Transcript
Page 1: Securing Intellectual Property using Azure Rights Management Services

Protecting Intellectual Property with Azure Rights Management Services

MICHAEL NOELCCO

Page 2: Securing Intellectual Property using Azure Rights Management Services

SPONSORS

Page 3: Securing Intellectual Property using Azure Rights Management Services

Michael Noel@MichaelTNoel

•Author of 20 books including the best selling SharePoint and Exchange Unleashed series•Presented at over 200 events in over 70 countries around the world•Microsoft SharePoint MVP, first awarded in 2007•Partner at Convergent Computing in the San Francisco Bay Area (cco.com)

Page 4: Securing Intellectual Property using Azure Rights Management Services

Why Information Rights Management?

Page 5: Securing Intellectual Property using Azure Rights Management Services

Understanding the Need for IRM•Emphasis today is placed on perimeter based security mechanisms, which block unauthorized access•Transit-based security (Email encryption, IPSec, etc.) only protects the content while it is moving from one place to another•ACLs also effective for limiting access•However, these mechanisms are powerless to stop data that has been accessed by authorized individuals from ‘leaking’ out of the organization via email, print, or copy/paste

Page 6: Securing Intellectual Property using Azure Rights Management Services

Once Accessed, Data is at Risk•All perimeter security mechanisms, ACL security, and transport security mechanisms can’t do anything after the data has been delivered to the authorized individuals•Disgruntled employees who email or print company secrets are only part of the problem•Laptop theft, ‘leakage’ of data onto thumbdrives, Smartphones, etc., can be a concern if they are stolen

Page 7: Securing Intellectual Property using Azure Rights Management Services

Governmental/Industry Compliance

•Many Governmental compliance rules (EU Privacy Rules, HIPAA, Sarbanes Oxley, FDA 21CFR11, etc.) require that measures are put into place to safeguard digital information•Expiration of content required for many other industry and governmental regulations

Page 8: Securing Intellectual Property using Azure Rights Management Services

Solution: Azure Rights Mgmt Services

•Azure RMS is a form of Digital Rights Management (DRM) technology, used in various forms to protect content•Specifically, it is a subset of DRM called Enterprise Rights Management•X.509 Certificates based, similar to SSL encryption, IPSec, or other forms of encryption based on Public Key Infrastructure (PKI) technologies

Page 9: Securing Intellectual Property using Azure Rights Management Services

Azure RMS Gives Authors Control

•Document Author can define who do the following:•View document•Edit document•Print document•Copy/Paste

Page 10: Securing Intellectual Property using Azure Rights Management Services

What is Azure Rights Management Services?

Page 11: Securing Intellectual Property using Azure Rights Management Services

How Azure RMS Works

Page 12: Securing Intellectual Property using Azure Rights Management Services

Azure RMS vs. AD RMS• Azure RMS supports significantly more features and services, including

but not limited to:• Built-in Mobile Device Support• Default Templates• Document tracking, revocation, and email notification

• Key difference with Azure RMS vs. AD RMS is ease of setup and long term maintenance - AD RMS requires complex hardware configuration • 2x front-end• 2x SQL back-end• SPNs published in AD• External reverse proxy connections• Federation• Complex config on SharePoint On-Premises and Exchange On-Premises

• Microsoft offers a migration path from AD RMS to Azure RMS (http://is.gd/mig2azrms)

Page 13: Securing Intellectual Property using Azure Rights Management Services

Azure RMS Components

Page 14: Securing Intellectual Property using Azure Rights Management Services

Azure RMS Options• Exchange Online/On-Premises• Do not forward, Confidential, and Confidential – View Only default

policies• Custom organizational policies and DLP Policies

• SharePoint Online/On-Premises• IRM policies defined per document library

• Office Client (Word, Excel, PowerPoint)• Per-document policies applied to individual documents and enabled

directly from the client• Windows Server 2012/2016 File Classification Infrastructure• File-server level policies that stay with the documents even if they are

moved• Office 365 Message Encryption

Page 15: Securing Intellectual Property using Azure Rights Management Services

Office 365 Message Encryption• Transparent

message encryption setup at Exchange Online level• Included in RMS

license• Allows sending

encrypted messages to external or internal accounts

Page 16: Securing Intellectual Property using Azure Rights Management Services

Office 365 Message Encryption• Users on the

outside get custom message• Simple

process to allow them to validate their account• Can be

enforced in Exchange Online with mail flow rules

Page 17: Securing Intellectual Property using Azure Rights Management Services

Windows Server 2012/2016 File Classification Infrastructure

Page 18: Securing Intellectual Property using Azure Rights Management Services

Exchange Online Data Loss Prevention (DLP) Policies

• DLP Policies can be created in Exchange that automatically protect content based on certain criteria• One example would be

protecting emails that have SSNs in them

Page 19: Securing Intellectual Property using Azure Rights Management Services

Azure RMS Effective Permissions in SharePoint Online

Page 20: Securing Intellectual Property using Azure Rights Management Services

Enabling RMS in Office 365

Page 21: Securing Intellectual Property using Azure Rights Management Services

Enabling RMS in Exchange Online

Page 22: Securing Intellectual Property using Azure Rights Management Services

Enabling RMS in SharePoint Online

Page 23: Securing Intellectual Property using Azure Rights Management Services

Azure RMS Licensing

Page 24: Securing Intellectual Property using Azure Rights Management Services

Azure RMS in Office 365

Plan RMS Included?Office 365 Business Essentials NoOffice 365 Business Premium NoOffice 365 E1/A1 NoOffice 365 K1 NoSharePoint Online Plan 1/2 NoExchange Online Plan 1/2 NoOffice 365 E3/A3/G3 YesOffice 365 E4/A4/G4 YesOffice 365 E5/A5 Yes

• Azure RMS is included only in specific SKUs of Office 365• Organizations that

do not include licenses can purchase standalone licenses of Office 365• List pricing is

$2.00 USD per user per month for standalone Azure RMS licenses

Page 25: Securing Intellectual Property using Azure Rights Management Services

Azure RMS LicensingFeature RMS for

Office 365

Azure RMS Premium

Users can create and consume protected content by using Windows clients and Office applications X XUsers can create and consume protected content by using mobile devices X XIntegrates with Exchange Online, SharePoint Online, and OneDrive for Business X XIntegrates with Exchange Server 2013/Exchange Server 2010 and SharePoint Server 2013/SharePoint Server 2010 on-premises via the RMS connector X XAdministrators can create departmental templates X XOrganizations can create and manage their own RMS tenant key in a hardware security module (the Bring Your Own Key solution) X XSupports non-Office file formats: Text and image files are natively protected; other files are generically protected X XRMS SDK for all platforms: Windows, Windows Phone, iOS, Mac OSX, and Android X XIntegrates with Windows file servers for automatic protection with FCI via the RMS connector   XUsers can track usage of their documents XUsers can revoke access to their documents X

Page 26: Securing Intellectual Property using Azure Rights Management Services

USING AZURE RIGHTS MANAGEMENT SERVICES

Page 27: Securing Intellectual Property using Azure Rights Management Services

thank youquestions?

live ratingsSHARINGTHEGLOBE.COM@MICHAELTNOEL

spca.biz/DF5Z


Top Related