What is Rights Management?
Rights management pertains directly to managing permissions for individuals to access specific information. Our two jargon busting acronyms for this area are DRM (Digital Rights Management) and IRM (Information Rights Management). For the purposes of this article we will consider both DRM and IRM one in the same.
Development of this area of technology primarily driven by Copyright. Publishers of books, music and films have in recent years been more and more motivated to try to protect their material, in the face of the proliferation of internet use. The Internet has been it exponentially more possible to share copyrighted materials with the click of a button, and not to just one person, but hundreds of people, even one’s that the sharer has never even met. The need to control who has the right to access, read, modify or even delete information and also become prominent in both government and commercial organisations.
Microsoft AD RMS – Active Directory Rights Management Services
Controlling content is at the heart of fulfilling those requirements, and Microsoft provides an Active Directory integrated service ADRMS, to do exactly that. The basis of the AD RMS service is that each document is automatically encrypted by an RMS client, at the point of creation (the desktop). It is then, by default, protected from unauthorised individuals trying to access it. When created, the creator is able to apply a list of permissions to the document, to specify who have what level of access to read or change it. These permissions are stored in the central AD RMS server, so at the time any other client tries to access the document, the server can be queried to see if the requested access should be permitted. Simple enough?
The Problem With Getting Individuals To Use AD RMS
Oncem we have implemented the back-end infrastructure (which can be a hurdle in itself), we generally find that the average desktop user wants things to be done quickly, simply and in as few steps as possible. They don’t want to have to dig into multiple level dialogue boxes to check boxes, and search for users to apply permissions to. If they have the choice, they simply won’t do this.
RMS Templates help with this. They provide a mechanism to apply a pre-configured list of permissions to documents. This means that by digging through a few menus and selecting the appropriate template we can ensure RMS control are applied. Unfortunately, this still doesn’t go far enough. In certain applications, like Outlook, the RMS templates are currently listed with other default classifications. There is no way to distinguish between which are RMS templates and which ones are not. Also, there’ no way to force the user to select a value from the menu, if they want to ignore it they can. In which case the RMS implementation becomes severely underutilised, and may break elements of an organisations security policy.
Using Labelling To Ensure Adoption Of AD RMS
The Boldon James classification products are used to add labels to emails and documents. These labels are used for many things. They can be used to implement security checks on email recipients, they can be used to raise user awareness and educate them on security policy, they can be used by border guard devices to automatically encrypt emails or block them from leaving an organisation and finally, they can be used to automatically apply an RMS template to a document or email. What this means is that when a user selects a certain label for a document, a corresponding RMS template can automatically applied. The label selection controls are highly visible, easily accessed (simple drop-down selectors) and more importantly can be made mandatory. This gives us the ability to “enforce” RMS use and it’s pretty much transparent to the user.
To save the best until last. There is a FREE version of the Boldon James Classifier product which can do this. You can find the FreeMark Edition of Classifier at www.freemarkinitiative.com. The FreeMark Edition is unsupported so if your selling, implementing or supporting AD RMS the Boldon James Classifier product is a must have. Take some pain out of the process, the simplest approach is usually the most effective.
http://www.boldonjames.com/products/information-classification-products/emailclassifier/