This article can also be found in the Premium Editorial Download "Information Security magazine: Symantec 2.0: Evaluating their recent acquisitions."
Download it now to read this article plus other related content.
DIGITAL RIGHTS MANAGEMENT
Enterprise Digital Rights Management 5.0
REVIEWED BY MIKE CHAPPLE
Price: Starts at $50,000 for the core system with
Digital rights management is a hot issue. Proliferation of portable media, mobile computers and ubiquitous network access poses substantial risk to proprietary information. SealedMedia's E-DRM offers a flexible, scalable approach to solving this problem, combining an intuitive administrative interface with a mostly transparent user agent.
Policy Control A
E-DRM's granular policy controls are impressive. In addition to the privileges you'd expect, such as open, print, copy and edit, E-DRM allows you to control the use of formulas, force change tracking and limit the ability of users to annotate documents, among other rights.
Content owners may specify the duration of offline licenses as well to protect content on devices—typically laptops—that may be lost, stolen, or kept by former employees.
The core system, as shipped, allows you to protect commonly used content types, including MS Office, Acrobat and text documents. Licenses to protect additional content types are available for additional fees.
The flexible administrative rights delegation hierarchy allows you to implement role-based access controls, granting different levels of administrators varying privileges within their security contexts.
Initial installation is a bit laborious, as it requires you to install an MS SQL Server database, license server, gateway and management console. However, once you work through that process, application configuration is straightforward. You use the management console to create users and groups, delegate administrative privileges, manage contexts and create audit reports. This is all accomplished through an intuitive GUI. Users must install a simple client using a wizard-driven process. The core E-DRM system uses standalone password authentication; organizations wishing to integrate with an existing Windows domain must purchase an additional license.
On most counts, we were impressed with the product's effectiveness. All of the functions we tested worked flawlessly, and we were unable to defeat E-DRM's access controls. E-DRM even prevented us from taking a screenshot of a protected document by replacing the document image with a SealedMedia watermark. E-DRM uses appropriate encryption algorithms (AES with 128-bit keys for bulk cryptography and RSA with 1024-bit keys for client/server communication).
However, we were disappointed by SealedMedia's refusal to answer a few reasonable questions about key management, claiming that keys are protected using a proprietary key management algorithm. The company did reveal that keys are stored in a database on the client, which is protected by a system-specific key, but would not describe the security controls for that key. We could not give E-DRM a higher grade here without knowing if the system-specific key is secure.
E-DRM provides everything an administrator or auditor might want to know about digital content management. Available reports include account operations, management activities, and successful and failed attempts to exercise content rights. Administrators may break down reports by user, item and context.
E-DRM does an effective job of content security. Other than our concerns about the transparency of the product's key management processes, it's an effective, scalable enterprise content management solution.
Testing methodology: E-DRM was tested in a Windows Server 2003 and Windows XP environment. We ran the license server on SQL Server 2005 Express Edition and tested E-DRM with documents created in Microsoft Office, as well as with standard text files.
This was first published in November 2006