Monday, February 27, 2006

imho DRM8


Found content:

My take:

DRM is another name for content and/or code license management technology. As such, DRM doesn’t differ in principle from the discretionary access controls supported in many operating environments, database management systems, and document repositories. Call it discretionary rights management.

DRM has gained an ideological black eye in the B2C space due to recent PR fiascos such as Sony’s desktop-security-violating XCP rootkit. But DRM has gained a significant and growing niche in the business world as a tool for binding access controls persistently to corporate documents. As the referenced article points out, DRM is being used to enforce security classifications on internally distributed materials within organizations; to keep tabs on who accesses what information; and to prevent users from performing certain document functions (such as printing, copy/pasting, and forwarding) that content owners prohibit. Nothing terribly sinister about any of that. All of this is well within the controls that security-sensitive organizations have long enforced on paper documents. Principal vendors of DRM for corporate content management include Adobe, Microsoft, SafeNet, and SealedMedia.

Software activation is another hot area where DRM-like technologies are being applied in the corporate world. Software activation tools (which look, walk, and quack like DRM, but in a different pond from content DRM) allow developers to enforce a dizzying range of controls on distribution, installation, and usage of their products: automatic, secure, connected, or disconnected software activation; trial, perpetual, subscription, metered usage-based, rental, superdistribution, upgrade, or other licenses; automatic node-locking by hardware serial numbers, BIOS signatures, OS product identifiers, MAC addresses, and vendor hidden cryptographic hashes; fixed expiration or set number of program executions; etc etc etc. Check out software activation/licensing/metering tools from Agilis, Aladdin, Bysses, CrypKey, Macrovision, Nalpeiron, SafeNet, Sofpro, Pingram, and SoftwareKey

Once again, software publishers have been doing software-activation DRM—by various names--since the dawn of computing. Nothing controversial about any of this.

Of course, no two DRM (content or code) vendors implement the same approach. All of these tools embody proprietary DRM approaches. Each DRM environment is its own self-contained virtual fortress. Every real-world customer deployment of these tools adds another disconnected island of self-protecting license-aware walled-off content/code to your corporate information architecture. More virtual barriers preventing you and your colleagues from sharing, reusing, leveraging, mashing, mixing, slicing, dicing, and recombining data and code in the service of corporate agility. And service-oriented everything.

Not that there’s anything wrong with that.