Minds across the globe are frantically exchanging information from one end of the world to another. With them, organizations are also subject to transfer of huge volumes of information that flows via email, internet and mobile devices. Huge content repositories are maintained for intra-enterprise collaboration. But this invariably leaves the data vulnerable to the ever-expanding outside world.

Here arises the need for a technology or tool that helps protect and secure the volumes of information flooding inwards and outwards of an organization’s content repository. The conventional concept of Rights Management involves practices of permissions, access control, authentication, authorizations and encryption. Further to that, Information Rights Management or IRM as it is popularly known includes the concept of the information being shared among stakeholders. As per the standard Wikipedia definition, Information Rights Management is a term that applies to a technology that protects sensitive information from unauthorized access. It is sometimes referred to as E-DRM, or Enterprise Digital Rights Management. IRM includes:

• Encryption of information as per industry standards
• Protection of information from copy-pasting or print screening
• Allowing of easy mapping of business classifications to information
• Controlling access to document

Companies like Oracle and Microsoft have come up with packages for Information Rights Management, which, when deployed in the content repositories, make them secure and control access to their information content.

Oracle Information Rights Management (IRM, formerly SealedMedia and Stellent Information Rights Management) is a new form of information security technology that ensures security and traceability of sensitive digital information wherever it is maintained and used. Information management products from traditional times only manage documents, emails, and web pages while they remain stored within server-side repositories. Oracle Information Rights Management uses encryption to extend the management of information to every copy of an organization's most sensitive information, wherever it is stored and used--on end user desktops, laptops and mobile wireless devices, in other repositories, inside and outside the firewall. Oracle IRM is a fusion middleware service with profound and instant solutions combined throughout the entire Oracle solution stack – particularly with content management, record management, identity and access management. As per a statement that Oracle promotes, “Wherever ‘sealed/encrypted’ information is stored, transmitted or used – unauthorized users cannot access it, all actual or attempted access is centrally audited, and authorized access can be revoked at any time – even after copies made to DVD, USB, etc.”

There are two key factors that differentiate Oracle’s Information Rights Management solution from similar products offered by other vendors:

• Oracle’s model results in users being assigned rights to related sets of information, rather than to individual files. This leads to orders of magnitude with fewer rights “under the hood”. Far fewer rights make it possible to periodically and automatically synchronize rights and review records between the IRM Desktop and IRM server.

• The technology of automated synchronization enables offline or mobile devices completely transparent with encrypted information, while retaining rapid centralized revocation and updating of rights.

Oracle’s Information Rights Management supports three authentication mechanisms:

• Windows authentication
• -Username/Password (for external users)
• -Web-based authentication

Another Information Rights Management tool is integrated with Microsoft’s Office 2003 product suite. It allows document authors to restrict usage of their documents and also readability of their document. It can be applied to Outlook emails, Word documents, Excel spreadsheets, and even Powerpoint presentations. IRM, though, is not available yet for Microsoft Access databases. IRM can be used for preventing the printing or forwarding of mails or documents, and can even make the mails inaccessible for the recipient after the desired expiry date. In this, deployment of IRM is performed across the organization at the server administrator level. The server and client systems need to be installed with the Rights Management update for Windows. Public and private keys for creators and readers are created when the users enroll to use the Rights Management Service or RMS.

Information Rights Management has taken over as a serious contender for data protection. The sophistication is yet to come in.