Information Rights Management (IRM) is a form of IT security technology used to protect documents containing sensitive information from unauthorized access. Unlike traditional Digital Rights Management (DRM) that applies to mass-produced media like songs and movies, IRM applies to documents, spreadsheets, and presentations created by individuals. IRM protects files from unauthorized copying, viewing, printing, forwarding, deleting, and editing.
However, in order to understand Information Rights Management, its uses and benefits, it’s important to understand Digital Rights Management and how it relates to IRM.
The difference between DRM and IRM
DRM refers to a cohort of access control technologies used to restrict access, editing, or modification of copyrighted digital properties beyond the agreed terms of service. The primary goal of DRM is to protect intellectual property from being copied and distributed without properly compensating the owners of the property.
Most commonly, DRM is applied to mass-produced media including video games, software, audio CDs, HD DVDs, Blue-ray discs and ebooks. DRM can come in the form of encryption, scrambling, digital watermarks, CD keys, etc.
The Digital Millennium Copyright Act, amended to the US copyright law, criminalized the use of techniques intended to circumvent DRM technology. Not surprisingly, DRM remains a controversial technology, with some even calling it anti-competitive. Others criticize DRM for restricting normal use of something purchased by the user.
As mentioned previously, Information Rights Management is the application of DRM to documents created by individuals such as Microsoft Office documents, PDFs, emails, etc. Unlike DRM, which is generally intended to protect copyrighted material, IRM is more often intended to protect the security of highly sensitive information that may be contained in a document.
A hospital may, for example, apply IRM to patient records in order to maintain compliance with HIPAA-HITECH and prevent access to this information in the event that the patient records fall into unauthorized hands. Another example would be when an organization applies IRM to executive communication to protect sensitive information from leaking to the media or to competitors.
Features of Information Rights Management
IRM generally encrypts files in order to enforce access policies. Once encrypted, additional IRM rules can be applied to a document to allow/deny specific activities. In some cases, this means a document can only be viewed and the user cannot copy/paste the content within the document. In other cases, the IRM rule may prevent a user from taking screenshots of the document, printing, or editing it.
Organizations can create and apply custom IRM rules at enterprise level, department level, group level, or user level based on data security, compliance and governance requirements.
One of the oft-cited advantages of IRM is that these protections persist even when files are shared with third parties. A user can be off company network, yet the IRM rules will continue to protect the document. This means IRM sealed documents can remain secure no matter where it’s being accessed.
Limitations of Information Rights Management
One of the complaints about IRM solutions is that they require the user to have specialized IRM software installed on their computer in order open any file with IRM protections applies. For this reason, many enterprises seek to limit IRM protection only to files that require protection based on their content.
Despite the fact that IRM can solve a lot of the security issues that arise when documents are shared, there are still simple workarounds that can negate the benefits of IRM. A simple hand held camera (or a smartphone) can capture an image of a file with IRM protection. Most Apple computers can also negate IRM benefits with a simple click of Command-Shift-4 combo that enables screen capture. Likewise for 3rd party software that provide screen capture capabilities.