Operating Systems

Microsoft recently published a white paper on TechNet describing their implementation of Active Directory Rights Management Services (ADRMS). It’s an interesting document because it reveals some details of the templates that Microsoft has deployed to protect against the kind of information leakage that email facilitates so easily. Companies have attempted to prevent users from doing things like forwarding confidential email outside the organization for at least twenty years. In the early 1990s, we were still in the transition from technologies like telex and fax as email became more pervasive. Although it’s possible to send a fax or telex to a wrong number, the number of incidents seemed low in comparison to the leakage that can accrue through email. In addition, the information provided in a fax or telex is relatively less usable than the data contained in an email or attachment. Early efforts to control email focused on human behavior. Unlike today, it wasn’t usual for everyone in the company to have access to email and so it was easier to concentrate on the small pool of email users who might make an error and forward something that they shouldn’t, or, on a more sinister level, deliberately share a company secret with a journalist, competitor, or someone else who might benefit from the information. However, people are fallible and corporate directives on the correct use of email were often ignored. Some companies attempted to implement email encryption as a way to prevent unauthorized access to information. Indeed, one of the big selling points for the first generation of Exchange in the late 1990s was its close integration with the Windows PKI infrastructure that enabled it relatively easy to distribute and manage the keys necessary to encrypt and decrypt messages. Relative is an important word here because although the deployment of encrypted email was absolutely feasible in terms of technology, it was a nightmare to manage and users didn’t comply. One majo

byITPro Today