Script is disabled Protecting SharePoint Documents
Select Page

One of the biggest hindrances that customers face when moving to the cloud is data security for highly sensitive and proprietary business information. Although valid concerns, data on the cloud can be easily protected with the built-in measures of Office 365; take the case of SharePoint 2013 for example. It uses Information Rights Management (IRM) services powered by Windows Azure AD Rights Management (AADRM).

What is Information Rights Management (IRM)?

Information Rights Management is a modern approach of protecting data by having security “live” with the content. Traditional data security measures only limit users in accessing networks or computers where data is stored. However, after access is granted, users can easily manipulate or forward information which may cause leakage and compromise of highly sensitive data.

IRM solves this by creating persistent set of access controls that go with the content rather than with the network. In effect, this allows site administrators to control access to files even if they went out of the organization premises.

SharePoint 2013 Online protects files at the SharePoint list and library level. Once enabled, any file type on that list or library is secured through protector installation on all front-end Web servers. The protector controls all encryption and decryption of rights-managed files or a certain file format.

Here’s a quick list of what can you do with IRM on SharePoint:

  • Set usage rights
  • View protected documents even on a browser
  • Support Office documents and PDFs
  • Programmatically control farm and subscription levels

Set Usage Rights

IRM allows document settings such as access rights for printing, screen reading, or document copy writing configured. Expiration dates on document access can also be set and controlled; and documents which do not have any IRM protection can also be identified or excluded in the library.

View protected documents even on a browser

Office Web Apps allow users to display protected documents on a browser in a read-only mode. When the browser is closed, information about protected documents is cleared from the cache. Library admins can also turn-off this capability by choosing “prevent opening documents in the browser for this document”.

Support Office documents and PDFs

PDF and Office 2013 documents are integrated better in SharePoint 2013. The new implementation allows control on simple opening of PDF files and they can also be protected with IRM services.

Programmatically control farm and subscription levels

IRM settings at farm or subscription levels can also be programmatically controlled. This table on Microsoft’s SharePoint blog shows a list of commands how to do it. The commands include: enabling IRM for the farm and use the defaults RMS server configured in Active Directory; specify URLs that RMS server will use; and enabling IRM for a specified tenant.

IRM in SharePoint gives businesses more confidence in moving sensitive data to the cloud. If you need to know more about this implementation, contact our technical team at Portal Integrators.