Rights Management Systems Versus "Simple" Data Encryption
Here is a question that was raised in a discussion forum, along with my response to it. I figured it is interesting enough to post it here.
Question:
Why not just deploy a Enterprise Right Management solution instead of using various encryption tools to prevent data leaks?
Answer:
The “encryption tools” function according to simple, well understood, and more-or-less enforceable security models. Their assumptions are well understood and, most importantly, match the environments they run on. They solve a simple problem, and solve it effectively.
Rights management solutions have complex security models, and run in environments that do not always satisfy the assumptions. They aim at providing complex functionality, but they often (always?) fail to deliver due to their over-complexity and unrealistic assumptions.
If your security needs can be met by the simple functional model of the “encryption tools”, then you will prefer to enjoy the assurance and thereasonable robustness they provide, which is the most desirable feature after all.
Comments
Display comments as Linear | Threaded