By Siobhan Keogh
How do you make sure your internal documents stay internal?
Most organisations have very few measures in place to ensure that important, sensitive documents don’t get circulated externally. Leaks of sensitive data are becoming increasingly common, and they usually come from the simplest of sources – as Datacom’s Sean Dring pointed out in a recent presentation, Edward Snowden leaked NSA documents by taking them out of the office on a USB stick.
But commonly-used enterprise application Windows Server has a technology called Rights Management Services that can prevent people from accessing sensitive information. The technology was introduced in Windows Server 2003.
Send an email
Emails can contain propriety, sensitive or even just plain embarrassing information if they make their way into the hands of your competitors or the media. This problem is easily solved – in Outlook you can set a ‘Do Not Forward’ permission on emails. As well as barring recipients from forwarding the message to other people, you can also prevent them from printing or copying content. Granted, a very determined staff member could physically type out the whole email again, but a simple copy/paste isn’t possible (and you can’t use PrtScn or the snipping tool either).
Share a Word or Excel document
Setting the permissions on a Word or Excel document is a bit more complicated, but not by much – you just have more options to choose from. You can restrict permission to one or several of your colleagues within your organisation. The document is automatically encrypted with the details of who can access the document and what they can do to it. When the document is opened the user is verified by the Rights Management Service before unencrypting the document and the application then limits their editing rights as per the author’s instructions. That way you can ensure that only the correct people can open the document and use it in a way that the author has given permission.
There are a couple of downsides to using a cloud tool to keep your documents on lockdown. To access documents offline, a user must have their credentials cached. But the organisation can nominate how long those credentials are cached for, and the document author could specify that the receiver must be connected to the network to open the document.
There can also be a bit of back-and-forth between staff members if someone who needs to see the document isn’t granted permission in the first place. It’s a small price to pay, however, for the added security and peace of mind that Rights Management ensures.