Information rights management

Information rights management (IRM) is a subset of digital rights management (DRM), technologies that protect sensitive information from unauthorized access. It is sometimes referred to as E-DRM or Enterprise Digital Rights Management. This can cause confusion, because digital rights management (DRM) technologies are typically associated with business-to-consumer systems designed to protect rich media such as music and video. IRM is a technology which allows for information (mostly in the form of documents) to be ‘remote controlled’.

This means that information and its control can now be separately created, viewed, edited and distributed. A true IRM system is typically used to protect information in a business-to-business model, such as financial data, intellectual property and executive communications. IRM currently applies mainly to documents and emails.

Features

IRM technologies typically have a number of features that allow an owner to control, manage and secure information from unwanted access.

Information encryption

Information rights management solutions use encryption to prevent unauthorized access. A key or password can be used to control access to the encrypted data.

Permissions management

Once a document is encrypted against unauthorized users, an IRM user can apply certain access permissions that permit or deny a user from taking certain actions on a piece of information. Some of these standard permissions are included below.

  • Strong in use protection, such as controlling copy & paste, preventing screenshots, printing, editing.
  • A rights model/policy which allows for easy mapping of business classifications to information.
  • Offline use allowing for users to create/access IRM sealed documents without needing network access for certain periods of time.
  • Full auditing of both access to documents as well as changes to the rights/policy by business users.

It also allows users to change or revoke access permissions without sharing the document again.

Examples

An example of IRM in use would be to secure a sensitive engineering document being distributed in an environment where the document's recipients could not necessarily be trusted.

Alternatively, an e-mail could be secured with IRM. If an email is accidentally forwarded to an untrusted party, only authorized users can gain access. A well designed IRM system will not limit the ability for information to be shared. Rules are enforced only when people attempt to gain access. This is important as often people share sensitive information with users who should legitimately have access but don't. Technology must facilitate control over sensitive information in such a situation.

IRM is far more secure than shared secret passwords. Key management is used to protect the information whilst it is at rest on a hard disk, network drive or other storage device. IRM continues to protect and control access to the document when it is in use. Functionality such as preventing screen shots, disallowing the copying of data from the secure document to an insecure environment and guarding the information from programmatic attack, are key elements of an effective IRM solution.

Naming conventions

Information rights management is also known by the following names:

  • Enterprise Rights Management
  • Enterprise DRM or Enterprise Digital Rights Management
  • Document Rights Management
  • Intelligent Rights Management
gollark: ```pythonimport argparse,subprocess,random,stringparser = argparse.ArgumentParser(description="Compile a WHY program using WHYJIT.")parser.add_argument("input",help="File containing WHY source code")parser.add_argument("-o","--output",help="Filename of the output executable to make",default="./a.why")parser.add_argument("-O","--optimize",help="Optimization level",type=int,default="0")#parser.add_argument("-d","--drawkcab",help=".sdrawkcab elif ecruos YHW eht ssecorP")args = parser.parse_args()def randomword(length): letters = string.ascii_lowercase return ''.join(random.choice(letters) for i in range(length))def which(program): proc = subprocess.run(["which",program],stdout=subprocess.PIPE) if proc.returncode == 0: return proc.stdout.replace(b"\n",b"") else: return Nonedef find_C_compiler(): compilers = ["gcc","clang","tcc","cc"] for compiler in compilers: path = which(compiler) if path != None: return pathdef build_output(code,max): #if args.drawkcab: code = code[::-1] C_code = f"""#define QUITELONG long long intconst QUITELONG max = {max};int main() {{ volatile QUITELONG i = 0; // disable some "optimizations" that RUIN OUR BEAUTIFUL CODE! while (i < max) {{ i++; }} {code}}} """ heredoc = randomword(100) devnull = "2>/dev/null" shell_script = f"""#!/bin/shTMP1=/tmp/ignore-meTMP2=/tmp/ignore-me-tooTMP3=/tmp/dont-look-here cat << {heredoc} > $TMP1{C_code}{heredoc}sed -e '1,/^exit \$?$/d' "$0" > $TMP3chmod +x $TMP3$TMP3 -x c -o $TMP2 $TMP1chmod +x $TMP2$TMP2exit $?""".encode("utf-8") with open(find_C_compiler(),"rb") as f: return shell_script + f.read()with open(args.input,"r") as f: contents = f.read() looplen = max(1000,(2 ** -args.optimize) * 1000000000) code = build_output( contents, looplen ) with open(args.output,"wb") as out: out.write(code)```
gollark: (and so, code gold was invented)
gollark: Maybe if I compress it manually a bit...
gollark: OH COME ON, this code is less than 2000 characters. Stupid DIsqord.
gollark: Clyde says `Your message could not be delivered because you don't share a server with the recipient or you disabled direct messages on your shared server, recipient is only accepting direct messages from friends, or you were blocked by the recipient.`. Stupid Clyde.

See also

References

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.