How does Digital Rights Management (DRM) ensure cloud security?

The good news is that more than two-thirds of customers are said to have given a positive answer. The bad news is that most of what is needed is a private cloud environment (29%), or a mixed environment (21%) of a public cloud and a private cloud.

No one agrees entirely with the elements of a private cloud, but it is generally agreed that a private cloud is a way to provide a cloud-like service, using proprietary hardware that is owned or managed exclusively by the company (or proprietary hardware managed on behalf of the company's entities).

The whole point of the cloud is that it eliminates the need and cost of managing hardware, so the private cloud is not very reasonable at this level. But for companies that end up using pure cloud computing, private clouds may be the first step in the evolution process.

Encryption is one way to eliminate cloud security concerns. For example, if the file is protected with 256-bit AES encryption, it doesn't matter if it ends up in the wrong hands, because without the corresponding key, no one can decrypt the file. But find a system that can use file encryption in a way that is transparent to the user, but I'm afraid it hasn't been achieved yet.

However, there may be a solution that has existed for several years and that is digital Rights Management (DRM).

The reason nobody likes DRM is because it applies to movies, music and games, and it creates a "they are against us": Copyright owners impose unfair restrictions on end users, and there is a lack of trust between the two sides.

But I don't see any problem with a democratic DRM system: in this system, everyone who works for a company automatically drm the document, and the certificate file needs to be installed on any computer or mobile device that requests to open or edit the file. We call this document digital Copyright management (ie ddrm)

Similar mechanisms already exist. For years, Microsoft has been Rights the so-called Copyright Management Service (Management services) into its operating system and office suite. The problem is that this mechanism uses Client server mode to protect files-that is, to open a document, the computer has to log on to the Microsoft server. There is no doubt that Microsoft thinks this is the best way to implement DRM, but cynics would argue that the client server model is a good means to keep people in the company's technology.

A better approach would be a simpler, self-contained system, based on an encrypted certificate file. If your computer has the appropriate certificate, it can open or edit the document. The certificate expires (for example, after a week expires), which means that the client computer regularly needs to "Call home" (Phone house) to update the certificate. But they do not need every access to the file, they must "call home."

The proposed system is not perfect. Because it is possible for hackers to steal certificate files and decrypt documents, it is ideal to generate certificates using specific hardware identifiers, such as the computer's processor serial number, which can make decryption more difficult.

But there is little chance of a perfect cloud security solution in the future. Because of the need to balance ease of use and security, and each side can not have too many shortcomings.

Ideally, this DDRM system works at the file level within the operating system rather than at the application level. That is, there is no need to put the system into the application; It also means that the old application is fully compatible with DDRM. Instead, the operating system handles tasks such as encryption, decryption, and certificate management. Users basically don't have to worry about it.

DDRM should also be an open standard so that anyone can deploy it to any operating system-whether it's a proprietary or open source operating system, whether it's a mobile OS or a desktop operating system. Both Apple and Google are claiming to be fully supportive of open standards, and it's easy to make it into iOS and Android mobile operating systems. Microsoft may be reluctant, but even if Microsoft is not involved, that's okay; only file system drivers are required to deploy DDRM. Files protected with DDRM have an additional file attribute, or may even have a different file name extension such as simple things (for example, use. Docd instead of just. doc to represent the Word document).

Unfortunately, it may be too late for such a system. Assuming that companies like Google take the lead – it may take the industry's giants a great deal of courage to simply outline a system that everyone is satisfied with for a year or two, and then it will take longer to integrate it into the operating system. By then, the mobile operating system will be fully mature, adding ddrm will be a clumsy modification of the operating system. Ideally, the system should have been conceived a few years ago, and it would be a feature of a new group of mobile operating systems.

In addition, I wouldn't be surprised if someone had thought about a system like DDRM and applied for a patent. This can lead to a variety of problems and expenses.

So at the moment, DDRM is certainly still limited to the stages of thinking, but perhaps more attention is warranted.