Title: Windows Rights Management Services RMS
1Windows Rights Management Services (RMS)
Moshe Zrihen CTO, TrustNet
2Agenda
- The Business Problem
- Windows Rights Management Services
- How RMS address the problem
- Usage Scenarios Regulation (Sox, HIPPA etc)
- How RMS Is Working Demo
- RMS SP2, whats new?
- RMS Integrated With Office 2007, SharePoint,
Mobile - Related Information
- QA
3The Business Problem
4Information Loss and Liability are a Growing
Concern among Organizations
Enterprises report forwarding of e-mails among
their top three security breaches
Jupiter Research
Organizations that manage patient health
information, social security numbers, and credit
card numbers are being forced by government and
industry regulations to implement minimal levels
of security to address leakage of personal
information.
IDC
Source JupiterMedia,DRM in the Enterpise, May
2004 Source Worldwide Secure Content Management
2005-2009 Forecast The Emergence of Outbound
Content Compliance, March 2005
5Information Leakage is Broadly Reaching
6And Is Costly On Multiple Fronts
- Cost of digital leakage per year is measured in
billions - Increasing number and complexity of regulations,
e.g. GLBA, SOX, CA SB 1386 - Non-compliance with regulations or loss of data
can lead to significant legal fees, fines and/or
jail time
Legal, Regulatory Financial impacts
- Damage to public image and credibility with
customers - Financial impact on company
- Leaked e-mails or memos can be embarrassing
Damage to Image Credibility
Loss of Competitive Advantage
- Disclosure of strategic plans, MA info
potentially lead to loss of revenue, market
capitalization - Loss of research, analytical data, and other
intellectual capital
7Traditional solutions protect initial access
Authorized Users
Yes
Information Leakage
No
Access Control List Perimeter
Unauthorized Users
Unauthorized Users
Firewall Perimeter
but not usage
8Todays policy expression
lacks enforcement tools
9How RMS Address The Problem?
10Safeguard Sensitive Information with RMSProtect
e-mail, documents, and Web content
End User Scenarios
11Usage Scenarios Regulation (Sox, HIPPA etc)
12How RMS Enables SOX Compliance
13How RMS enables SOX Compliance
14How RMS Enables HIPAA Compliance
Government Hospitals must protect patient data
through access controls, user authentication, and
auditing
15How RMS enables HIPAA Compliance
16How RMS Enables GLBA, 357 Compliance
17FDA Compliance
FDA 21 CFR PART 11
DEPARTMENT OF HEALTH AND HUMAN SERVICES Food
and Drug Administration 21 CFR Part 11 Docket
No. 92N-0251------------------------------------
----------------------------------- SUMMARY The
Food and Drug Administration (FDA) is issuing
regulations that provide criteria for acceptance
by FDA, under certain circumstances, of
electronic records, electronic signatures, and
handwritten signatures executed to electronic
records Section 11.10 describes controls for
closed systems, systems to which access is
controlled by persons responsible for the content
of electronic records on that system. These
controls include measures designed to ensure the
integrity of system operations and information
stored in the system. Such measures include (1)
Validation (2) the ability to generate accurate
and complete copies of records (3) archival
protection of records (4) use of
computer-generated, time-stamped audit trails
(5) use of appropriate controls over systems
documentation and (6) a determination that
persons who develop, maintain, or use electronic
records and signature systems have the
education, training, and experience to perform
their assigned tasks. Section 11.10 also
addresses the security of closed systems and
requires that (1) System access be limited to
authorized individuals (2) operational system
checks be used to enforce permitted sequencing of
steps and events as appropriate (3) authority
checks be used to ensure that only authorized
individuals can use the system, electronically
sign a record, access the operation or computer
system input or output device, alter a record, or
perform operations (4) device (e.g., terminal)
checks be used to determine the validity of the
source of data input or operation instruction
and (5) written policies be established and
adhered to holding individuals accountable and
responsible for actions initiated under their
electronic signatures, so as to deter record and
signature falsification. Section 11.30 sets
forth controls for open systems, including the
controls required for closed systems in Sec.
11.10 and additional measures such as document
encryption and use of appropriate digital
signature standards to ensure record
authenticity, integrity, and confidentiality.
Section 11.50 requires signature manifestations
to contain information associated with the
signing of electronic records.
18How RMS Is Working Demo
19How does RMS work?
- Author receives a client licensor certificate the
first time they rights-protect information
SQL Server
Active Directory
- Author defines a set of usage rights and rules
for their file Application creates a publishing
license and encrypts the file
RMS Server
4
1
- Recipient clicks file to open, the application
calls to the RMS server which validates the user
and issues a use license
2
5
3
- Application renders file and enforces rights
Information Author
The Recipient
20Apply Permissions to New Email
21(No Transcript)
22(No Transcript)
23(No Transcript)
24(No Transcript)
25Add userswith Readand Changepermissions
Verify aliases DLs via AD
Add advanced permissions
26Add/removeadditional users
Set expiration date
Enableprint, copypermissions
Contact forpermissionrequests
Enable viewing viaRMA
27(No Transcript)
28(No Transcript)
29RMS SP2, whats new?
30SharePoint 2007
- Protected document libraries
- Policy applied at document library level
- Protects document on download
- Document protected to user
- Information searchable on server
- Sticky permissions
- SharePoint rights ?? IRM permissions
- File format specific
- Out-of-the-box support for Word, Excel,
PowerPoint, InfoPath, and XPS files
31Office 2007
- Client applications
- Outlook
- Word
- PowerPoint
- Excel
- InfoPath - new
- Server applications
- SharePoint new
- Windows Mobile
- Support Windows Mobile 6
32Protected doc library
33(No Transcript)
34(No Transcript)
35(No Transcript)
36(No Transcript)
37(No Transcript)
38(No Transcript)
39(No Transcript)
40(No Transcript)
41(No Transcript)
42(No Transcript)
43Windows Mobile
- Smartphone and Pocket PC
- Optimizations for Mobile platform
- RMS API part of Mobile SDK
- Pocket Inbox, Word, Excel, and PowerPoint
Y
Y
Y
N
44RMS Live Demo
45Related Info
46- Related Links
- http//www.microsoft.com/windowsserver2003/technol
ogies/rightsmgmt/default.mspx - http//www.microsoft.com/windowsserver2003/evaluat
ion/overview/technologies/rmenterprise.mspx
47- ???? ??? ?? ??????
- moshe_at_trustnet.co.il