Take Control of Confidential Content

by Penny Lunt

Continued from [ page 1 ]

Certain abuses can't be stopped. Nothing can prevent dedicated violators from photographing pages on a screen or retyping the words on a screen to some other window. Willful hacking and criminal behavior are hard to catch and eliminate.

"The worst security threat comes from insiders who are supposed to have access to the threatened information," points out Ray Wagner, research director in information security strategies, Gartner, Stamford, CT. But even in this case, DRM systems can help by letting you track the usage of information; even in the case of a breach, you'll have a forensic record.

"Not that organizations want to be seen as monitoring every move their constituents make, but there are cases in which [tracking] is warranted," Wagner says.

Here are some scenarios for which DRM is useful and a look into the products that could meet these specific needs.

Scenario One: Protecting Content For Departments And Short-Term Projects

The challenge: Protecting the confidentiality of business documents on day-to-day basis, allowing only those employees and customers who've been assigned the proper rights to view, copy, print or edit.

Examples: Keeping performance reviews, compensation records and other HR documents from the eyes of unauthorized employees; keeping customer information private; securely sending contracts to colleagues or consulting attorneys; letting salespeople review price lists without competitors being able to see them; keeping the 10Q process secure for Sarbanes-Oxley compliance.

Potential solution: Microsoft's Rights Management Server (RMS).

Later this year, Microsoft will roll out RMS and Information Rights Management for Office 2003. (Microsoft hasn't set a definite release date or price for these products yet.) Both products run on Windows Server 2003; Office 2003 is the first application to take advantage of the RMS server platform, but Microsoft says that other ISVs are writing connectors to RMS as well. The technology is built on the XRML rights management language developed by ContentGuard, Bethesda, MD.

Combining RMS and Information Rights Management for Office 2003, a central administrator or IT manager using templates and authors using a "Permissions" button on their Office toolbar will be able to assign rights to view, edit, print and copy documents. Administrators and authors will also have the option of using a time limit (for example, restricting a summer intern's access to content after September 1). Word, Outlook, Excel and PowerPoint users will be able to see and do only what they have permission for. If a user attempts a function that's unauthorized (it will appear grayed out on their toolbar), they'll be given the opportunity to contact the author of the document by email to ask for revised permissions. The original author will then be able to change or extend privileges.

Information Rights Management for Office 2003 extends to the Outlook email application. Digital rights will be based on Active Directory and email groups and conventions, and they will apply to anybody given a company email address — so summer interns, employees working from home and trusted partners could be added to the email groups and their usage of content managed.

Rights will be enforceable offline, according to Jon Murchinson, program manager in the security business unit at Microsoft, Redmond, WA. "If I receive a contract from you by email, Information Rights Management will go to RMS and look for the license to make sure I have access to the document while my laptop is attached to the network," he explains. "When I'm taking the subway home and I open my laptop, I've already acquired the licenses for these documents, so now I can open them and do whatever's appropriate based on the permissions."

[ BACK | NEXT ]