Information Rights Management is an important subject given the recent events with Julian Assange and Wikileaks. This issue doesn’t directly touch our personal lives (yet) unless of course you are a diplomat. However it does pose a serious question for corporate lives and for enterprise content management. We’ll discuss how portals and specifically Sharepoint 2010 help with Information Rights Management and what can you do to ensure that the right people have access to the right information at the right times – nothing more and nothing less is the need of the hour.
What is Information Rights Management?
Information Rights Management also known as ERM, EDRM, Documents Rights Management, IR Management and sometimes confused with DRM is using technology to ensure that the information and content that your organization creates and distributes is accessible by the right people and only for the duration you deem fit and “consumed” in the appropriate manner. What I mean by consumption is copying, pasting, emailing or transferring to a USB and mailing it to a postbox in Australia.
In this hyper connected, digitized, on-the-go, always on, lawsuit happy world it is imperative that organizations have some sort of policy and mechanism in place for IRM (clearly highlighted by what’s happening with Wikileaks – can you imagine what will happen when they start publishing emails and documents that transpire between CEOs and HR Managers of large organizations, proposals between companies which hint at you give-us-this-order-and-we’ll-meet-our-numbers, Software Architecture Diagrams for the next big Collaboration Site, Application for Patents, Show Cause notices). Yes, only the paranoid survive (and looks like the stock will get $40) and since I’ve made the case for IRM let’s move on to the technology.
Sharepoint Foundation 2010 and IRM
Here is a good article on Sharepoint Foundation 2010 and what are the features it has to protect information. The article touches on the key features of Sharepoint and Windows that make this happen. It shows how Sharepoint and Windows Rights Management work together to ensure that once a file is uploaded to a protected document library the content is secured and consumable only by the intended audience and for the appropriate duration.
Note: there are restrictions on the kind of documents that can be protected. This can be extended by writing Custom IRM Protectors. There are also limitations on how these documents can be protected, for egs, printing a document, using the default screen capture, copy/pasting – these actions can be protected however there are some technically advanced methods such as manually writing the content on a piece of paper or using a 3rd party screen capture tool that cannot be controlled.
For the more technically, architecturally and visually inclined here is the IRM framework for Sharepoint 2010 – http://msdn.microsoft.com/en-us/library/ms439625.aspx
Sharepoint 2010 provides the platform and technology to get you set up with basic IRM. This needs to be customized, extended and calibrated to work within different organizations and content.
In order to build a holistic solution you need both processes and people. For egs. while the data gets protected once it is in Sharepoint, there needs to be technology, people and process that ensures every piece of content that is created or distributed falls in line with corporate governance. There need to be audits and compliance checks. There needs to be training and education to ensure that every individual understands the impact of their actions and inactions.
Of course the most advanced, 100 % fail proof, “government grade security” (not sure what that means anymore) can be achieved by not saying, seeing, or doing “wrong” things (prevention is better than cure).