Jimi,
The purpose of most IRM software is not to stop
malicious intent of people using tools like you
described. All systems can be gotten around with
enough intent. For most organisations this is a
sackable or criminal/jailable act (depends on where
you work). IRM and the like are to stop the accidents
of forwarding to friends, friends forwarding to
friends, those friends forwarding to the press for
example and loosing control of some IP or information
that ends up in the wrong hands and outside of your
organisation. Yes you could even put your laptop on
the photocopier also :-)
At the end of the day it is a security policy not a
security enforcement. It requires the author to define
the importance of the document/email, not everything
gets pretected.
Josh
--- Jimi Thompson <jimi.thompson@gmail.com> wrote:
The DRM stuff is all a seriously bad joke that's
been played out on
management. You still have to TRUST the people that
work there. If I
can display it on my screen, no matter what else
fails I can get my
nifty camera and take a photograph of the document
or whatever I'm not
supposed to be able to pass around. If I can play
it through my
speakers or headphones, I can whip out my trusty old
casette recorder
and tape it. Where's your DRM then? Neither of
these are
particularly high-tech approaches and are well
within the reach of the
average schmoe.
Further more, if I have sufficient rights to open a
document, let say
that I copy and paste from the contents of your DRM
document into a
new document. How do you track the rights to that?
It's better to
be loyal to your employees so that they are loyal to
the company and
don't want to sell you out to begin with. More
software isn't going
to fix that.
2 cents,
On Thu, 18 Nov 2004 14:06:11 -0500, Thompson,
Tichard
<tichard.thompson@pharma.com> wrote:
Checkout LiquidMachines which is a stand alone
product and also
works with an existing RMS infrastructure. Also
look at Authentica.
Their solutions are a lot better as well as being
a lot more expensive.
T.J CISSP
-----Original Message-----
From: Lists [mailto:sakaba@alexandria.cc]
Sent: Friday, November 12, 2004 7:30 PM
To: <focus-ms@securityfocus.com>
<focus-ms@securityfocus.com>
Subject: Microsoft rights management server
alternatives
Hi everyone,
I am looking into rolling out a solution like
microsoft rights server
that can encrypt files and assign decrypt rights.
I know of Hibun in
Japan as well by Hitachi and was wondering if
anyone was using anything
else.
Regards,
sakaba
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
--
Thanks,
Jimi
---------------------------------------------------------------------------
---------------------------------------------------------------------------
___________________________________________________________
Moving house? Beach bar in Thailand? New Wardrobe? Win £10k with Yahoo! Mail to
make your dream a reality.
Get Yahoo! Mail www.yahoo.co.uk/10k
---------------------------------------------------------------------------
---------------------------------------------------------------------------
