By Yann Lejas, Director of Sales Engineering at NextLabs |

Most enterprises are using browser-based applications, such as Microsoft SharePoint, to store and share documents and files with their colleagues, business partners, and customers. This platform presents certain advantages: it makes information easy to share and quick to transfer. Digital documents can be accessed anywhere, any time and from pretty much any device.

While digital content is rapidly growing in SharePoint, companies that share sensitive data when collaborating on product design and development are at risk of data leakage and intellectual property misappropriation. Ensuring the safety and accessibility of data and preventing data loss have become issues of critical importance.

A survey conducted by Cryptzone at the 2014 SharePoint Conference in Las Vegas shows that more than 36% of SharePoint users reported being able to access unauthorized documents and gain sensitive data or confidential information to which they are not entitled. Mishandling of digital documents by insiders, suppliers, and partners cause intellectual property breaches. As a result, improving data security has become more crucial than ever.

The complexity of the modern working environment — massive and fast-growing digital content, geographically diverse workforce, increasing usage of mobile devices, multiple file systems and document types — creates new challenges for data protection. It is therefore important for enterprises to have an effective Digital Rights Management (DRM) solution to ensure internal, as well as external, information security.

Several DRM options for SharePoint are available. SharePoint Integrated Rights Management (IRM) based on Microsoft Active Directory Rights Management Services (AD RMS) is one of them. It’s an effective solution for protecting sensitive information from unauthorized access, but although SharePoint IRM comes with a lot of capabilities, it also has some limitations. For example, SharePoint IRM can only apply rights protection to a list or library of documents, but not to a specific file or document. In addition, SharePoint IRM only protects Office documents and PDF files, but not other file types, such as CAD and EDA (electronic design automation) files, engineering drawings, .png, .jpg, etc., which can be a severe limitation if the enterprise’s core business is manufacturing, engineering, aerospace or industrial design. Another example, with SharePoint IRM, document usage (printing, copying, screen capture, authorized and unauthorized access, etc.) cannot be tracked after the document has been downloaded from SharePoint, which limits the audit trail monitoring capability. Also, IRM/AD RMS does not support first-time access to encrypted data when offline.

Intrinsically, AD RMS requires users to create a lot of complex permission-based templates, and with the variation of permission requirements, this can result in lengthy lists of templates or permissions, which can be extremely time-consuming.

In order to address these problems, a modern and comprehensive Rights Management solution needs to be flexible, granular, robust, scalable, and easy-to-use. Here are some key requirements for such a solution:

  •        Automated rights application: the solution should automatically trigger rights protection when documents are transferred to/from SharePoint, or to documents already stored in SharePoint, based on document content, attributes, and user attributes, and be able to block access to this data in real time.
  •        Broad control of information usage across all document types, users, and devices: the solution should constantly enforce document usage rights at the end-point, across all applications, document types and devices, online and offline, for actions such as edit, print, copy, send, file transfer, screen capture and a few others.
  •        Audit and monitoring of documents and user activities: a good Rights Management solution should provide a comprehensive view of all document activity on an end point or on a server, with full details about who is accessing the document, when, what file, from which computer, etc.
  •        Easy-to-use. The solution should be policy-driven and the rules or policies should be easy to create, implement and manage. The user or administrator should not have to create templates manually for each individual use case or scenario. The policies designed should be flexible and encompass a large variety of use cases.

This is my wish list of how Rights Management should work to protect my sensitive documents in SharePoint. Let me know your thoughts or how we can meet these requirements.