Strategic value and drivers behind organizational adoption of enterprise DRM: The korean case

  • PDF / 704,337 Bytes
  • 26 Pages / 595 x 791 pts Page_size
  • 82 Downloads / 182 Views

DOWNLOAD

REPORT


Strategic Value and Drivers Behind Organizational Adoption of Enterprise DRM: The Korean Case

Jean-Henry Morin, Anat Hovav

Received: 13 March 2012 / Accepted: 8 June 2012 / Published: 30 June, 2012 © The Society of Service Science and Springer 2012

ABSTRACT In the context of now prevalent Extended Virtual Enterprises and our information and knowledge based economies, Enterprise DRM (EDRM) has become an important technical means to address many security issues ranging from simple persistent content protection to more complex dynamic governed usage pattern monitoring. Information is a strategic resource requiring prudent management. Therefore, a better understanding of the strategic value and major drivers behind organizational adoption of EDRM is needed. This paper presents a case study carried out with three large Korean companies. While our initial assumptions led us to hypothesize that compliance management and regulatory frameworks would rank the highest among the drivers for organizational adoption of EDRM, our study found that Knowledge Management (KM) appears to be a leading driver. We also identified Inter-Organizational structure as an increasingly prevalent factor in the adoption of EDRM. KEYWORDS Enterprise DRM, Information Security, Adoption of Technology, Extended Virtual Organization, Case Study. Jean-Henry Morin Faculty of Economic and Social Sciences, HEC Genve, University of Geneva, Switzerland e-mail: [email protected] Anat Hovav, PhD ( ) Department of MIS Korea University Business School E-mail: [email protected]

144 Jean-Henry Morin, Anat Hovav

1. INTRODUCTION E As companies continue to progress towards a networked and globalized economy with business processes spanning organizational boundaries, they are increasingly exposing their corporate information assets to prying eyes and potential external and internal misuse of those assets. Corporate scandals and the need for regulatory compliance have fueled a growing interest in operational risk management in the context of what is now known as GRC (Governance, Risk and Compliance) (Tarantino 2008). It is in this context that Enterprise Digital Rights Management (EDRM) emerged as a technical means to address many of the current and future security requirements beyond the traditional access control and perimeter based security solutions (for a discussion regarding the limitations and challenges of traditional identity management techniques see Hovav and Berger 2009). EDRM refers to the use of Digital Rights Management (DRM) technology in the Enterprise sector. DRM technology is often used to manage digital assets and define the rules governing their use in a persistently protected way. For detailed introduction and description, see Morin and Pawlak (2007). While traditional adoption of technology literature stresses the operational, economic or strategic benefits of the adopted technology, investments in Information Security (InfoSec) are driven by risk reduction (Gordon and Loeb 2002). Assessing security return on investment (ROIS) is