In today’s ever more interconnected world, it’s essential that the information businesses share is secure and protected - not only from external threats but also within our organizations. Information protection is critical and should not be taken lightly.
Challenges of Data Protection
Most organizations spend significant resources on developing secure storage for their records in order to protect data from unauthorized use, disclosure, modification or deletion. In this context, Authentication and Authorization are the key principles involved in securing information for any application or tool.
If we look at a typical business environment, companies are spread across various locations with employees often working remotely. It is therefore essential that documents are well protected within the business and as they travel between locations. At present, many employees continue to send crucial documents via email and this continues to represent a risky and insecure way of sharing data - both from external threats and from internal errors.
Modern enterprises depend on sharing documents and information between employees and customers. There’s currently a huge range of collaboration, engagement and productivity tools yet a real lack of concurrent document protections. The Rights Management Sharing application fills this gap.
Rights Management Service Application
Considering how critical Information Protection is, Microsoft has increased its investment by introducing the Rights Management Service application (RMS). This tool is built on Windows Azure Service and helps users to protect SharePoint documents across all important devices, all important file types, and lets these files be used by all important people in an organization.
- Protect any type of file (not just Microsoft Documents)
- Share across all Devices (not just Windows users)
- Sharing with anyone (internal/external to the organization)
- Available for individual use as well as organizational use
RMS Key Features
Since the Rights Management Service application is built on Windows Azure Services, it leverages Azure to manage the protection of documents. Documents are not actually sent to the Azure service - rather, it is their protection which is managed. As a result, viewing or sharing of the documents is enabled without actually having to send the document to the service.
What does this mean? Basically, a document is always kept On-Premises, even when it is shared externally via email.
With the Rights Management Service application, users gain access to the following features:
Protect the organization's documents
When you protect SharePoint documents using the Protect in-place feature of the RMS, it creates a new protected file from your existing unprotected document. When you copy this new file to another folder or device, or even share it to external storage, the file will remain protected.
Even if multiple users are using the same computer, when you protect a file other users will not be able to access the document as RMS installation will configure settings that apply exclusively to your user account (unless it is explicitly shared using the Shared Protected option).
When you right click on any document on the server, you will see the following options for protecting your document.
- Company Defined Protection: By default, when you select the company defined protection, you can see two policy restriction templates - ‘Confidential View Only’ and ‘Confidential’. Using this option, users can quickly apply the correct level of protection for each document and restrict access to people inside your organization. You can also create a customized policy template for your organization from the advanced features and it will be available to all the users in your organization.
- Custom Permissions: You can choose this option if you want to specify explicit permissions which are not available in pre-defined templates.
- Remove Protection: If you want to remove the protection, you can use this option to remove the safeguards on a document.
Sharing a protected document via email
Once a file is protected, you can share it with other users via email. When a user selects this option, RMS will protect a copy of the selected file leaving the original document in its prior state (which could also be protected).
The ‘share dialog box’ offers the option to address the document to other users (using email) and select permissions. Your email can be customized prior to being sent. The service will then send the protected file to other users. The Share Protected Dialog box looks like this:
There are other ways to share a protected file:
- Using Outlook to protect SharePoint documents you share – there will be a button added in your Outlook email for sharing the protected email.
- From a Microsoft Office application – There will be a button added in the ribbon of the Microsoft Office applications to share the protected documents.
Track Protected Rights on the document
Once you have protected the document, you can track which users and how people are using it, and you also have an option to revoke access if it is no longer required. Along with revoking access you can also:
- Notify the users about the revocation via customized email
- Specify the time from which document won’t be available to the users
- An export to Excel option is also available to modify the data and create your own views and graphs
You can track the document usage using either a Web Browser, the File Explorer or an Outlook Email Message.
You can rollout and implement the Rights Management Service application for your organization using the product deployment roadmap. If you want to use it for private purpose, you can use this quick start tutorial to set things up.
Now that you know the basis of RMS, go on and set it all out. You'll discover a new kind of piece of mind knowing that your SharePoint documents are protected both in and outside of your organization.