A Seclore Whitepaper

An Evaluation Checklist for

Enterprise Digital Rights Management
(EDRM) Solutions
A comprehensive checklist for choosing the right EDRM solution
An Evaluation Checklist for Enterprise Digital Rights Management (EDRM) Solutions

Enterprise Digital Rights Management (EDRM)1 is a technology that need to outsource and collaborate with third parties and temporary
controls the access and usage of information in stand-alone files partners is also giving rise to new business demands - particularly
and emails (known as ‘unstructured’ information). in the area of user experience.

EDRM solutions have been available in one form or another for If you are considering EDRM technology for your enterprise, this
more than a decade. However, new technology trends such as white paper would help you fully consider and evaluate the latest
Cloud Computing and mobile device usage are raising expectations capabilities available in the current generation of EDRM products.
and pushing the boundaries of EDRM capabilities. The increased

Capabilities Vendor 1 Vendor 2

Breadth and Depth of Usage Controls

Ability to restrict file access and usage to specific users and / or user groups

Ability to restrict editing of files

Ability to restrict printing of files

Ability to restrict copying content from a file to an external location

Ability to restrict file access to a specific computer

Ability to restrict file access to a specific mobile device

Ability to restrict file access on any mobile device

Support for watermarked viewing of files2

Support for watermarked printing of files2

Ability to restrict screen grabbing via the Prnt Scrn key

Ability to restrict screen grabbing via third-party screen capturing

tools (e.g. SnagIt, Camtasia)

Ability to restrict screen sharing via conferencing tools

(e.g. Webex, GotoMeeting etc.)

Ability to restrict file access via remote connections (e.g.

Windows RDP)

Ability to restrict file access on virtual environments (e.g.

VDI, Citrix environments, virtual machines)

Ability to restrict file access and usage based on date and time

Ability to restrict file access and usage based on time period (no. of days)

1
Also known as Information Rights Management (IRM) | 2
Also see ‘Watermarking Capabilities’ section
 An Evaluation Checklist for Enterprise Digital Rights Management (EDRM) Solutions

Capabilities Vendor 1 Vendor 2

Breadth and Depth of Usage Controls (continued)

Ability to expire all copies of a file remotely at any time

Ability to protect files with built-in automatic expiration date

Ability to restrict file access while offline

Ability to allow file access while offline

Ability to restrict offline file access and usage to a specified

time period (e.g. until 5 days, after which the user must go
online and authenticate at least once)

Ability to restrict file access to a particular IP address or a range of

IP addresses

User-Driven File Protection

Ability to protect one or multiple files simultaneously

Ability to Right Click on a file and enable protection

Ability to have differential rights for individual user or user

groups for the same file

Ability to protect email body and attachments while sending emails

Automatic File Protection

Ability to monitor and automatically protect files in a network-monitored

folder location

Ability for a child folder to inherit permissions from the parent folder

Ability for a child folder to have different permissions than the parent
folder

Ability to automatically protect email body and attachments (from the

server side) without any user intervention

Ability to automatically protect files on download from an ECM or ERP

system (integration)
An Evaluation Checklist for Enterprise Digital Rights Management (EDRM) Solutions

Capabilities Vendor 1 Vendor 2

Automatic File Protection (continued)

Ability to automatically protect files based on discovery being by a

content / context aware system like DLP, Classification, Discovery or
CASB systems (integration required)

Ability to automatically protect a file based on the classification

selected by the user

Email Security

Ability to act as a Mail Transfer Agent (MTA) and protect incoming

emails automatically without any user intervention

Ability to provide for in-use Protection for emails and attachments

Ability for automatic rule-based protection of emails and

attachments based on dynamic criterion e.g. sender, receiver, subject
line, X-header tags

Ability for automatic protection of emails generated by enterprise

applications

Ability for automatic protection of emails based on X-header

fields tagged by DLP systems

Ability for automatic protection of emails based on X-header

fields tagged by Discovery and Classification systems

Support for classifying emails and attachments from Outlook

Support for classifying emails and attachments from

Outlook for the web or Outlook Web Access (OWA)

Ability to view and reply to protected emails from the

browser – without an email client (e.g. Outlook)

Ability to view and reply to protected emails (body and

attachments) on mobile devices (iOS and Android)

Tracking Emails: Ability to track protected emails from

Outlook itself

Revoking Email Access Remotely: Ability to revoke access to

protected emails from Outlook itself

Co-existence with Email Archival tools: Ability to un-protect

emails before they are archived
 An Evaluation Checklist for Enterprise Digital Rights Management (EDRM) Solutions

Capabilities Vendor 1 Vendor 2

Access Methods (Desktop, Mobile, Agentless)

Ability to access to a file without installing any software

Ability to edit a file online in the browser

Ability to access to a file on any Operating System or Platform –

via a browser

Ability to access to a file while offline

Support for watermarked viewing on mobile devices ( iOS and Android)

Support for editing supported formats on mobile devices (iOS and Android)

Availability of native client for Mac for accessing protected files

Availability of native client for Windows that can be installed without

administrative privileges

Ability to access and protect files of all supported formats by installing

a single agent

Ability to automatically and seamlessly on-board users to

access protected files

Ability to access a file with a temporary One-time Password

(OTP) without creating an account

Watermarking Capabilities

Ability to enforce watermarked viewing of protected files

Ability to enforce watermarked printing of protected files

Ability to enforce watermarked viewing of protected files

in the browser

Ability to change watermark content

Ability to customize the font and color of watermark content

Ability to display dynamic watermark content: date and time of file

access

Ability to display dynamic watermark content: username of the user

accessing the file

Ability to display dynamic watermark content: classification of the

file
An Evaluation Checklist for Enterprise Digital Rights Management (EDRM) Solutions

Capabilities Vendor 1 Vendor 2

Watermarking Capabilities (continued)

Ability to display a mixture of static and dynamic content in the watermark

Ability to display a watermark for file access on mobile devices (iOS

and Android)

Ability to fetch the file watermark from integrated 3rd party applications

File Format, Application, and Operating System Support

Support for Microsoft Office files: doc, docx, xls, xlsx, ppt, pptx

Support for Microsoft Office macro files: docm, pptm, xlsm

Support for PDF files

Support for txt and other ASCII-based files

Support for OpenOffice formats: odt, ods, odp, odf, odg

Support for image files: jpg, jpeg, bmp, png, gif, tiff

Ability to provide identity–based encryption and time-based

and location-based controls for any file format

Support for all major Microsoft Office versions: 2010, 2013, 2016

Support for all major OpenOffice versions: 4.x

Support for major Adobe Reader versions: XI, DC

Support for major LibreOffice versions: 6.x

Support for Microsoft Outlook for email protection

Support for Outlook on the web for email protection

Support for protecting the email body as well as the attachments

Support for all major Windows versions: 7, 8, 8.1, 10

Support for protecting files on Mac OS

Support for accessing protected Microsoft Office files on Mac OS in a

native application (Microsoft Office)
 An Evaluation Checklist for Enterprise Digital Rights Management (EDRM) Solutions

Capabilities Vendor 1 Vendor 2

File Format, Application, and Operating System Support (Continued)

Support for iOS devices via native apps

Support for Android devices via native apps

Information-Centric Audits and Activity Logging

Ability to provide a web-based audit trail and dashboard for all

activities performed on all files by all users

Ability to provide real-time auditing

Ability to send instant email alerts to file owners for unauthorized

file activities

Ability to send a daily digest to file owners summarizing all the day’s
file activities

Ability to restrict access to audit logs based on administrative

access (e.g. allowed to view only the audit logs of their group/OU)

Ability to filter activity logs based on specific criteria

Ability to export activity logs for monitoring purposes, so that

information can be tracked wherever it goes, not just within the
organization

Ability for File Owners to track usage of their protected documents

Ability to log unauthorized attempts to access and use a file

Ability to log file activities while offline

Ability to log forensic audit details (machine name, IP address, file

path etc.)

Ability to export audit logs to other reporting and log correlation

tools (e.g. BI, SIEM etc.)

Ability to log access to audit logs for administrators and power users

Ability to log administrative activities (e.g. policy creation)

Ability to provide unified view of major risk and usage parameters

An Evaluation Checklist for Enterprise Digital Rights Management (EDRM) Solutions

Capabilities Vendor 1 Vendor 2

Information-Centric Audits and Activity Logging (Continued)

Ability to monitor file usage and license utilization

Ability to provide trend analysis on various parameters

Ability to provide overall system health and utilization/adoption

analytics

Ease of Administration

Ability to automatically assign a protector license to any user who

attempts to protect a file

Ability to register new users automatically while protecting a file, to

eliminate the burden of manual user on-boarding

Ability to revoke and modify access to files dynamically – even after

file distribution

Ability to create power users (business users) for managing groups/

OUs and performing administrative tasks, such as creating policies,
assigning licenses etc.

Ability to control the creation and usage of protection policies

Ability to transfer the ownership of one or multiple files to another user

Ability to revoke access to one user on multiple protected files

simultaneously to facilitate user off-boarding

Ability to replicate all permissions of one user to another user on

multiple protected files simultaneously

Ability to transfer all permissions of one user to another user on

multiple files simultaneously - to facilitate user off-boarding and
on-boarding

Ability to allow anyone to request access to a file directly from the

file owner – with no IT support needed

Ability to register new users automatically (and give them file

access) if the file owner grants their request
 An Evaluation Checklist for Enterprise Digital Rights Management (EDRM) Solutions

Capabilities Vendor 1 Vendor 2

Federation

Ability to directly inherit (federate) access policies and user

permissions from an integrated application in real-time - every time
the file is accessed

Ability to directly inherit (federate) the information owner from an

integrated application in real-time - every time the file is accessed

Ability to directly inherit (federate) watermark content from an

integrated application in real-time - every time the file is accessed

Ability to directly inherit (federate) file classification from an

integrated application in real-time - every time the file is accessed

Ability to directly inherit (federate) user identities from an integrated

application in real-time - every time the file is accessed

User Authentication and Integration with IAM and Identity Federation Systems

Ability to authenticate users via the Windows Active Directory

Ability to authenticate users via other IAM systems

Ability to authenticate users via identity brokers and SAML-based

identity stores

Ability to provide Single sign-on (SSO) capabilities with the Windows

Active Directory

Ability to authenticate users from multiple IAM systems through a

single server

Support for multi-factor authentication

Automatic deletion and addition of users based on corresponding

changes in identity stores

Ability to provide a built-in Identity Management

system for external user creation and management

Ability to authenticate using Google login credentials (Single sign-on

or SSO)
An Evaluation Checklist for Enterprise Digital Rights Management (EDRM) Solutions

Capabilities Vendor 1 Vendor 2

Integration with Enterprise Applications (ECM, ERP, DLP, MDM etc.)

Ability to integrate with ECM systems and protect files upon download

Availability of ready, plug-and-play connectors for leading ECM

solutions, such as IBM FileNet and Microsoft SharePoint

Availability of Online viewer / editor which can be embedded in 3rd

party applications

Support for full content search even for protected files uploaded into
a ‘protected’ folder/library in an ECM/DMS system, thus ensuring
that security doesn’t interfere with the normal user experience

Ability to integrate with ERP and transactional systems

Ability to integrate with DLP systems for automatic file protection

based on discovery at end points or the network layer

Availability of ready, plug-and-play connectors for leading DLP

solutions, such as Symantec DLP, Forcepoint DLP, Digital Guardian
DLP and McAfee DLP

Ability to integrate with EMM and MDM systems such as BlackBerry,

AirWatch, MobileIron etc.

Ability for DLP to scan contents of a protected file

APIs and SDKs for Application Integration

Availability of SDKs in Java

Availability SDKs in C/Win32

Availability of SDKs in .NET

Ready Connectors for Enterprise Applications

Availability of a connector for Microsoft Active Directory

Availability of a connector for Microsoft SharePoint

Availability of a connector for IBM Content Navigator

Availability of a connector for Symantec DLP to protect discovered

confidential content

Availability of a connector for McAfee DLP to protect discovered

confidential content
 An Evaluation Checklist for Enterprise Digital Rights Management (EDRM) Solutions

Capabilities Vendor 1 Vendor 2

Ready Connectors for Enterprise Applications (Continued)

Availability of a connector for Forcepoint DLP to

protect discovered confidential content

Availability of a connector for GTB DLP to protect

discovered confidential content

Availability of a connector for CA Single Sign-on to

authenticate users via Single Sign-on

General Security and Key Management

Ability to keep keys and content separate at all times

Ability to encrypt and decrypt files at their original location

without sending them to the server

Support for secure communication protocols (HTTPS) for

client-server communication

Support for segregation of duties and powers amongst

administrators, power users, and end users

Ability to plug custom encryption algorithms to protect files

Ability to integrate with a Hardware Security Module (HSM)

i.e. use keys generated by the HSM for encryption

Availability interfaces to enable content scanning of

protected documents

Ability to allow copying of data to another file based on the

permissions the user possesses on the destination file

Ability to ensure that the output of the ‘Save as PDF’ option

is a protected copy

Ability to allow saving a file in PDF format without requiring

Full Control permission

Ability to discard the available offline permissions of the

user – and use the newly fetched online permissions, if any
– once the user opens the file while online

Ability to restrict copying of content via cell referencing

(within Excel)
 An Evaluation Checklist for Enterprise Digital Rights Management (EDRM) Solutions

Capabilities Vendor 1 Vendor 2

Deployment and Architecture

Support for a load-balanced environment

Support for High Availability (HA)

Support of Disaster Recovery (DR) and failover processes

Support for seamless migration from on-premise to cloud-based deployment

Support for common databases such as Oracle and Microsoft SQL

Server Hosting

Availability as a hosted service on the cloud or deploy on premise

Support for cloud-based system on a private cloud

Support for seamless migration from cloud-hosted to on-premise

deployment

Maintenance and Support

Segregated administrative functions and tasks

Availability of a web-based administrative interface

Support for automated patching of apps using app stores

Basic, in-app troubleshooting capabilities that can be easily

run by end users themselves

Support for automatic and silent client upgrades

Availability of 24x7, SLA-bound support

Availability of installation report detailing agent installations

throughout the organization
About Seclore
Seclore offers the market’s first fully browser-based data-centric security solution, which enables organizations to control the usage of
files wherever they go, both within and outside of the organization’s boundaries. The ability to remotely enforce and audit who can view,
edit, copy, screen share, and redistribute files empowers organizations to embrace mobility, file-sharing, and external collaboration with
confidence. With over 6000 companies in 29 countries using Seclore to protect 10 petabytes of data, Seclore is helping organizations
achieve their data security, governance, and compliance objectives.

Learn how easy it now is to keep your most sensitive data safe, and compliant.
Contact us at: info@seclore.com or CALL 1-844-4-SECLORE.

USA – West Coast India Singapore Europe UAE Saudi Arabia

691 S. Milpitas Excom House Second Floor Seclore Asia Pte. Ltd. Seclore GmbH Seclore Technologies FZ-LLC 5th Floor, Altamyoz Tower
Blvd.#217 Plot No. 7 & 8 AXA Tower, 8 Shenton Marie-Curie-Straße 8 Executive Office 14, DIC Olaya Street
Milpitas CA 95035 Off. Saki Vihar Road Way D-79539 Lörrach Building 1 FirstSteps@DIC P.O. Box. 8374
1-844-473-2567 Sakinaka, Mumbai Level 34-01 Germany Dubai Internet City, PO Box Riyadh 11482
400 072 Singapore – 068811 +49 7621 5500 350 73030, Dubai, UAE +966-11-212-1346
USA – East Coast +91 22 6130 4200 +65 8292 1930 +9714-440-1348 +966-504-339-765
420 Lexington Avenue +91 22 6143 4800 +65 9180 2700 +97150-909-5650
Suite 300, +97155-792-3262
Graybar Building Gurugram
New York City +91 124 475 0600
NY 10170

© 2019 Seclore, Inc. All Rights Reserved.