Protecting Sensitive Data with AD RMS
In a nutshell, when we are talking about information protection, we typically mean the encryption of unstructured data (a file) as it travels from user to user, inside an organization, or through the firewall to recipients outside the organization. AD RMS is a product that Microsoft has built to provide this capability. It’s included as a role in Windows Server. You can find an overview of it on the Windows Server 2008 R2 Website. You can use it to protect (encrypt) files, apply granular permissions to those files, and share them. A key point to keep in mind is that the protection travels with the file, so moving the file doesn’t make it more susceptible to compromise. To illustrate, you cannot open a protected file by simply saving it to a flash-memory drive and attempting to open it with another computer, unless you have been granted permission to do so.