Back to Blog
12 May 2015

Multi-level Security Solutions: How Layering RightsWATCH and Azure Rights Management Protects Your Intellectual Property

Sharing sensitive information with people that are supposed to have it, while at the same time keeping it from people that aren’t, has been one of the toughest problems facing white-collar workers for as long as anyone can remember.  Since the 1960’s, the concept of a having a multilevel security system (MLS) in place to outline the ‘need to know’ matrix for controlling use of sensitive data has been considered a must-have process. Under an MLS structure, both people and information are classified into different levels of clearance (people) and sensitivity (information).  As a result, data classification schemes such as “Public”, “Internal Use Only”, “Confidential”, “Secret”, and “Top Secret”, along with restricted access to those levels based on clearance, have become the baseline of most world-class information security policies.

According to an MLS-based security policy, before users are allowed to look at classified information they must have the right clearance to enable them to use that sensitive data. As an example, users with a “Confidential” clearance are authorized to see documents classified as “Confidential”, but they can’t see/use “Secret” or “Top Secret” information (just like any outsider wouldn’t be able to do so without clearance).

To make this paradigm accessible to virtually any organization, RightsWATCH delivers the complete data-centric information security spectrum of dynamically identifying sensitive/confidential information, classifying it into the right level (according to policy), marking/tagging that information, and encrypting it with the world-class encryption technology in Microsoft’s Azure Rights Management Services so that only those who have express authority to use that information can do so.  All without user involvement required.  With RightsWATCH and Azure RMS, even if sensitive data is somehow leaked, it is totally un-useable by any unauthorized parties into whose hands it may fall.

RightsWATCH enforces your custom MLS data classification model, providing access to data based on its level of sensitivity matched with a user’s credentials to ensure a “need-to-know” basis for sensitive data.  With this approach, you are assured of protecting data privacy and achieving regulatory compliance.  RightsWATCH delivers the ability to grant or revoke each user’s access with multiple security clearances at a given moment in time or based on a specific role performed.

Since each organization is different in its MLS definition and approach, RightsWATCH enables customized and granular definition of your MLS, classifying data not only into levels of sensitivity but also segmenting access by ‘scope of reference’ such as by department (HR, Finance, R&D, etc.) or by project (M&A, product launch, etc.).  With RightsWATCH, the organization has the ability to define multiple levels of segmentation of classification such as “Scope” and “Level” in establishing a rich, automated classification system.  Users are then granted role-based access to the company, scope, and levels of information appropriate to their functions.

Leveraging data classification and information rights management in a single solution, RightsWATCH keeps sensitive data safe and secure independent of its state: at rest, in motion, or in use. Further, sensitive data is always protected, even if it exists totally outside your ‘secure’ network perimeter.


By OryxAlign