Maxim_Kazmin - Fotolia
There are several ways to secure Exchange 2013, including how role groups, DLP policies and anti-spam/anti-malware protection can all fit together to protect sensitive data. Now we'll look at how enterprise rights management can play into protecting enterprise email.
Adding enterprise rights management
Organizations often focus on prevention -- securing sensitive information by preventing it from leaving the business. Unfortunately, if there is a breach and information leaks out of the organization, that data is exposed and unprotected.
Rights management extends security to the data -- such as email, files and folders -- using encryption, end-user identification and end-user policies to secure information regardless of its actual location. Even if data leaks from the organization through email or the cloud, enterprise rights management can ensure that unauthorized or unidentified users cannot access it. And even when users are authorized, you can exert control and restrict how the information is accessed.
The bits and pieces of enterprise rights management have been available for many years. For example, it's a simple matter to encrypt a file or to save a document as read-only. But rights management codifies these processes into policy templates that also extend to email. For example, rights management can prevent an email from being replied to or forwarded to another end user, restricting the ways a sensitive message is propagated. Microsoft provides two variations of rights management -- an individual rights management system based on Active Directory and a cloud-based subscription service using Microsoft Azure.
Enterprise rights management can be complex to install because it requires a cloud subscription, an Active Directory agent or tenant to support end-user authentication and client devices with all OS versions and applications supporting rights management. Additionally, rights management is not specifically an Exchange Server 2013 technology; it can protect email and attachments created with applications such as Microsoft Office and Office 365.
Even the most copiously protected information might be copied and proliferated with common tools like screen captures, cell phone cameras or even by copying sensitive details by hand. This can happen as simply as an authorized recipient walking away from their computer when sensitive information is open and available to a malicious passer-by. Acceptable use policies often make end users responsible for such inadvertent data leakage.
Stay tuned for part five, which covers the application of security updates.
This is part four in a series about securing Exchange 2013. You can find previous parts in this series by clicking on each individual link.
Part one: Role groups
Part two: DLP implementation
Part three: Spam and malware protection