Archive

Posts Tagged ‘Information rights management’

The Myth of Privacy 2.0

May 31, 2011 Leave a comment

Recent headlines around privacy, super injunctions and scandals involving celebrities, sports stars and bankers make it seem like something new and dangerous has appeared out of the ether, when in fact it is nothing other than the usual, albeit grossly exaggerated, effect of disruptive technologies and their use /  abuse, laced with a titillating hint of salacious gossip fodder. The rest is history, or not.

 

Internet technologies and social media applications like Twitter, Facebook and YouTube have made it child’s play for anyone to create instantaneous headline / publicity, or what I call a “flash buzz”, over almost any topic, event or person. There is no gainsaying the fact that social media has established itself as a bonafide media channel through which people can get the fastest and most direct access to world events, and to each other. But this is only just the beginning, if you consider the mountains of so called big data being fed each and every second by these, and other sources of information.

Once upon a time news information trickled down through well established but rather narrow media channels (i.e. news print, Radio and TV), but that trickle has become a fast moving stream, full of all any kind of debris (i.e. meaningless chatter) and valuable nuggets of information about you, your friends (or followers, fans, contacts etc.) and any number of other people. When combined with other Internet applications, such as the World Wide Web and a good search engine, no topic is out of reach for an intrepid seeker. So where does this leave us? What will happen to the existing media / information channels; will they be swallowed up by the deluge of information and get lost in the remarkably high noise-to-signal ratio? Will established media channels, businesses and industry go the way of the music industry?

I think not, because thankfully, there is still something to be said for the perceived authority of the printed word, and many people will still probably take the words on a printed sheet over words on a screen. Also, despite the wow factor of a new information source / channel offered by social media applications, it is still just that; only another source or channel for information. They are not mutually exclusive, and in fact people even use multiple information channels simultaneously. But what has this got to do with privacy?

Why, everything. The increasing trend for easily accessible data, information and knowledge streams means that sooner or later, and to varying degrees of completeness and accuracy, your so called private information will become available online, if it is not already out there. But what does this mean for ordinary individuals that go about minding their own business? Not much, I imagine, but for those with something to hide, or protect (in good cause or not), this can be a very real problem as the recent controversy over super injunctions in the UK will attest. Furthermore, for enterprises that make it a key activity to interact and deal directly with customers, this can be a gold mine (or just a plain minefield) to be navigated and exploited with extreme care as significant legal battles will likely continue to be fought over this particular topic.

In any case, one thing that seemingly escapes attention in the increasingly episodic furore over privacy is that the upcoming generation of Internet savvy digital natives may not see privacy in the same light our current generation of digital immigrants do. If social media was the norm at the time of your birth, or before, then it may be fair to ask just what the fuss is all about.

Advertisements

Tech Predictions 2009: A more sensible approach to de-risking data loss

December 17, 2008 Leave a comment

This is one that should have happened a while back, given that all the technology pieces are in place and readily available, but fear not, 2009 will be the year for comprehensive information rights management. Yes, I said it.


The technologies that can be used to provide persistent protection for enterprise content have existed for several years as a product, or suite of products, known as Enterprise Digital Rights Management (ERM), or more recently Information Rights Management (IRM). Unfortunately, the take-up of these products has not been as robust as might reasonably be expected for such a useful enterprise capability. It quickly became clear that these types of defensive technologies, which do not generate immediate / obvious revenue, are relatively expendable in pursuit of the bottom line. Perhaps, as a consequence, the industry recently underwent consolidation, (mostly through acquisition by larger players), into a handful of information lifecycle management solution providers that offer Enterprise DRM / Information Rights Management solutions among their arsenal of products and capabilities. Key players now include: Adobe, Microsoft, Oracle (via acquisition of Stellent / SealedMedia), EMC (via acquisition of Documentum & Authentica) and Liquid Machines. 

So what has changed, and why should 2009 be any different?

  1. Well for one thing, the frequent reports of data loss incidents mean that the corporate world has had to start looking at ways to prevent future mishaps. However, even current initiatives like wholesale corporate data encryption and data loss prevention strategies are not totally fool proof; therefore many organisations are still likely to need a more effective approach towards managing and securing information, especially one that will work even after data is lost or misplaced.
  2. Secondly, there are signs that ERM vendors are waking up to the key role they have to play in creating the ecosystem of solutions required to tackle data loss issues head-on. For example, some vendors have begun integrating their ERM products with existing Data Loss Prevention systems in order to provide effective control of information, both within and outside the enterprise security perimeter, (i.e. in the Jericho philosophy of deperimeterised security).
  3. Finally, although ERM is a direct offshoot of media Digital Rights Management (DRM), and provides similar capabilities for content control, it is unlikely to face the same fate as the latter, (see more on this from my DRM blog), for the simple reason that they serve very different markets / needs. A recent study of the ERM market shows a steady increase in awareness and adoption by organisations in various sectors like finance, healthcare and IT consulting among others

.In light of the above, I believe it that we shall start to see more examples of holistic security and information management as a major step towards mitigating the risk of data loss. The solutions, like the problems they solve, are not restricted to one product, channel or strategy; therefore it would most likely be achieved via a combination of components that include: ERM / IRM solutions; DLP systems; enhanced Information Security Policies; and the traditional corporate security and perimeter defence mechanisms.

>>===

Note: Originally posted on Capgemini’s Technology blog.  You can see the original post, including comments, at: http://www.capgemini.com/technology-blog/2008/11/help_theres_an_architect_in_th.php

No More Data Loss?

April 22, 2008 Leave a comment

Signs abound that the previously quiet realm of enterprise DRM is now making the must have list for enterprise security system vendors. This promises the potential for enterprises to gain full control of corporate information and data even outside the traditional security environment.

Like anything else in life it often takes a calamity to jumpstart what should have been an obvious requirement in the first instance. After last year’s data loss debacle, many public and private services organisations have had to take a fresh look at how to mitigate the risk associated with data loss. The upshot of this is the recognition of a need for information control even outside traditional corporate security perimeters, a problem that is neatly solved by enterprise DRM solutions as shown in the diagram below.

Although most organisations already have some form of perimeter security mechanisms (e.g. firewalls, data encryption and authentication), many have not bothered too much with the question of what happens if and when information leaves the premises on USB memory sticks or CDRs – a method frequently used by their own employees. However, it all looks set to change now as traditional enterprise security vendors are looking at including this level of control into their offerings.

Diagram showing Traditional Enterprise Security vs. Additional Enterprise DRM

Diagram showing Traditional Enterprise Security vs. Additional Enterprise DRM

(Source: The World Beyond Digital Rights Management, BCS 2007)

According to an article on DRMwatch, some enterprise content management vendors already recognised the need to control information in this way and acquired relevant companies and products into their portfolios. However, it has taken slightly longer for enterprise security solution vendors, who might be considered a more natural fit, to start integrating this capability into their solutions in order to create a holistic offering that delivers both internal and external control over enterprise data. The hope is that public and private sector organisations will jump on board and buy / implement these solutions with some alacrity, but enterprise customers just like ordinary consumers sometimes do the unexpected. We await further developments with eager anticipation.

——-

Note: This post was previously published on my BCS DRM Blog, where you can find the original post, and reader comments, in the archives.