Windows Rights Management Services RMS

1
Windows Rights Management Services (RMS)
Moshe Zrihen CTO, TrustNet
2
Agenda

• The Business Problem
• Windows Rights Management Services
• How RMS address the problem
• Usage Scenarios Regulation (Sox, HIPPA etc)
• How RMS Is Working Demo
• RMS SP2, whats new?
• RMS Integrated With Office 2007, SharePoint,
  Mobile
• Related Information
• QA

3
The Business Problem
4
Information Loss and Liability are a Growing
Concern among Organizations
Enterprises report forwarding of e-mails among
their top three security breaches
Jupiter Research
Organizations that manage patient health
information, social security numbers, and credit
card numbers are being forced by government and
industry regulations to implement minimal levels
of security to address leakage of personal
information.
IDC
Source JupiterMedia,DRM in the Enterpise, May
2004 Source Worldwide Secure Content Management
2005-2009 Forecast The Emergence of Outbound
Content Compliance, March 2005
5
Information Leakage is Broadly Reaching
6
And Is Costly On Multiple Fronts

• Cost of digital leakage per year is measured in
  billions
• Increasing number and complexity of regulations,
  e.g. GLBA, SOX, CA SB 1386
• Non-compliance with regulations or loss of data
  can lead to significant legal fees, fines and/or
  jail time

Legal, Regulatory Financial impacts

• Damage to public image and credibility with
  customers
• Financial impact on company
• Leaked e-mails or memos can be embarrassing

Damage to Image Credibility
Loss of Competitive Advantage

• Disclosure of strategic plans, MA info
  potentially lead to loss of revenue, market
  capitalization
• Loss of research, analytical data, and other
  intellectual capital

7
Traditional solutions protect initial access
Authorized Users
Yes
Information Leakage
No
Access Control List Perimeter
Unauthorized Users
Unauthorized Users
Firewall Perimeter
but not usage
8
Todays policy expression
lacks enforcement tools
9
How RMS Address The Problem?
10
Safeguard Sensitive Information with RMSProtect
e-mail, documents, and Web content
End User Scenarios
11
Usage Scenarios Regulation (Sox, HIPPA etc)
12
How RMS Enables SOX Compliance
13
How RMS enables SOX Compliance
14
How RMS Enables HIPAA Compliance
Government Hospitals must protect patient data
through access controls, user authentication, and
auditing
15
How RMS enables HIPAA Compliance
16
How RMS Enables GLBA, 357 Compliance
17
FDA Compliance
FDA 21 CFR PART 11
DEPARTMENT OF HEALTH AND HUMAN SERVICES Food
and Drug Administration 21 CFR Part 11 Docket
No. 92N-0251------------------------------------
----------------------------------- SUMMARY The
Food and Drug Administration (FDA) is issuing
regulations that provide criteria for acceptance
by FDA, under certain circumstances, of
electronic records, electronic signatures, and
handwritten signatures executed to electronic
records Section 11.10 describes controls for
closed systems, systems to which access is
controlled by persons responsible for the content
of electronic records on that system. These
controls include measures designed to ensure the
integrity of system operations and information
stored in the system. Such measures include (1)
Validation (2) the ability to generate accurate
and complete copies of records (3) archival
protection of records (4) use of
computer-generated, time-stamped audit trails
(5) use of appropriate controls over systems
documentation and (6) a determination that
persons who develop, maintain, or use electronic
records and signature systems have the
education, training, and experience to perform
their assigned tasks. Section 11.10 also
addresses the security of closed systems and
requires that (1) System access be limited to
authorized individuals (2) operational system
checks be used to enforce permitted sequencing of
steps and events as appropriate (3) authority
checks be used to ensure that only authorized
individuals can use the system, electronically
sign a record, access the operation or computer
system input or output device, alter a record, or
perform operations (4) device (e.g., terminal)
checks be used to determine the validity of the
source of data input or operation instruction
and (5) written policies be established and
adhered to holding individuals accountable and
responsible for actions initiated under their
electronic signatures, so as to deter record and
signature falsification. Section 11.30 sets
forth controls for open systems, including the
controls required for closed systems in Sec.
11.10 and additional measures such as document
encryption and use of appropriate digital
signature standards to ensure record
authenticity, integrity, and confidentiality.
Section 11.50 requires signature manifestations
to contain information associated with the
signing of electronic records.
18
How RMS Is Working Demo
19
How does RMS work?

• Author receives a client licensor certificate the
  first time they rights-protect information

SQL Server
Active Directory

• Author defines a set of usage rights and rules
  for their file Application creates a publishing
  license and encrypts the file

RMS Server

• Author distributes file

4
1

• Recipient clicks file to open, the application
  calls to the RMS server which validates the user
  and issues a use license

2
5
3

• Application renders file and enforces rights

Information Author
The Recipient
20
Apply Permissions to New Email
21
(No Transcript)
22
(No Transcript)
23
(No Transcript)
24
(No Transcript)
25
Add userswith Readand Changepermissions
Verify aliases DLs via AD
Add advanced permissions
26
Add/removeadditional users
Set expiration date
Enableprint, copypermissions
Contact forpermissionrequests
Enable viewing viaRMA
27
(No Transcript)
28
(No Transcript)
29
RMS SP2, whats new?
30
SharePoint 2007

• Protected document libraries
• Policy applied at document library level
• Protects document on download
• Document protected to user
• Information searchable on server
• Sticky permissions
• SharePoint rights ?? IRM permissions
• File format specific
• Out-of-the-box support for Word, Excel,
  PowerPoint, InfoPath, and XPS files

31
Office 2007

• Client applications
• Outlook
• Word
• PowerPoint
• Excel
• InfoPath - new
• Server applications
• SharePoint new
• Windows Mobile
• Support Windows Mobile 6

32
Protected doc library
33
(No Transcript)
34
(No Transcript)
35
(No Transcript)
36
(No Transcript)
37
(No Transcript)
38
(No Transcript)
39
(No Transcript)
40
(No Transcript)
41
(No Transcript)
42
(No Transcript)
43
Windows Mobile

• Smartphone and Pocket PC
• Optimizations for Mobile platform
• RMS API part of Mobile SDK
• Pocket Inbox, Word, Excel, and PowerPoint

Y
Y
Y
N
44
RMS Live Demo
45
Related Info
46

• Related Links
• http//www.microsoft.com/windowsserver2003/technol
  ogies/rightsmgmt/default.mspx
• http//www.microsoft.com/windowsserver2003/evaluat
  ion/overview/technologies/rmenterprise.mspx

47

• ???? ??? ?? ??????
• moshe_at_trustnet.co.il