July 12, 2016 – secRMM is a utility for what the computer industry calls “Data Loss Prevention” (DLP). DLP software prevents people from taking data from organizations they work for. Data can be taken by copying it to the Internet or by copying it over a network connection or by using “removable storage devices”. Removable storage devices can be thumb/flash drives, external hard drives, SD-Cards and mobile devices. secRMM addresses the removable storage devices.
Another security computer term somewhat related to DLP is called “Information Rights Management” (IRM). As the words imply, organizations want to protect who can access information belonging to the organization. Microsoft has a technology called “Rights Management Services” (RMS) that implements IRM. Microsoft has cleverly done this within the actual file containing the information (data) itself.
secRMM has a rule related to Microsoft’s RMS called “EnableRMS”. This rule integrates secRMM with RMS. There are 3 features that can be enabled. At a high-level, the 3 features cover: monitoring, authorizing and protection.
The first (monitoring) logs the RMS template that is used to protect the file that is being copied to the removable storage devices (remember that removable storage here also means mobile devices). secRMM needs to have the “RMS Server Connection Credentials” to retrieve this information.
The second (authorizing) is a simple checkbox (either on or off). When this checkbox is on, only files that are RMS protected can be copied to removable storage devices.
The third (protection) will RMS protect a file that is being copied to the removable storage device if it is not already RMS protected. You tell secRMM through the EnableRMS property which RMS template to use. The available templates are listed and you select one of them.
By combining DLP and IRM, you have extra assurance that your organizations data is well protected.
Microsoft RMS is available as an on-premise service and also as an Azure (cloud) service. To get more information on RMS, please see this Microsoft link to get started.
Thanks for reading!