Lack of interest
But businesses like CaseCentral are still a tiny minority. Outside heavily regulated sectors such as banking, which have already developed industry-specific approaches to document security, there's been little visible interest to date in enterprise DRM.
Reasons include the relative immaturity of the market. Microsoft's product has been available for only four months, and Adobe won't introduce its Policy Server until late this year. That leaves a handful of specialists, led by Liquid Machines, Sealed Media and Authentica.
Even for businesses that do start to think about document security, their huge collections of content, often stored on individual hard drives, can make it tough to develop a comprehensive approach to enterprise DRM, said Joshua Duhl, an analyst for research firm IDC.
"People don't want to admit there's a content problem," he said. "And if they do, people have to have a sense of what's worth securing and what isn't, which can be very difficult to sort out."
The scope of material an enterprise DRM system secures can also make companies reluctant to commit to a software maker. Microsoft's entry into the field sparked fears the company could use secure document format to lock out competing productivity products and other applications.
"I've heard some concerns that (RMS) would make it a requirement to upgrade applications, that you could lock down formats in some way so third-party applications wouldn't be able to open and view them," said Ray Wagner, an analyst for research firm Gartner.
Such concerns have many businesses waiting for a more open approach to enterprise DRM. Lundstrom doesn't expect the field to take off until there are open standards for encryption and other security components.
"DRM could be one of the first big open-source wins" for enterprise applications, he said. "Customers would really see value in open, standards-based robust encryption... When you get into security and encryption as an intellectual discipline, the people driving that forward are completely focused on open source and peer review."
Talkback
This is not just an issue for HR and IT; it is a Director-level issue. Breach of copyright involves personal director liability as well as corporate liability - it is exactly the same law as if the company is using unlicensed software.
Companies also need to seriously look at the threats posed by applications like P2P and IM – not just at what they can bring into an organisation, but also what they allow out. Preventing the leak of confidential data out of organisations via software means such as email, P2P, IM, or hardware - floppy, CD and now USB memory devices is a major challenge to security and IT management. Securing the enterprise's intellectual property is a strategic management issue, whether you are a major NHS Trust with specific standards to meet, or an SME fighting for business.
Andy Wooles, Managing Director, FutureSoft UK