Response to Carl Weise on IRM limitations
By Simon Thorpe on Jul 03, 2008
Carl Weise was speaking at an AIIM conference on DRM and was asked about how IRM technologies play into the same space. Carl is an ECM/ERM/EMM Instructor with over twenty years of senior level records management and project management experience in the financial, IT, manufacturing, electric power and legal environments. He is also a regulatory compliance and risk management expert.
He recently blogged about his own research into IRM and found some limitations. I'm not aware of what research Carl did, although it seems mainly based on the Microsoft technology, but I want to highlight some of the limitations he discusses and explain how they don't affect the Oracle IRM technology.
First he states;
"After permission for the file has been restricted by using IRM, the access and usage restrictions are enforced no matter where the information is, because the permission to a file is stored in the document file itself."
This is true of most IRM technologies, but not Oracle IRM. One of the most important decisions in the early design of Oracle IRM, back in the late nineties, was to separate the rights from the content. The content itself does not have any knowledge of who has rights to it, it only knows of its own classification, e.g. mergers and acquisition documents or an engineering document containing valuable intellectual property. All the rights to the content are stored on the IRM server and cached to the local IRM Desktop when in use. They are then applied to content at the time of access. This is crucial to an effective and scalable IRM solution. If the content itself contains any information about the rights, then what happens when these rights change? Do you redistribute the content?
Carl goes on to highlight some of the deficiencies of an IRM solution, saying IRM cannot protect;
- Content from being erased, stolen, or captured and transmitted by malicious programs such as Trojan horses, keystroke loggers, and certain types of spy ware.
Actually Oracle IRM can prevent against this to a large degree. When accessing content using the Oracle IRM Desktop it is decrypted to a safe, protected location. The rendering application, such as Microsoft Word or Adobe Acrobat, is instantiated and the Oracle IRM Desktop gets its teeth into those apps to protect the environment. Finally the decrypted content is then handed off, in a secure manner, to the rendering application. This means the content is persistently protected from programmatic attack by Trojan horses and spy ware. This is most important when talking about the Office suite of documents which have a very open object model for programmatic control. Oracle IRM has a very sophisticated technology which prevents applications from accessing the object model for sealed Office documents.
Carl continues his analysis of what IRM cannot protect against;
- Restricted content from being hand-copied, or retyped, from a display on a recipient’s screen.
- A recipient from taking a digital photograph of the restricted content displayed on a screen.
- Restricted content from being copied by using third-party screen-capture programs.
This is an interesting area of discussion. The Oracle IRM technology has quite advanced protection against screen grabbing. There is the basic protection when pressing the Print Screen button in Windows but also advanced protection against third party screen grabbers. This functionality is implemented in many areas by protecting Windows/DirectX API calls and also monitoring video memory.
This does not however protect against someone retyping information, discussing the content of documents verbally or using a digital camera and literally taking a photograph of the screen. But there is still great value in implementing screen grab protection. Security is all about barriers, nothing is 100% secure. So having the protection is at least one barrier to protecting the information. It is also a very good way to inform an end user that content is protected. The Oracle IRM team have spent the past 10 years not only making the technology secure but also making the end user experience as smooth and transparent as possible. Therefore most end users don't really know they are using protected content until they do something like take a screen shot. At this point they see an image like the one below where only the area on the screen the content is being displayed is protected.
Note that other IRM technologies are not as mature in this respect, they disable the ability to screen grab entirely when protected content is open. Oracle just protects the area on screen sealed content is being displayed, therefore allowing the end user to continue to grab any unprotected content.
Most users when seeing the fact the screen protection exists are quite surprised. Combine this with the knowledge that every single time you opened a piece of sealed content it is audited with things like your username, IP addresses, location and name of the file you opened. Most users feel that they need to be very careful about repurposing sensitive information, even verbally, because the author/owner of the content is aware they've consumed the information.