Windows Server 2012 Provides Data Compliance Tools

Dynamic Access Control (DAC) enables content on Windows Server 2012 file servers to be secured based on the servers’ business roles, automatically scanned according to classification rules, and automatically encrypted by Active Directory Rights Management Services (RMS) if classification rules indicate the content should be protected. DAC can enable customers to more readily demonstrate compliance with data confidentiality policies or regulations and better prevent leakage of sensitive data than was previously possible. However, incorporating DAC may require considerable planning and new infrastructure to maximize the benefit of the entire suite of tools.

Earlier Options Hit Scale Issues

With earlier versions of Windows Server, organizations traditionally protect content on file servers by creating access groups, scanning files for sensitive information, and manually protecting or removing files. Files are protected through access control lists (ACLs) on folders to specify access rights for users or groups of users in Active Directory. This works to a degree but does not scale to large organizations, which may require tens or hundreds of thousands of groups across the organization, and changes in a user’s Active Directory role or title may not be reflected automatically in the user’s group membership.