LockLizard Technology Brief Sample

Typically, IT uses encryption in order to prevent the unauthorized from having access to information. But encryption has a major weakness when it comes to information protection. When information has only been encrypted, once it is decrypted the authorized user cannot be prevented from doing whatever they like with the information. In fact, it is totally impossible for the sender of encrypted information to prevent its misuse by the authorized recipient, and quite impossible to ever prove piracy by an authorized recipient. So whilst encryption controls are extremely valuable in some situations, they are not the answer to all the questions.

Further, IT uses access controls to try and protect information for which it is the custodian. Access controls only really work inside the enterprise. Once you get outside the enterprise network it is almost impossible to maintain that control. Further, because access controls were invented back in the mainframe era, they are simple, all or nothing limitations – read, write, append, delete, execute. They have none of the granularity of DRM. If you have access, then it is total and unmanaged.

Also, access controls work at the file level rather than the content level, or at the record level in a database. Neither of these fit the requirement of controlling subsequent use and distribution, which is what DRM is all about (even though it is possible to argue that DRM is nothing more than significantly revised and enhanced access controls).