Comparing IRM, DRM, DLP and Perimeter-centric security technologies
| Parameter | IRM | DRM |
DLP |
Perimeter Security |
| General | IRM is a method of controlling usage of information independent of its locations. Most IRM systems allow control and auditing of information even after distribution | DRM is a method of preventing unauthorized usage of digital media. It typically relies on methods to lock information to physical devices | DLP is a method to control movement and distribution of digital information. It works by defining device and information specific policies for movement of information | Perimeter security systems like Firewalls are meant to prevent unauthorized access to information by controlling the entry points to the information |
| Information/Format focus | Documents, Spreadsheets, Presentations, Emails, Engineering drawings | Music, Video | Documents and emails | All |
| Encryption used | Various. Typically public 256-bit encryption algorithms | Various. Typically public 256 bit encryption algorithms | Various. Typically public 256 bit encryption algorithms | Various… typically public 256 bit encryption algorithms |
| Device focus | Device agnostic, information could be anywhere | Typically focuses on specific devices like MP3 players and computers | Focused on desktops and gateways as a method of protection | Focused on desktops and gateways as a method of protection |
| Method of protection | Encryption with central storage of key | Encryption with keys sometimes stored centrally | Preventing information by controlling the "access" points i.e. ports, networks etc. | Authorization of users by username/password/token |
| Method of control | Can control individual actions on information i.e. view, print, edit, distribute etc. | Typically controls access (yes/no) with time and number of times of use (3 days/2 times) | Checks information for compliance to policies before it is allowed to be distributed via network, USB, CD etc. | No control exercised after access |
| Track usage | Can track individual actions like view, edit, print and report centrally | Sometimes reports centrally | Various | None |
| Policy location | Central server | Typically embedded within the information | Within the device and controlled centrally | In the device/system |
| Connectivity requirements | Typically needs connectivity to central server. Offline access also possible | Typically needs connectivity to central server. Offline access also possible | Definitely needs access to central server | Solution dependent |
| Exposure of other risks like Trojans, keystroke capture tools, etc. | Minimized as the rendering application is controlled by the IRM system | No effect | No effect | No effect |
| Exposure to "analog leaks" i.e. Screen grabbing, video filming, other forms of recording | Screen grabbing can be controlled but not video filming or photography | Completely exposed to such leaks | Completely exposed to such leaks | Completely exposed to such leaks |
| Restrictions on transmission | None | None | Completely exposed to such leaksAs per defined policies | As per defined policies |
| Granularity of controls | Who can use the information: people, groups What: View, Edit, Print, Distribute When: Dates, timespans Where: IP addresses, computers |
Specific computers or devices, Dates, Number of times of use | Yes/No/Distribute | Yes/No |
| Implementation of pay-per-use models | Typically pre-integrated | Pre-integrated | No | No |
Metrics for evaluation of IRM technologies
Features: Support for common document formats, security within and outside of the organization, configurable watermarks in prints, audit tracking authorized and unauthorized events,
Security: Control who (people, groups), what (view, edit, print, distribute), when (dates, timespans & where (locations, computers), prevent screen grabbing and screen sharing, industry standard encryption algorithm,
Ease of use and administration: Internal and third party authentication, document and folder based rights, Centralized policy definition, support for remote deployment, should support virtualized environments, support for transfer of ownership of information
Compliance: Compliance with ISO/SOX/HIPAA
Integrability: Should provide interfaces for integration with (multiple) existing systems.
Dos and Don’ts in deploying IRM technologies
- Ensure that organization security policies are defined
- Ensure that the IRM system can work along with existing document handling systems
- Define policy templates which can readily be used by end users
- Ensure local support in the first month of the system going live
- Ensure that training and security awareness programs incorporate this technology for driving the usage of the system
IRM technology is slowly becoming one of the default infrastructures for security in an organization. Adoption of this technology needs to done in phases starting from the source of confidential information and moving out to the usage.
Facebook
Twitter
Reddit
Digg
Stumble Upon
Mixx
