Even for businesses that are OK with a proprietary approach to enterprise DRM, it can be tough to sort out the different approaches offered by current suppliers, IDC's Duhl said.
"There's limitations to every one of these vendors," he said. "Whether its company size or viability questions or just the fact it's Microsoft, there are lots of issues that people have to sort through."
Then customers must determine which offering matches their particular business needs. "It's like looking at horses -- if you're going to pull a beer wagon, you want a Clydesdale," Duhl said. "If you're going to run a race, you want a thoroughbred."
Key differentiators include the manner in which an enterprise DRM product links up with other applications. Microsoft intends RMS to be a platform product, Wilson said, linked with the Windows Server operating system and capable of securing everything from memos to information in back-end databases. "Our technology is content- and format-agnostic," she said. "Customers can apply the same template, whether it's a document or a line-of-business application."
For now, however, RMS only works with documents generated by Office 2003, a significant factor for the vast majority of Microsoft customers that take their time in updating to the latest versions of key applications.
Adobe's Policy Server will be limited too, working only with documents based on the company's Portable Document Format (PDF). Adobe executives have said the product builds on several key advantages of the widespread PDF format, including its ability to ensure document fidelity and compatibility with a wide range of operating systems.
"The cross-platform aspect is very important to the clients we talked with," said John Landwehr, group manager for security solutions and strategy at Adobe. "They really want a system that will integrate well into a heterogeneous environment."
But for companies that haven't already adopted PDF and Adobe's accompanying Acrobat products for document distribution, Policy Server is a non-starter, said Gartner's Wagner.
"They have a pretty nice set of tools if you're willing to modify your whole system to be PDF-based," he said. "That's been a limiting factor for DRM all along -- people aren't going to change the way they work just to accommodate a security solution... You want this to be as minimally intrusive on the user as possible."
Talkback
This is not just an issue for HR and IT; it is a Director-level issue. Breach of copyright involves personal director liability as well as corporate liability - it is exactly the same law as if the company is using unlicensed software.
Companies also need to seriously look at the threats posed by applications like P2P and IM – not just at what they can bring into an organisation, but also what they allow out. Preventing the leak of confidential data out of organisations via software means such as email, P2P, IM, or hardware - floppy, CD and now USB memory devices is a major challenge to security and IT management. Securing the enterprise's intellectual property is a strategic management issue, whether you are a major NHS Trust with specific standards to meet, or an SME fighting for business.
Andy Wooles, Managing Director, FutureSoft UK