The most important company secrets your company can vanish in the blink of an eye once you share access to a document that contains confidential information.
After you've created a document and sent it via e-mail, placed it on a network share, or posted it to an internal Web site, your control of that document ceases to exist.
That means that everyone who has access to the file can print it, save it, or send it to everyone on the Internet. To help protect your organisation's classified information, Microsoft has closed this security hole with its Windows Rights Management Service (RMS), included in Windows Server 2003.
Windows Server 2003 and Microsoft Office 2003 give organisations the ability to control access to documents. You can choose which users can view a document and which actions they can take once they have access.
Available for download from Microsoft's Web site and based on digital rights management (DRM) technology, RMS uses digital certificates to identify users and rights. Like most technologies that Microsoft is developing, RMS depends heavily on network connectivity and certificate services through the ASP.NET foundation.
To implement DRM, RMS uses a two-component approach.
In addition, there is also a rights management add-on for Internet Explorer for organisations that don't use Microsoft Office 2003.
You can configure RMS for documents by going to File | Permission in the document. The default for each document is Unrestricted Access. However, selecting Do Not Distribute offers additional protection options, including:
The More Options tab offers the ability to expire the content, allow users to request additional permissions, and allow non-Office 2003 users to read an IRM document using a supported browser.
In today's online environment, controlling access and rights to your information through document rights management is essential. To protect information even more, consider implementing a usable life cycle for documents, which can further protect access.
While RMS and IRM are an excellent security enhancement to document management by providing a means to control access to documents, they aren't fail-proof.
Remember: This technology is only a digital speed bump -- and it won't stop a determined employee from stealing your data.
biography
Mike Mullins has served as a database administrator and assistant network administrator for the US Secret Service. He is a Network Security Administrator for the US Defense Information Systems Agency.
TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to firewalls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.
©2004 TechRepublic, Inc.
4%
2%
