RealTime IT News

New Digital Rights Tools Debut For Office

Microsoft has unveiled Windows Rights Management Services software, its first-ever rights management system for the Office suite that helps customers protect information in Word, Excel, PowerPoint documents and the Outlook e-mails from slipping into the wrong hands.

Office 2003 is the first suite of applications enabled with the RMS system, which is available to customers who have upgraded to Windows Server 2003. It lets users set policies that safeguard sensitive e-mails or confidential information in key Office documents from being copied or forwarded to unauthorized readers.

Microsoft is making the announcement of the RMS availability during the RSA e-Security Conference Tuesday in the Netherlands. Mike Nash, corporate vice president of the security business unit at Microsoft, who is delivering a keynote address Tuesday, said customers have said they need help protecting sensitive information from accidental and intentional distribution to unauthorized recipients.

RMS is a new ASP.NET service, built on the Microsoft .NET Framework, for Windows Server 2003 Standard, Enterprise, Web and Datacenter editions. With the RMS server, information workers can distribute information within their organizations with definitions of how and under what circumstances it can be used, such as when it expires and who can open, modify, print and forward the information.

For example, in a Word document, an author can determine permissions such as read-only access or editing access for other members of an organization, said Scott Hanan, a product manager in Microsoft's security division. But RMS also provides more granular permissions, such as who can print, who can copy, and when those permissions expire.

It also helps block information that often can leak out through the use of instant messaging applications. Currently, sensitive information can be cut and pasted from a document, put into an IM, and then posted publicly, such as on a Web site, said Jon Murchinson, a product manager in the security division, during a recent briefing about the product with internetnews.com.

But because the RMS protections on the information persist at a document level, such as Word or Excel, the information can't be copied and pasted into an IM screen.

The new RMS server software is one facet of Microsoft's Trustworthy Computing initiative, which is aimed at improving security across all of its software lines and platforms. The first roll-out of the RMS service for Windows 2003 customers is designed for intra-company information sharing, but Microsoft officials expect to release a business-to-business version in version 2.0. An add-on for Web content is expected for Internet Explorer, which will enable rules for sharing information posted on portals, which is expected by the end of the year.

The service requires a connection to the Windows RMS server in order to access specific information. A system administrator can also push down a series of rights management templates to users' desktops within an organization.

The rights and policies are managed by the RMS server component and deploys the Windows Rights Management Client add-on that was released in September. The client software is necessary for authors who are creating or viewing rights-protected content, and is available to all licensees of Microsoft Windows 98, second edition, and later.

In addition, in order to deploy RMS-enabled documents and e-mails, enterprises need Windows Server Active Directory and a SQL Server database (to store configuration data) on the server side, and RMS-enabled applications on the client side.

Using the RMS client and server software development kits (SDKs) from Microsoft, developers and independent software vendors can also create new products or integrate rights management into existing applications and their own line-of-business applications.

Professional Edition Office customers can create the rights-protected Office documents, spreadsheets presentations and e-mail messages. Office 2003 Standard Edition will allow users to view rights-protected content, but not to create it.

The licensing for RMS calls for a Windows Server 2003 Server License, Windows Server 2003 Client Access Licenses (CALs), and Windows Rights Management Services CALs.

RMS CALs -- which can either be applied to a user or a device -- go for an estimated price of $37 each, or about $185 for five CALs. Microsoft is also offering an RMS External Connector (EC) license, which will allow organizations to permit an unlimited number of external users to access a single licensed copy of RMS server software without requiring an additional CAL for each. The RMS EC license is intended to give organizations the ability to allow customers or business partners to access rights-protected information. The RMS EC license goes for about $18,066.

Microsoft officials said RMS is aimed at helping key confidential requirements of large organizations, such as merger and acquisition plans, loan applications, payroll and salary information, and production status reports.

Jim King, manager of the technology R&D group in pharmaceutical company Merck's clinical data program said the Windows Rights Management Services infrastructure built on Windows Server 2003 provides a means to control the distribution of its mission-critical information with persistent usage policies. In addition, it provides an infrastructure that lets Merck expire Microsoft Office System documents while managing distribution, which helps the company maintain information relevance and appropriate access.

Microsoft officials said RMS was designed as a platform technology that can be utilized by any Windows-based application. It has also been working with ISVs, application service providers and systems integrators to develop RMS-enabled applications and hosted solutions.

RMS partners include Avanade, EDS, GigaMedia, Omniva, Reciprocal, SecureAttachment and SyncCast.

Corrects prior version to add attribution to Jon Murchinson in sixth graph and also corrects reference to time frame on business-to-business version of RMS, which is expected with RMS 2.0 but not expected by the end of the year.