Information Rights Management and External Sharing Policies
IRM protects files from unauthorized access, editing, copying and deletion. Use Azure Rights Management for Office 365 and apply rules to documents.
Technology and innovation continue to shape our world, as businesses are forced to keep pace in an accelerated environment of cloud computing, artificial intelligence, and machine learning. Coupled with a new focus on IT decentralization with flexible, mobile workforces who are seeking more productive and efficient means of collaboration, today’s IT landscape is a complex web of intertwined technologies that are not simply managed within the network perimeter.
Over the last decade or so, there has been a huge increase in the adoption of solutions such as cloud storage, video chatting, and collaborative tools like SharePoint that have transformed the way business works. With these technologies, we can share outside of the traditional network, with vendors and contractors, in a more efficient, productive, and collaborative manner. However, this has also created a larger concern for IT, as they now need to manage security, data integrity, and confidentiality outside of company resources. In this new landscape, is there a way to protect our documents that contain sensitive information from unauthorized access?
Information Rights Management (IRM) protects files from unauthorized copying, viewing, printing, deleting, and editing. IRM generally encrypts files in order to enforce access policies. Once encrypted, additional IRM rules can be applied to a document to allow/deny specific activities like those listed above. For example, a rule could mean that a document is view-only, and the user cannot copy/paste the content within the document. In other cases, an IRM rule may prevent a user from taking screenshots, printing, or editing a document. Perhaps one of the biggest advantages of IRM is that the protections persist even when files are shared with external or third-party sources. This means IRM sealed documents can remain secure no matter where it is accessed.
For Office 365 users, Azure Rights Management is the IRM solution for the cloud. This is particularly useful as email and document sharing are two areas where information often leaves the organization and is most susceptible to compromise. Within SharePoint Online, protection is applied at the list and library level, which allows for a more granular approach, if desired. For example, when IRM is enabled for a library, rights management applies to all files in that library. When you enable IRM for a list, rights management applies only to the files that are attached to list items, not the actual list items.
When people download files in an IRM-enabled list or library, the files are encrypted so that only authorized people can view them. Each rights-managed file also contains an issuance license that imposes restrictions on the people who view the file. As we have previously discussed, typical restrictions include making a file read-only, disabling the copying of text, preventing people from saving a local copy, and preventing people from printing the file. Client programs that can read IRM-supported file types use the issuance license within the rights-managed file to enforce these restrictions. This is how a rights-managed file retains its protection even after it is downloaded. You cannot create or edit documents in an IRM-enabled library using Office in a browser. Instead, one person at a time can download and edit IRM-encrypted files. Use check-in and check-out to manage co-authoring, which is authoring across multiple users.
To help prevent information leakage in Exchange Online, IRM is included that provides online and offline protection of email messages and attachments. With Office 365 Message Encryption, you can send and receive encrypted email messages between both internal and external users. This service helps to ensure that only intended recipients can view the message content. Within this, administrators can define mail flow rules, to determine under which conditions email messages should be encrypted.
For additional information and to learn how to configure policies and rules, please watch our companion video “Configuring IRM Policies”.
As external collaboration and communication continue to evolve at the center of many organization’s operations, it is imperative that information is protected to ensure business and mission continuity. Utilizing Information Rights Management effectively is yet another layer of protection to keep you safe and productive.
Click here to speak with a Wellforce security expert and see if you qualify for one of our free security assessments. Stay safe out there!