Security

Yahoo demonstrates the double-edged sword of DRM

Content creators like the idea of DRM because it allows them to control who accesses their creations, which they think is a good thing. Yahoo recently demonstrated how DRM can create a headache when it decided to shut down its DRM servers.

Content creators like the idea of DRM because it allows them to control who accesses their creations, which they think is a good thing. Yahoo recently demonstrated how DRM can create a headache when it decided to shut down its DRM servers.

——————————————————————

Digital Rights Management (DRM) is supposed to give content creators control over who accesses their content. All forms of DRM work essentially the same way. Embedded inside of a data file is code that is looking for an authentication key from the client who is trying to open it. If the client doesn't have the key, the file won't open.

Most keys are issued from a central DRM server. Yahoo recently shut down the DRM servers for its music service, which will wind up stranding anyone who bought music from them. Although it naturally raised the ire of customers, it also highlights a problem we have as IT leaders, that is, making sure these systems remain up, running, and reliable so that users can access their DRM data.

More than just music

Most people are familiar with DRM as it relates to music bought online. However, DRM controls are equally useful in regular business. You can use it to protect design documents, planning spreadsheets, and other sensitive data.

It doesn't take much to get up and going with DRM controls. If you're a mostly Micrsoft shop running Windows Server on the back end and Office 2003 or later on the desktop, all it takes is adding support to the platforms and you're ready to go. Microsoft calls it Information Rights Management and includes a module for it in Office 2003 as well as Office 2007. On the server side, all you have to do is configure Rights Management Services in Windows Server 2003 and Windows Server 2008.

The headache of supporting DRM

Although it's pretty easy to get up and going, supporting it on an ongoing basis can become problematic. You must ensure that your users have a reliable connection to the servers at all times. The more DRM becomes more widely used, the more the services become mission critical on the back end.

The controls that limit access to the data come back to bite you as you become controlled by the technology yourself. Adopting DRM locks you in to the solutions you're currently using. You can only hope that the vendor you've chosen will use the same DRM scheme in later versions and doesn't choose to abandon support for it. Otherwise you're stuck with using old technology.

Another problem is that you have to make sure the servers you are using are always accessible. If you have only one rights server on the network and it crashes a lot, then naturally it's pretty much useless. Likewise, if the network it's on is slow and unreliable, then you have problems as well. Rights management services just increase the amount of maintenance and tuning you have to do on a network.

Dealing with end-user problems

Users themselves can create headaches when DRM controls are in place. There's the problem of getting them to use the controls to begin with. Added on to that is the additional support calls you face when users start wondering why they can access a file on one device, but not another.

Finally, be prepared to deal with the backlash you'll face if and when you decide to stop putting DRM controls in place. You'll need to put together a phase-out plan to get the DRM data out of DRM. You'll need to identify all the data and get it converted as well as educate users about what to do with any files that are left. In a worst-case scenario, you'll face something like Yahoo did and have to refund money if you're using DRM to control data accessed by customers.

The bottom line for IT leaders

Content creators and folks concerned with security all love the idea of DRM. As an IT leader, you need to educate them about the implications of deploying DRM in your organization. Be keenly aware yourself about all the work you need to do to support the system plus what you may have to do. And be mindful about the pain you're in for when the DRM systems inevitably get abandoned.

Editor's Picks

Free Newsletters, In your Inbox