Tuesday, June 26, 2007
What Can Information Security Learn From Digital Rights Management
Recently, Mircosoft decided not to remove virtualization restrictions from its Vista operating system. According to this article, the probable reason for Microsoft's decision is that Vista's virtualization features have the practical effect of incapacitating Vista's Digital Rights Management (DRM) features. Given that the fundamental purpose of DRM technology - controlling reproduction and use of information - is the same as the fundamental purpose of most information security policies, Microsoft's decision to simply restrict access to a desirable product feature could mean that some technologies, such as virtualization, are simply incompatible with information control. The lesson for businesses seeking to avoid security breaches? The threat from some technologies (e.g., portable mass storage devices) might be so great that they should be kept out of corporate networks all together. Otherwise, until an effective technical solution is found (and Microsoft apparently hasn't been able to develop one yet), some things are just an invitation for trouble.