How do I select a DRM solution for my business?

Digital rights management (DRM) is a method to protect copyrights for digital media. In a world where technology allows us to share and copy various media and files, it is important to prevent or restrict unauthorized modification or distribution.

This is especially important now that the remote workforce has taken over, and documents, media and data are shared remotely.

To select a suitable DRM solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.

Nathaniel Budka, Director of Customer Relations, FileOpen Systems

DRM exists for video, ebooks, subscription and single-copy information products, and control over business workflows. We narrow the scope to Document Rights Management: tools to control access by limiting users/devices, time-period and permissions.

Solutions to this problem vary according to these factors: ease of end-user access, level of security, available exposed services (APIs), data types protected, integration with existing workflows, and, of course, budget.

Try asking these questions:

• What content am I protecting, in what format(s), against what threats?
• What experience do I want to enable, or to prevent: i.e. should the DRM be visible only to unauthorized users or to everyone?
• What end-user environments need to be supported, and can I force end-users to modify their environment to access my content?
• How can I integrate this functionality into my production/distribution workflow?
• Do I want to host the solution or get it from the cloud?
• What is my budget?

Finally, when implementing DRM, it may be necessary to weigh end-user convenience (zero-install in browser) against the degree of control provided (desktop implementations can be more secure). Many systems are designed for just the browser or the desktop, but some DRM solutions can deliver both experiences.

Michael Fiedler, DRMtoday Technical Lead, castLabs

When choosing a DRM solution for your business some of the important things to take into consideration are its scalability, flexibility, and security. It is essential for a DRM solution to accommodate your business’ growth and have resilience mechanisms put into place, whilst maintaining low latency for the best customer experience.

To quickly launch monetized services your DRM solution should offer a simple integration into existing workflows. To save money later on and to ensure future flexibility the solution should be compatible with a variety of players as well as packaging vendors. It should enable many streaming video business models to support your business now and in the future, whether it is SVOD, TVOD, AVOD, or a combination.

While security is hard to quantify, I advise to discuss security details and how your key material is protected with your prospective DRM provider. Features to keep in mind to meet studio requirements and to add security are multi-key, key rotation, limiting concurrent streams, and geo-blocking.

Operating DRM in-house is costly and potentially draining on resources so it is crucial to find a trustworthy partner that best fits your service. The perfect way to check that is by testing a DRM solution with a free trial.

Olga Kornienko, COO, EZDRM

DRM is a technology that helps to enforce the business rules of a video service. Protecting your revenue with DRM is essential, but it absolutely shouldn’t be stressful to accomplish. Consider the following key criteria and make your choice:

Standards compliance: Makes integrations more straightforward and gives an assurance that your video streams play on all essential devices.

Technology support: Any service needs to support the full range of DRM technologies used on devices worldwide.

Cloud integration: Cloud services offer all the benefits of an on-prem solution and none of the limitations. Scale up and down whenever with usage of your services and rely on redundancy that comes with multiple regions and availability zones all over the world.

Partnerships: A broad range of technology partnerships implies a smoother implementation.

Support: A DRM provider should offer more freedom to say, “I want to do this, this, and this” and an education on what can be done, what should be done and how one does it.

Pricing: You only pay for the licenses you use. So, if you offer a great show that goes viral and everybody wants to see it, you only pay for the service required, yet the service scales to meet the need. The costs of DRM are always small relative to the risks of losing control over your media assets.

Elif Levin, Founder, Continux

When trying to find what is actually helpful for my business I would prefer a cloud application.

It would have to be fast, simple to use and easy to understand. Starting from tasks to be assigned to team members ending with documents to be uploaded and archived I would focus on a supplier who guarantees a cloud service. But I would ensure that the cloud service has following minimum technical requirements:

• Hardening of the system.
• Patch management.
• 2-factor authentication.
• End-to-end encryption at least AES256 (standard). Important is that the encryption is terminated at the physical system where the data is being processed and no intermediate system (like a proxy) decrypts the data. Only then we can speak of end-to-end encryption.
• Hard drive encryption storage location.
• Monitoring and logging in accordance with legal requirements.
• High password complexity. What is high regarding password complexity? We think 8 characters are sufficient, but only if in connection with 2-factor authentication.
• Role-based access. This is a basic requirement in a corporate environment, but not necessary for a single user.
• Least privilege principle.

Steve Mathews, CEO, Locklizard

There are several things you should consider:

Cloud vs on-premise: can the system be used offline or is it purely cloud based? If cloud hosted then what happens to your documents and users if you cancel the service?

Browser limitations: DRM systems restricted to viewing protected documents in a browser provide limited security functionality because there is no software installed on the client to enforce controls. You cannot prevent users from using screen grabbing software or printing to file drivers (PDF printers) to create unprotected copies.

Security: how secure is the DRM technology and does it put user’s systems at risk from attack? Some DRM systems let users view protected PDF files in Adobe Acrobat but force users to enable JavaScript (even Adobe don’t recommend this since it is regularly used by hackers to gain access to computers) – where does that leave you from a legal standpoint if a user’s system is attacked? And just because a company says they have multiple certifications, it does not necessarily mean their systems are secure.

Most browser-based systems for example, force you to upload unprotected documents to a cloud server where they could be at risk, and users can share login credentials (and therefore your documents) with others.

Costs: a popular charging model is per user/document but this ensures costs quickly escalate.