The following is tip #6 from "20 Tips on securing Outlook in 20 minutes," excerpted from a chapter in Paul Robichaux's book, Secure Messaging with Microsoft Exchange Server 2003 © 2004, published by Microsoft Press. Return
to the main page for more tips on this topic.
There's a popular saying that "information wants to be free."
Although this is in many cases true, the owner of the information might not want it to apply to his or her confidential or proprietary information. Some organizations, like the U.S. government or Apple Computer, deal with this by imposing severe penalties on employees who leak sensitive materials. Most of us don't have that luxury, though, so it would be preferable to have some technological means to give information creators more control over where and how their documents and messages are used.
The Microsoft Office System works with Windows Rights Management Services (RMS) servers (which are built by installing the separate Windows Rights Management Services product on Microsoft Windows Server 2003) to provide a good set of information rights management (IRM) functionality.
The goal behind IRM is simple: people who create documents or messages should be able to specify whether those documents can be modified, forwarded, or copied, and whether (and when) they should expire. The Microsoft Rights Management (RM) implementation uses the XML-based eXtensible rights Markup Language (XrML) to specify what rights the document creator has assigned; then it uses various cryptographic algorithms to securely embed those rights definitions in the document. RMS-protected documents can only be accessed with credentials from an RMS installation. Microsoft has also made available an Internet Explorer plug-in that allows viewing of protected documents from machines that aren't running the Office System.
A complete discussion of how IRM works is outside the purview of this book, because it involves setting up an RMS server and defining IRM usage policies for the organization. In this chapter, I limit my discussion to talking about how to make Outlook work with a functioning RMS server
Get more "20 Tips on securing Outlook in 20 minutes!" Return to the main page.
About the author: Paul Robichaux is a partner at 3sharp LLC, author of several books on Exchange, Windows, and security, a Microsoft MVP for Exchange Server and a frequent speaker and presenter at IT industry conferences. He's written software for everyone from the U.S. National Security Agency to scientists flying their experiments aboard the Space Shuttle, fixed helicopters in the desert and spent way too much time playing video games.