, Nov. 4, 2003 — At the RSA Conference 2003, Europe, Microsoft announced the public availability of Windows Rights Management Services (RMS) for Windows Server 2003. RMS helps organizations safeguard confidential information from unauthorized use.
Mike Nash, Corporate Vice President, Security Business Unit Click image for high-res version.
To get a fuller sense of how RMS works and how customers can expect to benefit from it, PressPass spoke with Mike Nash , corporate vice president of the Security Business Unit at Microsoft.
What did Microsoft announce today?
Nash: We announced the public availability of Windows Rights Management Services (RMS) for Windows Server 2003. RMS helps safeguard sensitive information from unauthorized use. Working with RMS-enabled applications, it helps protect information through persistent usage policies, which remain with the information, no matter where it goes. This represents a new level of protection for important information.
PressPass: Why does this matter to a business?
What customer need does RMS address?
Nash: In an increasingly digital world, the risk of having confidential information accidentally or intentionally get into the wrong hands is growing. Loss of confidential information can cause significant damage to organizations. These damages may include loss of revenue, competitive advantage, and customer confidence. Security methods such as firewalls and Access Control Lists (ACLs) help prevent unauthorized access to information, and encrypted delivery helps protect information in transport. These methods, however, stop protecting the information once the authenticated individual has accessed or received it. Customers are looking to augment their security strategies by providing persistent protection that remains with the information no matter where it goes. This is where RMS comes in.
PressPass: What are the key benefits?
Nash: RMS allows information workers to distribute information within their organizations and define how and under what circumstances it can be used, such as when it expires and who can open, modify, print and forward it. The ability to set and enforce document-level protection will allow organizations to internally share information more broadly, with less risk of inadvertent or intentional misuse. It works with RMS-enabled applications to help safeguard digital information, whether it be online or offline, whether it be inside or outside the firewall. Organizations can easily create custom usage rights templates such as Confidential – Read Only or Attorney-Client Privilege that can be applied directly to information such as financial reports, product specifications, customer data and e-mail messages, ensuring a consistent policy across an organization.
PressPass: Can you give some real-world examples of how RMS would actually work?
Nash: Let me give you three scenarios:
Protecting confidential e-mail messages : A company executive sends an e-mail using a Company Confidential template. The template applies read-only rights. The executive then attaches an unprotected Microsoft Word document, which inherits the same usage rights as the e-mail has. Recipients cannot copy, save, edit or forward either the e-mail or the Word document.
Safeguarding documents: A research manager rights-protects a Word document and sets an expiration date. She grants read-only access to her research team. Only those on her research team can open the Word document. After the expired time, they can no longer open the document.
Protecting sensitive intranet content: A Web administrator rights-protects sales data on the company intranet. Only specified employees are granted permissions to view the data. The data is rights-protected with read-only access. They cannot print, or copy and paste the data.
Is this similar to Windows Media DRM (Digital Rights Management)?
Nash: The two technologies are clearly distinct yet they both fall into the rights management category. Windows Media DRM is designed to protect media and entertainment content, while Windows RMS protects sensitive information of enterprises and organizations.
Who will benefit by using this technology?
Nash: We think customers and Microsoft’s industry partners will all benefit from RMS. For customers such as government agencies, private consulting firms, healthcare organizations, stockbrokers and other organizations it can provide effective protection of everything from quality control statistics and merger and acquisition plans, to medical records and business-development strategies. Corporate software developers will also benefit because they can use the RMS Software Development Kits (SDKs) to RMS-enable their line of business applications.
Microsoft industry partners such as independent software vendors, infrastructure service providers and systems integrators can use the RMS SDKs to RMS-enable their applications and solutions. RMS partners such as Avanade, EDS, GigaMedia, Omniva, Reciprocal, SecureAttachment and SyncCast are incorporating RMS in their solutions.
PressPass: From a technical point of view, how does RMS work?
Nash: Let me take you through the workflow in this chart:
Establishing trusted entities:
Step 1 in chart: Organizations can specify the entities, including individuals, groups of users, computers, or applications that are trusted participants by their RMS server.
Assigning rights to information:
Step 2: Using an RMS-enabled application, users can easily assign rights, such as read-only, to their digital information. These rights reside in a publishing license which is attached to the information.
Distribution and licensing:
Step 3: The application then encrypts the information and the publishing license together. The information and rights remain encrypted during transport, extending protection beyond the organizations network.
Viewing rights-protected information:
Steps 4, 5: When the recipient opens rights-protected information, a request is made (4) to the RMS server to validate the users credentials and usage rights. A use license (specifying the rights that apply to the information) is issued and the RMS-enabled application enforces the usage rights (5) defined by the author or template.
PressPass: What are the technology requirements?
Nash: The features and functionality I described require Microsoft Windows Server 2003, Active Directory directory services, Internet Information Services (IIS), a database such as Microsoft SQL Server 2000, and an RMS-enabled application (such as Microsoft Office 2003 Editions).