Metrics to evaluate IRM technologies

by Vishal Gupta    Apr 30, 2010

Comparing IRM, DRM, DLP and Perimeter-centric security technologies

 Parameter  IRM DRM
DLP
 Perimeter Security
 General IRM is a method of controlling usage of information independent of its locations. Most IRM systems allow control and auditing of information even after distribution  DRM is a method of preventing unauthorized usage of digital media. It typically relies on methods to lock information to physical devices  DLP is a method to control movement and distribution of digital information. It works by defining device and information specific policies for movement of information  Perimeter security systems like Firewalls are meant to prevent unauthorized access to information by controlling the entry points to the information
 Information/Format focus Documents, Spreadsheets, Presentations, Emails, Engineering drawings  Music, Video  Documents and emails  All
 Encryption used Various. Typically public 256-bit encryption algorithms  Various. Typically public 256 bit encryption algorithms  Various. Typically public 256 bit encryption algorithms  Various… typically public 256 bit encryption algorithms
 Device focus Device agnostic, information could be anywhere  Typically focuses on specific devices like MP3 players and computers  Focused on desktops and gateways as a method of protection  Focused on desktops and gateways as a method of protection
 Method of protection Encryption with central storage of key  Encryption with keys sometimes stored centrally  Preventing information by controlling the "access" points i.e. ports, networks etc.  Authorization of users by username/password/token
 Method of control Can control individual actions on information i.e. view, print, edit, distribute etc.  Typically controls access (yes/no) with time and number of times of use (3 days/2 times)  Checks information for compliance to policies before it is allowed to be distributed  via network, USB, CD etc.  No control exercised after access
 Track usage Can track individual actions like view, edit, print and report centrally  Sometimes reports centrally  Various  None
 Policy location Central server  Typically embedded within the information  Within the device and controlled centrally  In the device/system
 Connectivity requirements Typically needs connectivity to central server. Offline access also possible  Typically needs connectivity to central server. Offline access also possible  Definitely needs access to central server  Solution dependent
 Exposure of other risks like Trojans, keystroke capture tools, etc. Minimized as the rendering application is controlled by the IRM system  No effect  No effect  No effect
 Exposure to "analog leaks" i.e. Screen grabbing, video filming, other forms of recording Screen grabbing can be controlled but not video filming or photography  Completely exposed to such leaks  Completely exposed to such leaks  Completely exposed to such leaks
Restrictions on transmission  None  None  Completely exposed to such leaksAs per defined policies  As per defined policies
Granularity of controls Who can use the information: people, groups
What: View, Edit, Print, Distribute
When: Dates, timespans
Where: IP addresses, computers
 Specific computers or devices, Dates, Number of times of use  Yes/No/Distribute  Yes/No
Implementation of pay-per-use models  Typically pre-integrated  Pre-integrated  No  No

Metrics for evaluation of IRM technologies
Features: Support for common document formats, security within and outside of the organization, configurable watermarks in prints, audit tracking authorized and unauthorized events,

Security: Control who (people, groups), what (view, edit, print, distribute), when (dates, timespans & where (locations, computers), prevent screen grabbing and screen sharing, industry standard encryption algorithm,

Ease of use and administration: Internal and third party authentication, document and folder based rights, Centralized policy definition, support for remote deployment, should support virtualized environments, support for transfer of ownership of information

Compliance: Compliance with ISO/SOX/HIPAA

Integrability: Should provide interfaces for integration with (multiple) existing systems.

Dos and Don’ts in deploying IRM technologies
- Ensure that organization security policies are defined
- Ensure that the IRM system can work along with existing document handling systems
- Define policy templates which can readily be used by end users
- Ensure local support in the first month of the system going live
- Ensure that training and security awareness programs incorporate this technology for driving the usage of the system

IRM technology is slowly becoming one of the default infrastructures for security in an organization. Adoption of this technology needs to done in phases starting from the source of confidential information and moving out to the usage.