Security

Tech Tip: Keep company secrets safe with document management

In today's online environment, controlling access and rights to your information through document rights management is essential. Learn how Windows Server 2003 and Microsoft Office 2003 give organizations the ability to control access to documents.

By Mike Mullins

The most important secrets your company has can vanish in the blink of an eye once you share access to a document that contains confidential information. After you've created a document and sent it via e-mail, placed it on a network share, or posted it to an internal Web site, your control of that document ceases to exist.

That means that everyone who has access to the file can print it, save it, or send it to everyone on the Internet. To help protect your organization's classified information, Microsoft has closed this security hole with its Windows Rights Management Service (RMS), included in Windows Server 2003.

Windows Server 2003 and Microsoft Office 2003 give organizations the ability to control access to documents. You can choose which users can view a document and which actions they can take once they have access.

Available for download from Microsoft's Web site and based on digital rights management (DRM) technology, RMS uses digital certificates to identify users and rights. Like most technologies that Microsoft is developing, RMS depends heavily on network connectivity and certificate services through the ASP.NET foundation.

To implement DRM, RMS uses a two-component approach.

  • Windows Rights Management Service, installed on a Windows Server 2003 server, uses ASP.NET and XML metadata for document management.
  • Microsoft Office 2003's Information Rights Management (IRM) component offers the ability to set rights on documents created with several Office applications (Word, Excel, PowerPoint, and Outlook).

In addition, there is also a rights management add-on for Internet Explorer for organizations that don't use Microsoft Office 2003.

You can configure RMS for documents by going to File | Permission in the document. The default for each document is Unrestricted Access. However, selecting Do Not Distribute offers additional protection options, including:

  • Read: Users can read, but they can't change, print, or copy the document.
  • Change: Users can read, edit, and save changes to the document, but they can't print it.

The More Options tab offers the ability to expire the content, allow users to request additional permissions, and allow non-Office 2003 users to read an IRM document using a supported browser.

Final thoughts

In today's online environment, controlling access and rights to your information through document rights management is essential. To protect information even more, consider implementing a usable life cycle for documents, which can further protect access.

While RMS and IRM are an excellent security enhancement to document management by providing a means to control access to documents, they aren't fail-proof. Remember: This technology is only a digital speed bump—and it won't stop a determined employee from stealing your data.

Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.

Editor's Picks