Check Point Acquires Liquid Machines June 13, 2010

Enterprise rights management (ERM), a/k/a information rights management (IRM), is an offshoot of DRM technology designed to protect company confidential information instead of commercial media content.  With it, sensitive documents can be protected from unauthorized access even when they aren’t housed in content management systems or other repositories inside corporate firewalls.

Although enterprise applications of DRM date back to the late 1990s, the bulk of activity in the ERM market took place in the 2003-2006 timeframe.  At the beginning of that period, Microsoft released its Windows Rights Management Services (Windows RMS) ERM product.  By the end, two of the earliest standalone ERM companies, Authentica and SealedMedia, had been acquired by major content management vendors — EMC (Documentum) and Oracle respectively.  It appeared then that the ultimate destiny of ERM was to be a bullet-point feature of enterprise content management (ECM) systems.

The ERM market began to consolidate after 2006.  I found it difficult to keep up with ERM after that, because companies that adopted ERM technology were loathe to talk about it publicly, and ERM got nowhere near the level of media scrutiny that consumer media DRM gets.

Consolidation left only one standalone high-end ERM vendor in the US market: Liquid Machines. (Fasoo of South Korea is the largest standalone ERM vendor by installed base worldwide, and there are smaller-scale standalone ERM vendors in the US market, such as Vitrium and Confidela.)   Liquid Machines had developed its own ERM technology and subsequently added support for the Microsoft Windows RMS engine.

Those of us who followed this market closely during this period wondered what would happen to Liquid Machines — or more particularly, who would acquire it.  The question boiled down to whether it would be another ECM vendor, such as Open Text or IBM, or possibly an enterprise IT security technology vendor like Symantec or McAfee, both of which had developed partnerships with Liquid Machines.

Four years later, the answer has finally come: the Israeli IT security company Check Point Technologies completed an acquisition of Liquid Machines last week.  Terms of the deal were not disclosed.  Check Point is about half the size of McAfee by revenue, or one-sixth that of Symantec.

Liquid Machines has one major point of differentiation from most other ERM technologies.  Many other ERMs integrate with users’ desktop applications, such as Microsoft Office and Adobe Acrobat, by making use of those applications’ plug-in APIs and essentially taking over their input and output functions so that they can handle encrypted files and check users’ credentials.  Both Authentica and SealedMedia work this way.

Liquid Machines has a different approach, which is known as application rewriting.  In this approach, Liquid Machines examines the executable code of a desktop application like Word, Excel, or Acrobat and determines where input and output is done.  Then it patches the machine code — at runtime — so that it calls the Liquid Machines ERM engine (or the Microsoft RMS engine) instead of the application’s own I/O routine.  If the file is encrypted, the ERM code checks user credentials, decrypts the content, and does the I/O (assuming the credentials check out).

This code examination process needs to be done only once per application; it is not unlike code instrumentation for performance benchmarking.  The great advantage of application rewriting is that it can, at least in theory, be used with any user application, including custom-developed applications.

Liquid Machines’ ERM technology complements Check Point’s.  Check Point started as a pioneer in the firewall space and has added other security technologies over the years, such as full disk encryption, virtual private networking, and data loss prevention (DLP).

The acquisition of ERM technology by a major IT security vendor should help expand the ERM market by increasing awareness of ERM among security professionals.  When I led a market study of ERM in 2008, we found that IT security executives’ familiarity with ERM had grown since a 2005 study but still was not very high.  ERM is fundamentally unlike perimeter security (such as firewalls and DLP) in that it’s not transparent to users.  Check Point should help close that familiarity gap, and in doing so, create opportunities for other ERM technologies.

Symantec had given indications back in 2008 that it was preparing to enter the ERM market.  Check Point’s acquisition may hasten that development.  If that happens, then it will be interesting to see how the functional overlap between ECM and security vendors plays out in the market.