This entry is about Web Content Management (WCM) content security (potentially delivered through a Portal) and does not refer to Digital Rights Management (DRM), although I can see this discussion being extended to discuss DRM as well.

When you talk about securing content in WCM world, it could fall under two main categories, content security and content personalization. It could be surprising to see personalization being talked under the security, but some people still blur the difference between two. Here is my definition to differentiate the two; security, when you should not have access to content if it is not meant for your consumption, personalization, when you don’t see the content on your landing pages, but you can access it through some other means.

Any WCM/Portal application designed to provide this feature has to deal with performance of application, as each user is accessing the pages with different combination of security (groups , roles or profile attributes) resulting in different queries to generate the page Vs. each user accessing the same page generated through one query. If the combination of security attributes is small, overall number of queries for all pages would remain in vicinity of non-secured content pages. But, when you talk about thousands (or millions) of end-users hitting the site resulting in millions of page-views, you would have to think about how much hardware you are ready to use for your site that deliver content security and/or personalization. More combinations you use, chances are high you would end-up using more hardware.

Most WCM/Portal solutions have some kind of caching mechanism to reduce the impact on back-end, but they work efficiently when overall cache-hit is high (cache-hit: same page is accessed by multiple users, so only first user hit would create an impact on back-end, rest access would result in serving the content from the cache). In case of content security and/or personalization, these cache hits are reduced, creating an impact on your back-end systems.

In the end, it boils to down to balancing the two, how much functionality you would provide to end user for content security/personalization Vs. how much you would like to spend for delivering that content through your infrastructure. It is not an easy decision, as we move towards more personalized web, every consumer of your site is expecting this feature, at the same time, the relentless cycle of extracting more out of less puts high pressure on delivering this functionality with limited infrastructure.

If you are in a similar position, you could try to limit the scope of personalization/security to certain pages (you would have to analyze overall use-cases to come up with recommendations) or use an intelligent caching solution (either part of WCM/Portal, or built on top of it). This functionality will make more impact on your infrastructure than non-personalized content, although you can limit the impact through judicious business requirements and/or technical design.