Microsoft’s Rights Management Service technologies have been around since the days of Windows 2003 Server. It essentially helps organizations keep their information secure, both inside and outside of the organization, by protecting documents. In this blog post, we analyse the offering and how it differs from the protective monitoring services provided by DataCube.
Windows Rights Management Services (also called Rights Management Services, Active Directory Rights Management Services or RMS) is a form of Information Rights Management used on Microsoft Windows that uses encryption and a form of selective functionality denial for limiting access to documents such as corporate e-mail, Word documents, and web pages, and the operations authorized users can perform on them. Companies can use this technology to encrypt information stored in such document formats, and through policies embedded in the documents, prevent the protected content from being decrypted except by specified people or groups, in certain environments, under certain conditions, and for certain periods of time. Specific operations like printing, copying, editing, forwarding, and deleting can be allowed or disallowed by content authors for individual pieces of content, and RMS administrators can deploy RMS templates that group these rights together into predefined rights that can be applied en masse.
You can watch a short demo here.
To use an analogy, AD RMS attempts to restrict access to data by putting preventive measures in place. You lock your sensitive data and only people who share a key can access your information.
The above approach, although useful to prevent unauthorised access to sensitive information would still leave you open to deliberate attempts of data breach from within the internal organisation. This could be triggered by members who would otherwise have rightful access. This is where Protective Monitoring steps in.
DataCube’s Protective Monitoring
Essentially, a Protective Monitoring solution will provide visibility and an understanding of who is accessing your organisations sensitive data. It provides a framework for treating risks to systems and includes mechanisms for collecting ICT log information and configuring ICT logs in order to provide an audit trail of security relevant events of interest.
Again, using an analogy you can monitor the movement and activities on your sensitive contents as if you have a CCTV camera installed on your office premises. This doesn’t necessarily prevent the information sabotage but let’s all stake holders aware that for the sake of information security all actions are being watched.
As discussed in this Microsoft Rights Management Services Whitepaper, no solution can address every possible aspect of data protection in every possible situation. Depending on your business requirements, it can sometimes be more valuable to know when and where a stolen document is being used, who "leaked" it, and who's got it now, instead of simply attempting to prevent the theft in the first place. Knowing that a recipient misbehaved with a document can be valuable business knowledge, while not knowing that they tried to (and perhaps failed due to RMS) is in some cases less useful.