With the introduction of Rights Management Services (RMS) for its ECM Suite, Open Text (news, site) has added another layer of security to information that may be secure in a repository, but once out of the repository risks being sent to, and used by, people or companies that have no business with that information in the first place.
RMS, based on Microsoft’s (news, site) Active Directory Rights Management Service, enables companies to ensure that even those workers that need the information to complete projects they are working on cannot send that information to third parties without the company being made aware that information has changed hands.
The difference between this kind of security and the security most companies use to govern information access in repositories is that with RMS the security elements are assigned to the information itself so even in the event that it leaves the enterprise, it still cannot be accessed by unauthorized users.
Information Rights Everywhere
While there is a certain amount of information misuse that can be attributed to theft, the vast bulk of it is attributable to ‘accidental’ sharing through emails or across social networks as the number of such applications proliferate in enterprises.
The basis of RMS is that information protection remains with the information no matter where it goes. RMS applies user-based access rights to information that has passed beyond the enterprise firewall.
It works by applying different access rules to the information such as “do not email,” or “do not print” and can even prevent workers from downloading that information locally, be that onto a laptop or onto a USB device.
Information that is designated as such is encrypted according to those business rules along with the publishing license, with the encryption applied to the information wherever it goes, even outside the firewalls.
Once a user attempts to open the encrypted information, a message is sent to the rights management server, which will then enable the user open that information depending on permissions assigned to each user.
In the event that someone who is not authorized to open the content contacts the server, the server refuses to decipher the information and informs systems administrators that an unauthorized user has attempted to access the information.
New content or new versions of content can also be uploaded to the server, which will automatically apply the same security criteria that it has applied to the original content.
As a shared service within the ECM suite, RMS can be extended to any application within the suite with the result that it can be applied to any content asset within the suite.
While this applies to any Microsoft Office 2003 and 2007 files, it has also partnered with GigaTrust and Liquid Machines to extend this to computer-aided design (CAD) files, Visio, Adobe PDF and graphic files, as well as to documents accessible from BlackBerry smartphones.
The driving force behind all this is compliance and increasingly stringent federal regulations as to where and who can access certain types of information. With RMS, instead of having to deal with it after the horse (or data in this case) has bolted, enterprises can prevent data leaving in the first place and save costly clean-up operations when regulators coming looking to know who and why?