Other IRM technologies have been developed from DRM technologies or they have used the same design methods. This is what prevents them from being truly enterprise scalable.
Finally, IRM can be used to solve some DRM problems. Oracle IRM has been successfully implemented by publishers to protect high value content in PDF documents. This is a classic business to consumer model but Oracle IRM, due to it's scalable and more effective implementation of encryption, works and can deliver an effective solution.