By Mike Mullins
The most important secrets your company has can vanish in the blink of an eye once you share access to a document that contains confidential information. After you've created a document and sent it via e-mail, placed it on a network share, or posted it to an internal Web site, your control of that document ceases to exist.
That means that everyone who has access to the file can print it, save it, or send it to everyone on the Internet. To help protect your organization's classified information, Microsoft has closed this security hole with its Windows Rights Management Service (RMS), included in Windows Server 2003.
Windows Server 2003 and Microsoft Office 2003 give organizations the ability to control access to documents. You can choose which users can view a document and which actions they can take once they have access.
Available for download from Microsoft's Web site and based on digital rights management (DRM) technology, RMS uses digital certificates to identify users and rights. Like most technologies that Microsoft is developing, RMS depends heavily on network connectivity and certificate services through the ASP.NET foundation.
To implement DRM, RMS uses a two-component approach.
In addition, there is also a rights management add-on for Internet Explorer for organizations that don't use Microsoft Office 2003.
You can configure RMS for documents by going to File | Permission in the document. The default for each document is Unrestricted Access. However, selecting Do Not Distribute offers additional protection options, including:
The More Options tab offers the ability to expire the content, allow users to request additional permissions, and allow non-Office 2003 users to read an IRM document using a supported browser.
In today's online environment, controlling access and rights to your information through document rights management is essential. To protect information even more, consider implementing a usable life cycle for documents, which can further protect access.
While RMS and IRM are an excellent security enhancement to document management by providing a means to control access to documents, they aren't fail-proof. Remember: This technology is only a digital speed bump—and it won't stop a determined employee from stealing your data.
Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.