What is Information Rights Management?
Information Rights Management is the set of techniques and methods which protect the highly sensitive information of the organization irrespective of the file location whether
it resides “in” or “outside” the corporate boundaries. This happens as the permissions embedded inside the file don’t allow unauthorized access, modification, copying or printing. This is typically done for protection of financial documents, intellectual property such as patents, design blueprints and executive communications.
IRM broadly speaking addresses the fundamental problem associated with Data Protection Leakage (DLP). DLP heavily relies on protection of sensitive file within the corporate network typically at its end points. It protects the data based on its location (directory, file server/ database) or in data in transit, but doesn’t give the protection at a more granular level, i.e. information contained in file itself. IRM currently applies mainly to documents and emails in typical corporate environment setting.
While DLP is “transmission control” technology, IRM is “usage control” technology.
Why do we need IRM?
The rationale for using IRM is that the privacy information associated with data must travel along with it. The copying of that data must not lose the associated rights to that information. Rights to modify, update, restrict or even destroy that information must be retained by the individual it pertains to, even when a 3rd party holds that information.
In larger context, IRM helps organizations in enforcing corporate policy governing the secure flow of highly sensitive data in the organization. File protections are defined and enforced based on user’s identity along with corporate policy on a given class of data.
The best way to protect information is to do it directly at the level of the information – and not at the level of many system(s) which might change, transport or store the information.
What exactly can be achieved with IRM?
- Preventing restricted content from unauthorized modification, copying, printing or pasting
- Disabling Print Screen feature in Microsoft Windows for taking snapshots of restricted content.
- Restricting content exposure wherever it is sent
- Support file expiration so that contents in documents are rendered un-viewable (or viewable) automatically after a set time.
- Full auditing of both access to documents as well as changes to the rights/policy by business users
What can’t be prevented using IRM?
- Sensitive Content from being erased, stolen, captured or transmitted by malicious programs like Trojans, key loggers etc.
- Content from being lost or corrupted due to virus infection
- Restricted content from being hand-copied or retyped from a display screen.
- Taking digital photograph of the restricted content displayed on a screen by unauthorized person
- Snapshots of restricted content are possible using 3rd party screen-capture tools
For a more comprehensive discussion on IRM, please visit our detailed article here: “Information Rights Management – Implementation and challenges” or view PDF version article below
Manasdeep currently serves as a Security Analyst in the Technical Assessment team at Network Intelligence India, Mumbai. His work focuses on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients.
He possesses strong analytical skills and likes to keep himself involved in learning new attack vectors, tools and technologies. He has flair in technical writing and shares his thoughts on his blog “Experiencing Computing…” at http://manasdeeps.blogspot.in.