Wednesday, August 4, 2010

Information Rights Management - At your Fingertips with Microsoft

Human beings are by their very nature are inquisitive. There will therefore always be the temptation for a person to open and view information that may not have been intended for that particular person. In addition, the distribution of information using electronic formats provides ample opportunity for quick and easy copying and distribution of information, meaning that organizations need tools that will help them safeguard information and restrict access to it where necessary.

What is Information Rights Management?

Information Rights Management (IRM) is an information protection technology that is an existing feature of Microsoft Office and which works in conjunction with Rights Management Services (RMS) in Microsoft Windows Server.

IRM, along with RMS, gives organizations and users more control over how information distributed within Microsoft Office documents and email messages can be used by recipients. With IRM, the creator or sender of a document or message can specify who can open it and whether those allowed access can make changes to it, print, forward or copy it or perform other actions with the information it contains.

Digital Rights Management vs. Information Rights Management

There is sometimes some perceived overlap between the two, but in a nutshell, Digital Rights Management (DRM) refers to business to consumer products such as music, video and any other forms of rich media. Information Rights Management (IRM) on the other hand refers to business to business information, communications and intellectual property.

How IRM is Used in the Workplace

The IRM component in Microsoft Office applications works in conjunction with an RMS server to restrict specified uses of documents and messages that are created by and opened using those applications.

When IRM is enabled, users can assign access permissions to certain types of files created with Office applications. Permissions can prevent recipients of those files from:

·         Forwarding
·         Copying
·         Modifying
·         Printing
·         Faxing
·         Cutting and pasting content to or from the restricted file
·         Using the Print Screen key to copy the content
When IRM protection is applied, the restricted actions are greyed out as menu options. You can also set an expiration date on IRM-protected content so that it cannot be viewed or used after that date.
IRM protection can be applied to:-

·         Word documents
·         Excel workbooks
·         PowerPoint presentations/templates
·         InfoPath forms
·         Outlook email messages. 

You can apply various restrictions in one document, depending on your needs. IRM permissions can be set on the following bases:

·         Per user
·         Per document
·         Per group (requires Active Directory)
·         Per library (in Microsoft SharePoint Server)
IRM permissions stay with a document when it is sent across the network and when it is saved on the server. To ensure complete peace-of-mind and heightened security, when you apply IRM protection to an email message, attachments to that message that were created with Microsoft Word, Excel or PowerPoint are also automatically IRM-protected.

When Should I use IRM to Protect Data?

IRM can be used to protect data in the following scenarios:

  • You need to provide a user in a part of the organization the ability to view a spreadsheet containing financial information but you want to limit his or her access to the file so that it will be unavailable after two days.
  • You need to send a confidential email message with a sensitive attachment to another internal user but you want to restrict that user from forwarding the message to anyone else or save a copy of the attachment.
  • You need to allow a colleague within the organization to review a report in the form of a Word document that contains sensitive information, but you want to restrict the colleague from making any changes to the document.

Understanding the roles of IRM and RMS

Microsoft’s Rights Management Services provides the foundation on which organizations can build a strategy for protecting documents and email messages created in Microsoft Office from being inadvertently mishandled by recipients.  An RMS server running Microsoft Windows Server serves as a central repository for information used to identify what rights have been granted to particular users and to verify the credentials of those users. Information Rights Management is the component in the RMS-enabled application that enforces those rights
Each time that you attempt to open a document, workbook, or presentation with restricted permission, you must connect to the licensing server to verify your credentials and to download a use license. The use license defines the level of access that you have to a file. This process is required for each file with restricted permission.
RMS uses digital certificates to validate the identities of users. The certificates are issued by the RMS server based on Windows authentication. Rights management protection works at the file level, so that even when the file goes outside the organization or network, the protection is still built into the file itself.


MMC has successfully implemented IRM solutions which has enabled organizations to efficiently secure company sensitive information.

IRM used with Microsoft SharePoint Server or Windows SharePoint Services provides organizations with a central location to more effectively manage and share company information which is also safely secured and protected.

Please contact Anthony Simons of our Business Intelligence Department at MMC if you would like to explore how Information Rights Management could benefit your business. Telephone 021 530 1600 or email

No comments:

Post a Comment