SOX (2002), HIPPA (1996), Basel II (2004) and FRCP e-Discovery (2006) compliance drives the market in the US, requiring E-DRM in most private and public organizations.
Privacy Protection Act in Korea and Japan requires E-DRM in most organizations.
Increasing cases of information leaks
Organizations began to realize that most information leaks are committed by insiders, ex-employees or partners and that the damage rate could be a helpless ‘threat’ to competitiveness.
From "2006 Annual Study: Cost of a Data Breach": Lost or stolen customer information cost surveyed companies as much as $22 million. Average cost per lost customer record was $182. Incremental expenditures alone averaged $1.4 million per incident.
Enterprise DRM Market Responses
The waves of M&A
Adobe acquired FileLine DRM division of Navisware (January, 2006).
EMC acquired Authentica (March, 2006).
Stellent acquired SealedMedia (August, 2006)
*Oracle acquired Stellent (November, 2006)
Turning to a tornado market, but with no dominant player yet. Currently segmented by Microsoft, Fasoo.com, Adobe, EMC (Authentica), Oracle(SealedMedia), and Liquid Machines.
ECM vendors began to recognize Enterprise DRM as its fundamental security infrastructure.
MFP vendors began to integrate DRM solution into their systems
The first comprehensive market study for Enterprise DRM is published in June, 2008, by Gilbane Group, reflecting the current E-DRM market growth
Granularity of Controls Protection of data in transit Protection of data at rest Protection of data in use Usage Access Inter-organization Communication Knowledge Management Regulatory Compliance Enterprise DRM Data Loss Prevention Public Key Infrastructure Enterprise Content Management Network Transport Encryption Full Disk Encryption
Increased risk of losing confidential information: The volume of documents shared explodes due to the successful adoption of document distribution/management systems. Loss of data from insiders are increasing dramatically.
Existing security solutions are effective to protect from outsiders but fail to prevent document leak by authorized users (insiders)
Requirements of Enterprise DRM
Organizations is seeking for a solution that controls, secures and tracks sensitive documents persistently, including authorized use.
Persistent protection of sensitive documents
Protecting information, even after it has been delivered, is strongly required in the market.
Enables persistent control of document use
Who and where (device, network address, …)
How (View, Print, Edit, Copy/Paste, Screen capture, Revoke, … )
When (period, how long, how many, …)
Tracks the log of document usages
Systematic solution against document leak by the authorized users (solution for insider threat management).
Authorized User Authorized User Unauthorized User File-server Application Systems (EDMS, KMS, etc.) Unauthorized User Unauthorized User Unauthorized User Partner Hackers Firewall, IDS, VPN, Date encryption, Authentication, ACL, PKI, …
Competitive Landscape High Low High Security Any application Limited 2) Limited 1) Applicability EMC, Oracle Plug-In Fasoo Microsoft Vendors Overriding (Hooking) Embedded 1) Applicable only if its source code is available 2) Applicable when Plug-in is allowed Comparison of DRM Client Technologies Applications & File Formats Supported by Fasoo’s E- DRM Suites psd, ai, bmp, tiff, jpg, gif, png Adobe Photoshop, Adobe Illustrator, MS Paint, ACD See Image Files avi, mpg, mpeg, mp3, wma, wmv, asf, mid, wav Windows Media Player Multi Media Files dwg, catpart, catproduct, prt, asm, mf1, mf2, sldprt, sldasm Autocad, Catia, Pro-E, I-deas, Solid Works CAD Documents doc, xls, ppt, pdf, hwp Microsoft Office, Acrobat, Area Hangul, Notepad, WordPad Documents Typical File Formats 3) Native Applications 3) 3) Upon request, others can also be supportable Comparison of Security Domains 1) Supported * **** Liquid Machines ** ** * Microsoft * * Adobe ** * * **** Oracle * ** EMC ** ***** ***** ***** Fasoo Web Ad-hoc PC Server App Content Management Solutions Rendering Applications MS Office Adobe Acrobat CAD Others Others Documentum Stellent Fasoo’s DRM Client technology allows wide range of permission controls by controlling rendering apps Other DRM vendors’ solution does not cover all security domain (e.g., file creation) Organizations are using variety of rendering apps, yet other vendors only support limited apps. DRM solution must support multiple server applications, DMS, KMS, CMS, etc.
◀ Nikkei (Jun . 10, 2005) ◀ ww.abcnews.com (Aug. 16, 2007) ▼ Gilbane Group E-DRM Report (Aug, 2008) Korea-based fasoo.com, on the other hands, is attempting to cover many different corners of the DRM map, all at once. Fasoo makes separate DRM products for PCs, Web sites, enterprise servers, file servers, and P2P, said Gyubong Kim, director of the vendor’s Business Division, during a conversation with Ziff Davis Internet. A more recent approach, known as application rewriting, involves patching the application's machine code at runtime so that instead of performing I/O operations, the application first calls the DRM engine to determine whether the user has the rights to those operations. Liquid Machines and Fasoo.com of South Korea use this approach.
Enhancement of technology empowering security & usability.
Diversifying Product Line
Expanding the DRM service coverage to professional document types such as CAD, GIS, graphic, code, …
Office, PDF, CAD / IE / Windows GIS, Source Code, Graphic / FF / Windows (64-bit) Open Office / Chrome / Mac , Linux, Unix *Rendering Apps / Web Browser / Operating System DRM Solution for Professionals DRM ONE for CAD DRM ONE for GIS DRM ONE for GRAPHIC DRM ONE for CODE
Vision Expanding E-DRM Coverage and Product Line to Professional Area, such as CAD, Graphic, GIS, Code Making E-DRM as an Essential Enterprise Solution Establishing Fasoo E-DRM as a “de Facto” Standard