The idea for this article was suggested by my friend Karl de Borst from Microsoft, New Zealand. Thanks Karl!
What is available?
- Protect file(s) or folder(s) IN-PLACE (many of us wanted this for a long time)
- Share the files with other and prevent them from
copying, editing or printing the files.
- Unauthorized people CANNOT see the file at all.
No password needs to be shared.
- File can expire (become unreadable) after a date which you can specify
This is more powerful than just putting a password to open.
The Risk: You add a password to open a file and send it to some trusted person. He/She sends the file to your competitor using personal email or copying on a USB drive… and of course shares the password with them. – what is the protection you have?
Information Rights Management (or IRM or RMS) solves this problem.
Here is how you do it
- Check if you already have this system in place
- If not, register for Rights Management using your company email id
- Download the tool for file protection
- Protect files using the tool
This system is available for FREE.
I am intentionally avoiding unnecessary technical details to keep this very simple. Just follow the steps carefully.
Step 1: Check with your IT team whether they have already implemented IRM
This entire system is based upon a Microsoft technology called IRM. If you already have IRM, then ask IT for the instructions. If you have Office 365 E3 subscription, IRM is available. But it needs to be activated. Again, check this with your IT team.
Step 2: Register for Microsoft Rights Management
Go to this site http://portal.aadrm.com
Enter your email id and click next. Personal email ids are NOT supported. It must be an organizational email id.
Once you receive the mail, follow the instructions there to verify the registration. You will have to register with a name and password. You will then receive a confirmation mail and now you are ready to use the system.
Step 3: Download the tool
The final mail you receive will have a link to download the tool. It is called RMS sharing application. You can also download it from here
It is available for all platforms. Depending upon the device, the capabilities differ. For example, on Windows, it can protect all types of files whereas on Android platform it can protect only photos and images.
Download and install the tool. Here I will explain the Windows version of the tool.
Step 4: Protect and Share files
Once this tool is installed, you can see many new options:
Right click on any file to see special options appear for protection:
Choose the protection option. and now the file is protected.
Word, Excel and PowerPoint will now show a new button in the Home tab called Share Protected.
To share the current file, click on this button.
Sharing protected files
This is done by using the Share Protected option.
- Specify the email id of the recipient. This person can be from any organization. Of course, this person must have registered for RMS using the method we discussed earlier.
- Specify the level of protection. Just slide the bar. In most cases, you will want to keep it at view level. View means no editing and copying or printing is possible. It is really secure way of sharing the file. Notice that there is no password required to open the file.
- This option makes the system more safe. Keep it on.
- If required, you can stop the file from being readable after the expiry date. Unlike in James Bond films, the file will not self-destruct. It will still be seen as a file. But it will not open.
- Finally, send the file.
- The mail will have instructions for the recipient to open the file.
For details, please see this article
The legal aspects
What is the benefit here? You sent a confidential file to your trusted colleague. Now that person cannot copy or print the file. If he/she sends it to another person by mail or physically, the file will not open unless that person signs in.
Does this REALLY prevent leakage of confidential data? Nothing prevents your colleague from sitting with the external person, opening her laptop and showing the contents of the document.
Of course, no technology can prevent that.
Then what is the benefit of this system? The benefit is Non-Repudiation.
It means that the person who received the IRM protected mail cannot deny that she was responsible for the leakage of information. Why not? Because technically, there is no other way to leak that information.
Therefore, along with using the system, it is equally important to inform all users and recipients that they are now technically (and legally) accountable for any potential loss of confidentiality.
Protecting files across your company
If you want to protect confidential files and IPR related documents, you must install and use the RMS system from Microsoft. As your IT team to read this section.
There are two ways to get this system of protection work across the company:
- Install AD based IRM solution from Microsoft
- Use Office 365 (enterprise plans only) based IRM protection
- Even if you don’t have the enterprise RMS system, as an IT person, you can take control of user based personal IRM. Here are the details.
Having full IRM implemented provides you with many additional advantage.
- It works with all Office tools, Outlook, SharePoint and Exchange seamlessly
- All users can be centrally controlled
- For recovering encrypted files created by employees who have left the organization, you can configure a RMS super users.
- More sophisticated custom protection policies can be created
- Provision of “Do Not Forward” and other templates which work with email messages as well (not just attached documents)