Over the past few years we’ve seen content management systems (CMS) that focused pretty much exclusively on Web content evolve to meet, sometimes embrace and occasionally supplant traditional document management software.
Today, content management has become big business and is starting to become a true enterprise service. What does an enterprise CMS look like? Apart from all the usual features (workflow, versioning, media libraries and so on), it includes comprehensive user authentication and rights enforcement.
You might be saying, “Surely, what you are proposing, nay, extolling, sounds like digital rights management, which I clearly recollect you dissed only a few weeks ago.”
Indeed, young Jedi, I was somewhat disparaging and did refer to DRM as digital rights restriction.
But the difference lies in the intention. DRM, as desired by the Recording Industry Association of America and the Motion Pictures Association of America, assumes that you can control how users work with content.
This is despite the screamingly obvious fact that without special hardware to make DRM solutions truly robust, any kid with half a clue can make sure the best-laid plans of mice and marketers “gang aft agley” (Scottish for “go really wrong”).
These could be described as the worst laid plans, or plans that even mice would not lay.
DRM as applied in the enterprise is a very different beast. It is primarily another mechanism for control that enables and ensures compliance with laws, such as the Sarbanes-Oxley Act, by creating an audit trail of use and attempted use.
The biggest failures were in, you guessed it, a lack of adequate controls over passwords, a failure to implement auditing and monitoring mechanisms “to detect and track security incidents,” and a lack of user-access controls.
What amazes me is that products are out there and tested in enterprise-scale organizations. There is simply no excuse for not having addressed the problem.
Why is no one being held accountable? Why in the ranks of shrill posturing politicians is there no one willing to go to bat over this? (Then again, even though Sony BMG compromised thousands of government networks with its DRM systems, no heads rolled.)
These organizations and the public don’t seem to care enough to do anything. That is until some kind of IT Pearl Harbor happens to some public institution.
Of course, such an event may have already occurred. If they don’t care enough to fix the problem, would they care enough to ’fess up when their worst laid plans have gang aft agley?
QuickLink: 063737
--Cries of outrage to Gibbsblog or sound off to backspin@gibbs.com.