APPLICATION NOTE

1

www.watchfulsoftware.com © Copyright Watchful Software S.A. 2013 All Rights Reserved.

RightsWATCH to Extend and Enhance AD RMS

Many enterprise users are or would like to take advantage of Microsoft's Active Directory Rights Management Services (AD RMS) to implement advanced Information Protection & Control security, thus controlling who handles and what happens to corporate sensitive information. AD RMS’ powerful DRM/IRM encryption capabilities protect sensitive information against misuse and unauthorized access. However, implementing AD RMS can be a complex and daunting task for both the IT Security team and end users, alike. Layered on top of AD RMS, RightsWATCH provides a way to enhance and extend AD RMS and deliver a comprehensive solution tackling the threat of lost or leaked information.

Easy Deployment, Faster ROI

RightsWATCH builds on, and brings the advanced AD RMS capabilities to the user in a manner that is seamlessly integrated into their workflow, while demanding far less from the IT team. There is no need to go over a myriad of menus in order to apply protection or classify information - in fact it can be done automatically based upon policies established by the organization. This means that the user adoption is immediate, and can be applied to all unstructured data – not just emails or MS Office files. Although powerful, AD RMS relies upon a well-trained and well-intentioned user to apply a specific RMS template to protect each and every email or office document. Unfortunately, users are too often not focused on information security… and in some cases actively choose not to protect information for malicious reasons. RightsWATCH allows policies and templates to be global and 'default', so that an enterprise can ensure that the information is classified according to what is stated in the Information Security Policy schema, thereby not relying on the user to remember to do so. At the same time, the user is constantly reminded of the necessary classification and handling of data labeled with a specific RMS template. Moreover, RightsWATCH adds content and context aware classification and labeling, such as an email containing the text 'Confidential' being classified as such, or with a numeric string formatted as xxx-xx-xxxx being classified as containing a Social Security Number (RegEx), etc.

Why RightsWATCH?

Automatically integrates DLP technology for classification & labeling

Automatic fingerprinting and watermarking per the security classification to decrease liability

Integrates seamlessly into the user workflow

Extends to multiple platforms and file types that ADRMS does not reach, driving ROI

Extends RMS protection to a BYOD world, such as iPhone, iPad, Android, and BlackBerry platforms

Allows for richer, more complete Audit Trail enabling compliance forensic ease

Allows for a smooth deployment & roll-out, making it possible to start small and grow with an smooth learning curve

APPLICATION NOTE

2

www.watchfulsoftware.com © Copyright Watchful Software S.A. 2013 All Rights Reserved.

Extending the AD RMS Value Proposition

Besides supporting Microsoft Outlook, OWA and MS Office files, RightsWATCH extends AD RMS to ubiquitous file types such as PDF, and vertically-specific file types, such as .XML and .CAD. Through this broader support for various file types, RightsWATCH brings AD RMS benefit to a wider use-case in the enterprise.

Taking AD RMS Mobile

We live in a mobile world… but that doesn’t need to be a massive hole in our security strategy. RightsWATCH extends AD RMS implementation to additional platforms such as the mobile and BYOD world. AD RMS users can now enjoy RMS policy and encryption protection even if users are reading classified messages on smartphones or tablets, such as the iPhone, the iPad, or even BlackBerry and Android devices. And all of this is seamless to the user.

Enhanced Deployment, Management & Forensics of AD RMS Installations

With RightsWATCH, AD RMS installations become simple to manage. RightsWATCH embeds a unique digital fingerprint in the metadata of the file allowing forensic and audit capabilities from a simple, centralized console. The console allows the administrator to quickly and easily see the history of a given file (including not only who opened it, but also who printed it, saved

it, etc…) without having to search through logs, providing an audit trail that makes it easy to retrieve and analyze any activity on the document. When data is 'leaked' and the task of the IT security professional becomes to find out how this happened... and how to prevent it from happening again, RightsWATCH becomes an invaluable tool to IT professionals, as it provides eyes and hears on who did what, when and how. RightsWATCH provides advanced fingerprinting capabilities, which allow for a comprehensive tracking of a file's lifecycle. All of this information is readily available at the fingertips of the systems administrator through an intuitive web-based management. In addition, each RightsWATCH classified file can automatically contain a visible watermark, header, footer, disclaimer, which not only serves as a constant reminder to the users that they are dealing with sensitive information, but provides valuable protection if this file is discovered to be outside of accepted boundaries.

With RightsWATCH you are able to:

Protect information in a BYOD world, regardless of where the data resides;

Extend your AD RMS to non-Office data, such as PDF, CAD, Project, etc.

Implement new rules/polices in seconds to be used globally

Ensure that all information is protected…even if the user does nothing!

Easily roll out AD RMS protection with little to no user disruption

Classify, Protect, and Watermark sensitive information … dynamically!