Storage vendor EMC is pushing a year-old CEO directive of applying embedded security within products, in particular using the Documentum line of products to promote policy-based document or information security under the Information Rights Management (IRM) banner.
This week EMC released the Documentum IRM (previously an Authentica product which EMC acquired in March 2006) specifically designed towards enabling application vendors to embed Documentum into software. Documentum OEM Edition will begin shipping in December.
The software is designed to audit document use and determine, based on policy, a users' level of access to a document. Microsoft last month announced the Documentum content management software will integrate with Office 2007 and SharePoint Server 2007.
Jordan Reizes, EMC Australia and New Zealand marketing director, said the company began pushing the "information-centric security" approach from a CEO directive 12 months ago outlining 39 business requirements towards integrating security into products.
Paul Ricketts, ex Documentum Asia Pacific principal architect and now EMC software division managing consultant, said the IRM approach taken by EMC in the Documentum line makes the assumption all content held behind traditional perimeter security is static with a differing value.
Ricketts said IRM works by applying defined policy to content as the "information value" changes and can also enforce policy-based rules on sending attachments outside the organization.
"If content moves inside an organization from a business process perspective, either as part of its lifecycle or distribution, the information jumps in and out of perimeter boundaries and if you assume bad guys are already inside the organization, even consider C-level employees with access to information but no commonsense," Ricketts said.
"IRM applies enforcement to the applied attachments which means when someone sends an e-mail out with an attachment there is a default policy assigned to the attachment. What this means is, from an organization perspective, is the rights people have to the attachments they send out can be changed and updated - and it also means someone can track and audit what happens to that attachment.
"That is what IRM is about and how it differs from core perimeter-based security to impacting content in context, rather than protecting content from a perimeter perspective."