Intellectual property leakage could well drive organizations to the brink of bankruptcy, and it is the specter of this undesirable eventuality that prompted Chandrashekhar Shetty, co-founder and CTO at leading technical training provider PurpleLeap to explore the information rights management (IRM) market.
PurpleLeap has a hybrid model for its training, comprising lectures multi-cast through VSAT to technical training institutes across India and a hands-on, interactive learning management system (LMS). At the core of PurpleLeap’s business model is its proprietary training material, used to train thousands of students yearly, says Shetty. PurpleLeap’s course design and content exist in various forms, including PPTs, student books, quizzes and PDFs, all representing critical business assets.
The need for rights management
More IRM stories
- Protecting SharePoint 2010 document libraries with IRM
- Examining use of IRM solutions for access control in data extraction
- Seclore takes browser-based IRM route with FileSecure update
- Examining AD RMS and Exchange 2010 IRM's cryptographic modes
- IRM app helps AXA move to automated risk assessment
Launched in 2007, PurpleLeap witnessed rapid growth by 2010. This was the period when the company started shopping for IRM solutions. PurpleLeap’s main requirement from its IRM technology was to secure content hosted on its central Microsoft SharePoint-based repository. PurpleLeap needed an IRM solution that made it easy to regulate permissions and distribution of training collateral across its centers in India. PurpleLeap’s 300-odd employees and trainers across India make up the majority of the users, since students access the content through the LMS and very few protected documents are shared directly with them.
Several solutions were considered, including those in which permissions were managed via hardware or USB dongles. These were ruled out as being too cumbersome to manage and distribute. Solutions from Adobe and Microsoft were also examined, but failed to meet the specified requirements.
The company desired a software-based IRM solution that was easy to manage, that simplified distribution, and was scalable. Ultimately, PurpleLeap chose Seclore’s FileSecure IRM solution as it seemed to best fulfill the project criteria, in addition to providing for offline usage and clientless access, without any distribution restrictions.
During the in-house feasibility study, Microsoft’s IRM solution was considered given its native integration with SharePoint. However, it did not support integration with PurpleLeap’s LMS. Seclore FileSecure IRM already boasted a SharePoint connector and Seclore proposed to develop a solution to integrate the LMS as well. “Going for a major vendor would have been a slow process involving long cycles, post which LMS integration may or may not have happened,” says Shetty. Seclore moved fast in this respect, which helped in the decision-making process, he says.
Implementation of the IRM project was done completely in-house. Seclore worked with PurpleLeap’s IT teams to customize and integrate the FileSecure IRM solution as required. After an initial round of testing at Seclore, there were several rounds of tests in PurpleLeap’s environment.
The second phase was user acceptance testing, to iron out any issues or bugs remaining. After final testing, the IRM implementation went live in July 2011. According to Seclore, developing the LMS connector was the most time-consuming, taking almost six months to complete. Says Devendra Kanitkar, IT head at PurpleLeap, “The IRM implementation itself took much less time than expected and is currently a win-win in terms of hardware and app uptime.”
The project did face snags during implementation, but Shetty says this was expected, given its nature. According to Seclore, these challenges were more process oriented than implementation centric. For instance, PurpleLeap used a hot-file server system for SharePoint. Given that SharePoint only allows one policy per library and no separate policies for sub-folders, PurpleLeap’s file-tree and document flow had to be restructured.
The primary setup takes three core i3-based servers, running the IRM solution policy server (in the DMZ zone), housing Seclore’s permissions database (within LAN) and FileSecure’s Webconnect server (within LAN). The setup is supported by TomCat Apache and SQL 2008, standard edition.
Two low-end boxes were also procured for a DR setup for the IRM. The existing SharePoint server runs Windows 2008 server.
Each subject/course is a separate SharePoint library protected by the IRM. Further, all content development teams and authors involved in work-in-progress content are given separate protected folders. All documents, from creation to decommission, are now protected by the FileSecure IRM system, says Shetty.
Another issue was a snag with PPT Viewer, which is a license-free application from Microsoft. PurpleLeap used this to save on MS Office licensing costs in places where only read access was needed. At the time, Seclore didn’t support PPT Viewer files and this enhancement was developed based on PurpleLeap’s requirement.
As shown in Figure 1, when a file is downloaded from the SharePoint repository, the file inherits the policy attached to the document library. Upon opening, the FileSecure desktop client connects to the IRM policy server, which further connects to the Seclore database server to check if the user has appropriate permissions.
Figure 1. FileSecure’s SharePoint connector
According to Kanitkar, hardware considerations for the project were minimal, and the IRM was configured on entry-level servers (see box). Seclore’s FileSecure IRM does not conflict with existing systems and is managed on a day-to-day basis internally, with L2 and L3 support being provided by Seclore. The IRM is managed by the SharePoint administrator, with the IT team performing backups and routine maintenance.
Shetty avers that the protection provided by the IRM implementation is invaluable, although it is difficult to ascribe an exact ROI figure to the project. He explains that the attrition rate in the training industry in India is very high, and trainers are wont to take proprietary training with them when they leave. Given the competitive marketplace, by preventing leakage of intellectual property, the IRM solution brings immense value to PurpleLeap’s business.
A side benefit of implementing FileSecure IRM has been regulation of document versions in circulation. Administrators can choose to expire outdated versions of training documents by modifying IRM permissions.
There was initial user apprehension with the IRM solution, given IRM’s restrictive nature and the perceived usage hassles, but this has since dissipated. The solution has been very well received by the PurpleLeap board, investors and top management, who all appreciate its value to the business. PurpleLeap has been using the FileSecure IRM system for over a year now, during which time over 5,000 documents have been protected.