Digital Rights Management (DRM) is a technology that protects sensitive information from unauthorized access and use. DRM enables both encryption (rendering your data unreadable by an unauthorized user), and rights management (the ability to decide what actions an authorized user can perform with your data; e.g., print, edit, copy).

DRM is also called IRM (Information Rights Management) and Microsoft’s DRM product is called RMS (Rights Management Services).

DLP (Data Leak Prevention/Protection) is a technology that attempts to prohibit the movement of data via various egress vectors (USB thumb drive or email, for example) through the use of rules that define what kinds of data movement are allowed. DLP typically requires the use of an endpoint agent specific to the vendor whose DLP solution you have deployed. Where the DLP agent is not deployed, the DLP rules will not be effective, but the data is still accessible (unless otherwise encrypted). DLP is considered an endpoint-centric solution meaning that in order to take advantage of this kind of solution, you must be able to control the endpoint (desktop, laptop, mobile device, etc.)

DRM (Digital Rights Management) is a technology that attempts to protect the contents of a file by providing encryption and rights management to determine who can perform what actions on a given piece of data. DRM typically requires a specific endpoint application that can unencrypt and manage the assigned rights of the data. Where the endpoint application is not present, the data is unreadable and unusable.

These two technologies approach solving the same security issue from different angles. They are not, however, mutually exclusive with recent DLP products being able to both recognize and (in some cases) apply DLP protections to data that will move off the protected endpoint.

RMS (Rights Management Services) from Microsoft is the backend encryption and rights management framework for our rms:anywhere™ solution. RMS can be used to provide encryption for any file type, and can also provide granular rights management for Microsoft Office file types: xls(x), doc(x), ppt(x), xps. PDFs are covered as well. As Microsoft adds new file types, our solution can also incorporate those same file types.

RMS-protected content can be used by “RMS-enlightened” applications such as the Microsoft Office suite (version 2013 or later) for standard office files. PDFs can be used with the RMS Sharing Application which includes a PDF reader for protected PDFs.

RMS client-side applications are available for mobile (iPhone), Mac (OS-X), and various flavors of Linux ensuring that your protected content can be consumed on a variety of devices while maintaining a high level of security.

You do. Because rms:anywhere™ leverages your ADRMS or Azure RMS infrastructure, you decide how your private keys are managed. For ADRMS, your Windows Domain support group will typically have access to the keys. In Azure RMS, you can leverage a HSM (Hardware Security Module) to provide RMS keys to Microsoft in a way that even they can’t access them.

Contrast this with some custom rights management providers where they control the encryption keys for your data. In some cases, they keep unencrypted copies of your data and the keys to the encrypted copies.

“Three can keep a secret, if two of them are dead.” — Benjamin Franklin