In our last blog, we discussed in detail how you can enable your employees from home through RDP-VPN. In this blog, we will discuss how you can protect your valuable business information in the form of documents, presentations, Excel worksheets and emails.
For any business, securing business information is of paramount importance. You can achieve this with Windows OS permission model, by granting or revoking permissions for your staff or user groups at the file or folder level for preventing their unauthorized access. However, to make it more secure, you can always rely on Active Directory Right Management Services (AD RMS). AD RMS ensures that your business information will not reach the wrong hands, even when outside your office premises.
What is Active Directory Right Management Services (AD RMS)?
AD RMS is a server role in the Windows Active Directory. It helps augment the organizational security strategy by protecting your documents and emails using Information Right Management (IRM). AD RMS uses policy templates that are customizable to suit the specific needs of an organization. It not only takes care of what rights the user can have to access specific documents but also the validity period or expiry date for which a user can access it, no matter where the user is located. Further, AD RMS features are completely integrated with Microsoft Office Suite and can be further extended to work with other AD RMS-enabled servers in the domain or third-party applications using appropriate AD RMS Software Development Kits (SDKs).
How Does AD RMS Work?
AD RMS secures your organizational information by encrypting and storing it on the AD RMS server. While accessing this information, a user needs to possess the encryption key for decrypting this information. A user with privileged access will automatically retrieve the key from the server to open the file. It holds even if the document is taken offsite where the user needs to connect to the AD RMS server to retrieve the key. Failing to do so, will restrict the user from accessing this information. AD RMS confines the access to files and emails through a range of certificates and licenses including the Server Licensor Certificate (SLC), Rights Account Certificate (RAC), Client Licensor Certificate (CLC), Publishing License and End User License (EUL).
What Are the Prerequisites for AD RMS?
AD RMS works on the client-server interaction and has following prerequisites for getting the service up and running –
- A Windows server for running the AD RMS role. It takes care of licensing and management of certificates, applications and users and settings related to content access policies.
- A Windows AD RMS client to take care of data encryption and decryption and acquiring certificates and licenses from the above Windows server with AD RMS role.
- A database server like Microsoft SQL Server for storing information regarding the usage policies.
Besides this, these are the in-depth hardware, software, account and application requirements.
One of the most important points is that the AD RMS server must be a domain member within the domain of the user accounts that will use the service.
How Does AD RMS Protect Your Business Information?
Thanks to the various useful features of AD RMS, it protects your crucial business information efficiently anywhere, anytime.
- Offers superior protection than NTFS (NT File System)
You might wonder why to specifically opt for AD RMS when NTFS offers similar benefits. The simple answer to this query is in the case of NTFS, the specified access permissions on files and folders work only inside the domain network and can’t protect your business information that is taken offsite. On the other hand, AD RMS keeps securing information irrespective of the location of the document. Also, AD RMS overrides NTFS permissions and thus, if a user has full access through NTFS and read-only permissions through AD RMS, then AD RMS policies are applied. - Provides data protection against unauthorized access
Any business reports such as financial statements are crucial for any organization and should have highly restricted access. AD RMS secures confidential files and reports by restricting it from being forwarded, copied or printed by unauthorized users. As already explained, it applies even to those downloaded offsite or is outside the office premises. - Prevents confidential emails from getting into wrong hands
If not secured efficiently, emails can prove to be one of the primary media for data leakage as once it leaves our outgoing email folder, we hardly have any control over the data contained in it. AD RMS ensures that emails are not forwarded, copied or printed by a recipient who is not authorized to perform these operations. What more, it guarantees that the emails can be opened by only authorized recipients, in case they have been sent to someone accidentally who is not supposed to receive it. - Offers protection against the misuse of Windows Print Screen feature
If you think that a troublemaker can have his hands on your corporate data by using the ‘print screen’ option, you are wrong. With its persistent user rights and conditions, AD RMS can prevent users from using this tool. However, it can’t prevent them from using a third-party screen capturing solution. - Time-bound access
AD RMS specifies a time for which users can perform actions on the documents such as read, modify, print, forward, etc. After the expiration of this period, users can’t access the files. This feature can come handy for allowing your staff to access a particular file for a particular time-bound assignment like a project or a client-demonstration. - Securing data on mobile devices
According to Statista, Mobile Internet traffic accounts for around 51.98% of the global online traffic. Thus, not securing mobile devices for data access and authentication will be like a half-baked solution which can be a recipe for disaster. AD RMS mobile extension comes handy to secure corporate information while being accessed through mobile devices that run on Windows, iOS and Android. You need to ensure that the devices have the latest RMS clients and RMS aware apps installed. The MAC devices should have Office 2016 for MAC and RMS aware applications. - Protection to file types other than Microsoft Office files
Besides Microsoft Office files, AD RMS supports a wide range of file types. It can achieve this by integrating with applications like Microsoft SharePoint (2007 onwards) and secures files published on the intranet site. It also supports some third-party applications and file types including .jpg, .pdf, .xml, .txt.
In this blog, we discussed how you can use AD RMS for protecting your data. In the upcoming blogs, we will discuss more ways to work from home efficiently while securing your information such as using cloud technology and others.
