Whether Microsoft Rights Management Services (RMS) or Document Digital Rights Management (DRM) is best will be a subject of debate for anyone looking to secure his or her documents from unauthorized viewing. But, the truth is that both are viable options and have practical applications in the real world. They also both have their advantages and disadvantages.
We will, therefore, look at both options in depth in an effort to help you make the right decision when picking one for your business.
Like the name suggests, this is a product offered by Microsoft and was built for the Microsoft Office Suite, including Word, Excel, and PowerPoint. It has been used over the years for rights management of documents, mostly in enterprise settings, and has helped protect trade secrets among other things.
Originally, it worked quite well with internal document distribution but presented a problem when it came to external sharing. The reason for this is that the active directory environment of the creator of the document may differ from that of the document consumer. Microsoft has since found a way to tackle this by using Azure Active Directory and Azure RMS which is the cloud version of the software. This makes it possible to share documents outside an organization’s firewall.
Of concern is how tightly RMS and Office are currently integrated. Enterprises using RMS will have to ensure that all document recipients and users use Microsoft Office products, otherwise, they will not be able to open and decrypt the documents. RMS functionality is also currently available on both desktop and mobile platforms under the name “Office everywhere encryption everywhere”. Users of RMS can, therefore, send documents to any other user, without there being a need to download software for either of them.
Documents must reside on a Windows server running File Services which then connect to on-premises servers running Exchange, Sharepoint, etc. and this connects to Windows server active directory for identity management. Basically, there is a lot to configure, integrate and get right.
Through the integration stated above, Microsoft has made sure that third-party modifications to the RMS platform are impossible. So, it is impossible for apps other than the Microsoft Office Suite to function with the RMS. Also, due to this integration and control by Microsoft, if there was ever a breach in the system, it would potentially affect all RMS clients and their data.
The Azure Rights Management service can be set to automatically apply for document protection, according to policies that administrators create. In other cases, end users must apply for the document protection themselves from their Office applications by selecting a classification label (that is configured by an administrator) to apply for protection. Alternatively, they may be able to select a template or select specific protection options. Although you can share documents with users outside the organization they must be a user in Windows Active Directory.
Another disadvantage to RMS is that it does not support use on regular browsers.
DRM software is a more recent invention. It gives publishers of information the right to pass documents to others as well as gives them control over what the recipients can do with the file. As a result, it prevents unauthorized use of the content in the documents.
DRM is similar to RMS in a few ways, including its overall function of document security. However, it differs from RMS in that it works with just about any document processing app out there, whether it was made by Microsoft, Google or any other company. So, it can impose controls on these apps individually.
There is also a sense of independence from the DRM service as security protocols are defined at the operating system level. This means that the DRM client has total control over the environment as well as the data that is shared within. You can, therefore, prevent screen grabbing, lock documents to specific devices, etc. and make sure that any printing is done to a physical printer rather than a file driver.
DRM is more useful if the document you are protecting is not an Office document and the user is not already known to you. For example, you might have sold a report and will therefore only know the user details at the time of purchase. You don’t need to set up complicated systems, file servers, identity servers etc. and configure integration with different versions of Office.
DRM also gives you the capability to control documents as they are being viewed on a browser by adding HTML5 or Flash technology. However, this control is limited by the fact that there is no software installed on the user’s computer.
So, which one do you think will benefit your business most? Answer that question and you should find it a whole lot easier to pick between the two.