Rights Management Services
One of the key components in Microsoft’s IDA stack is Rights Management Services a.k.a RMS.
RMS offers protection to the information / data in terms of who can access it, what access etc. RMS should not be mixed with Access Management Solutions.
Access Management solutions, that I described in my earlier posts, performs Access Control / Authorization decision on Enterprise level to the various Enterprise applications. That means, you would be displayed the portal which has list of applications that you as an individual are “Entitled” to access based on your “Job Function a.k.a Role”. Access Management solution would control the access to these applications.
However, RMS move few steps forward. After all, what is that you are using application for? Accessing or viewing data? Updating / Modifying data?
RMS protects this data in a way and sets permission for users to access.
What is Rights Management??
RMS is information protection technology that helps safeguard digital information from unauthorized use–in an online and offline environment, inside and outside of the firewall i.e. within your organization and outside your organization's network boundary.
RMS can define as to how a recipient can use the information, such as who can open, modify, print, forward, and/or take other actions with the information. If you have not provided permission to the recipient, he/she would not be able to open the document or mail or file. RMS can be applied to documents, mails, HTML and with solution framework – to various kinds of file formats and applications. The Application needs to be RMS aware. in case of home-grown application, RMS provides SDK to integrate or make them in RMS aware.
Using RMS, organizations can create custom usage rights templates such as “Confidential - Read Only” that can be applied directly to information such as financial reports, product specifications, customer data, and e-mail messages. For example, RMS can help protect information in a wide range of situations, including the following:
· Intranet content. A manager within a large multinational pharmaceuticals company has been granted access to the online sales system. She navigates to the year-over-year sales information on the enterprise information portal, and the information is displayed on-screen within her RMS-enabled browser. Because the information is sensitive, specific usage restrictions have been applied to the report she sees. The manager gets the information she needs, conveniently, but because she does not have rights to print, copy, or paste the information on screen, the company’s sensitive sales data is better protected from inadvertent or deliberate sharing with an unauthorized individual.
· E-mail communications. A CEO needs to send an e-mail message that contains confidential information about an upcoming reorganization to his executive staff. In his RMS-enabled e-mail application, he selects a template to specify that recipients can only read the e-mail message, and that they cannot copy, paste, edit, or forward the information. The recipients receive the e-mail message and view it in an RMS-enabled e-mail application or browser, which transparently enforces the permissions. The CEO has a new level of confidence that this sensitive information will not be shared beyond his executive staff.
· Documents. Using a simple on-screen toolbar button or menu prompt built into her RMS-enabled word processor, a research manager at a manufacturing company rights-protects a new product research report to allow selected members of the product development team to preview and comment on the information for exactly one week. She sends the rights-protected document to multiple people via e-mail. When each person opens the document, their RMS-enabled word processor or browser enforces the rights assigned to the document, including the time-based conditions; after a week, the rights expire and these individuals can no longer open the document. The research manager then rights-protects and distributes the final version as company confidential read-only to the entire product development team. The research manager feels confident that the product development team only has access to the final information and that it is protected from unauthorized individuals, such as a competitor, viewing this information.
Above just some of the examples.
The protection offered by RMS is persistent i.e. even if the information is archived or leaked via some media, the rights protection is always enforced. This feature helps organizations in preventing sensitive information from falling in to wrong hands either intentionally or accidently.
Why RMS?
Loss of information has always being a trouble for Organizations. Hence we had Information Security to secure it.
With the economic downturn, the problem has got aggravated. Disgruntled employee pass on sensitive information like customer data (in case of Finance & Banking industries), Engineering drawings and designs in case Manufacturing Industry, Source code or Customer data in case IT or ITES, Medical formulae's or patient information in case of Pharma & Healthcare etc. This loss of data not only impacts the organizations in Monetary or Financial aspects but also competitive edge, loss of reputation and other intangible damages….
Furthermore, the regulatory bodies & auditors have started questioning the basis of Information security and demand protection of information.
Obviously, Solution like RMS is required to protect the information from unauthorized access and protect the interests of the organizations and Industries.
In my next post, I am going to talk more on the technology and how it works.