Windows Server 2008 Protects Content

An update to Rights Management Services (RMS) in Windows Server 2008 will simplify sharing of protected files, e-mail, and other content between organizations. The Windows RMS feature uses encryption to prevent unauthorized users from accessing content and to enforce access policies on content, even if the content is moved to unsecured file or e-mail systems. RMS helps organizations secure sensitive data, comply with privacy and disclosure regulations, and could prove a useful adjunct to Microsoft’s SharePoint Server document management product. However, RMS still requires a complex infrastructure and secure business processes.

Aid to Compliance, Nondisclosure

RMS, now formally known as Active Directory (AD) Rights Management Services, is a Windows service that encrypts e-mails, files, and other types of business content to prevent access by unauthorized users. Unlike protection mechanisms such as access control lists (ACLs), which typically control who can read and change files stored in a file system, RMS protection travels with content and thus can work even if the content is moved to a computer outside an organization’s control. RMS also enables users to place restrictions on protected content (e.g., “do not print or forward”) that can be enforced by applications accessing the content. These restrictions can be defeated (by taking screen shots while content is being viewed in a Terminal Services window, for example), but they can help prevent casual or inadvertent disclosure of protected content.