Customer Solution Case Study
/ / Microsoft Windows Rights Management Services (RMS) at Astelit company
Overview
Country or Region:Ukraine
Industry:Telecommunications
Customer Profile
life:) – GSM operator presented by the Astelit company in Ukraine in January 2005. life:) is the third biggest national mobile services operator of Ukraine, serving 9,4 million subscribers(as of Q1 2008).
Business Situation
Astelit, consistently works with sensitive data such as clients’ financial information, employees’ personal data or company specific business information.
Solution
Microsoft Windows Rights Management Services (RMS) to safeguard digital information from unauthorized use.
Benefits
Safeguard sensitive information
Persistent protection
Flexible and customizable technology / “RMS helps us safeguard digital information from unauthorized use, it is flexible and aligns with our business, operational, security and compliance needs – we made the right choice.”
Alexander Shcherbinkin, System Administration and Users Support Team, Astelit
life:) networkcovers the territory where 92% of Ukrainian population lives. life:) provides roaming opportunities in 207 countries via more than 500 roaming partners. The operator was the first in the market to introduce EDGE technology and today life:) offers large EDGE coverage: 48% of the current network’s sites support EDGE. 449 life:) customer care centres and exclusive sales points operate in 165 cities of the country.In addition to that, life:) subscribers can order life:) services through 34600 non-exclusive shops. For an organization like Astelit, that consistently works with sensitive data such as clients’ financial information, employees’ personal data or company specific business information, rights management is critical.
Situation
It is a proven fact that one of the challenges facing organizations today is controlling access to and the dissemination of proprietary information. “In other words, – Vitalii Karmazinskyi, Engagement Manager at Microsoft Services, explains, – the difficulty is ensuring that only authorized individuals have access to data, that it is not inappropriately shared, and that any requirements around retention and destruction are followed.”
For an organization like Astelit, that consistently works with sensitive data such as clients’ financial information, employees’ personal data or company specific business information, rights management is critical. While there is no single answer to these challenges, a combination of well-defined information policies coupled with a technology to enforce them can help the company better protect its proprietary data.
At the beginning of the project, Astelit already had good Microsoft-based server infrastructure including Windows Server® 2003, Microsoft SQL Server® and Microsoft Active Directory®. “Using mentioned technologies we could manage information storage but couldn’t manage information distribution, – Alexander Shcherbinkin, System Administration and Users Support Team, Astelit, tells. – To improve information security we needed a solution that allowed us to control who can access to what information and apply certain restrictions to documents.”
Protection of e-mail communication was identified as a main key business driver to implement RMS at Astelit. The second key aspect is supporting regulatory requirements to provide compliance with such acts as Gramm Leach Bliley and Sarbanes Oxley which require high level methods of secure data.
Solution
The need for more secure information sharing and organizing more restrictive access to information in documents and e-mails found its solution in Microsoft Windows Rights Management Services (RMS). “Having studied all possible solutions and considered previous third-party experiences, we settled on RMS, – Alexander Shcherbinkin, System Administration and Users Support Team, Astelit, explains. – This system is flexible and can be easily integrated into the existing IT infrastructure.”
Microsoft Windows Rights Management Services (RMS) for Windows Server 2003 is information protection technology that works with RMS-enabled applications (such as any Microsoft Office application) to help safeguard digital information from unauthorized use – online and offline, inside and outside of the firewall. This product is designed for organizations that need to protect sensitive and proprietary information such as financial reports, product specifications, customer data, and confidential e-mail messages.
“Deployment of RMS system took approximately 2 months, – Alexander Shcherbinkin, System Administration and Users Support Team, Astelit, continues. – During this time, a test environment similar to our production environment was created to try out the system in work. After making sure that it’s functioning is stable, it was implemented in the production environment and the Astelit IT team was trained to use the new RMS system.”
The RMS server uses the following Microsoft technology components:
ASP.NET
Internet Information Server 6.0
MSMQ
SOAP over HTTP/HTTPS
SQL Server 2005
Active Directory
SharePoint® Portal
The RMS server is an ASP.NET web service. It uses SOAP (Simple Object Access Protocol) over HTTP or HTTPS. The RMS server component can only run on Internet Information Server (IIS). It is based on a single request / response transaction model, making it stateless for most requests with all processing occurring on the web servers. The web service uses Active Directory for authenticating users, determining email addresses for users, and confirming membership of users in groups. It relies on SQL Server databases for configuration, Active Directory group expansion caching, and logging. MSMQ is used to forward logging entries to the SQL data store.
RMS augments an organization’s security strategy by providing protection of information through persistent usage policies (also known as usage rights and conditions), which remain with the information no matter where it goes. Also it is important that RMS is an infrastructure component that applications can leverage to provide protection services for information, without having to recreate the functionality on a per application basis.
Benefits
“The Astelit company is very conscious about security and privacy of users and customers’ data, both internal and external. The RMS solution underpins Astelit's security policy by managing and controlling corporate mailing and Office suite documents from the access and level of privilege point of view. The deployed solution is a 'quick win' for Astelit IT, as it is effective to use, manage and support and is provided with fault tolerance and redundancy in mind”, – Nikolay Vorobyov, Technical Account Manager at Microsoft Ukraine, notes.
As an infrastructure solution, RMS offers many technical capabilities for protecting information.
Safeguard sensitive information
Applications such as word processors, e-mail clients, and line-of-business applications can be RMS-enabled to help safeguard sensitive information. Information workers can choose from a variety of usage rights to define exactly how the recipient can use the information and for how long. Users can define who can open, modify, print, forward and/or take other actions with the information. Organizations can create custom usage policy templates such as "confidential - read only" that can be applied directly to the information.
Persistent protection
RMS augments existing perimeter-based security solutions, such as firewalls and access control lists (ACLs), for better information protection by locking the usage rights within the document itself, controlling how information is used even after it has been opened by intended recipients.
Flexible and customizable technology
Independent software vendors (ISVs) and developers can RMS-enable any application or enable other servers, such as content management systems or portal servers running on Windows or other platforms, to work with RMS to help safeguard sensitive information. With RMS SP1, the range of possible RMS solutions is extended to include server applications—enabling ISVs to integrate information protection into server-based solutions such as document and records management, e-mail gateways and archival systems, automated workflows, and content inspection.
“RMS technology allowed us to take our documented data management policies, express them in the form of a template, and then apply them to information created by the company’s employees”, – Alexander Shcherbinkin, System Administration and Users Support Team, Astelit, explains.
By using RMS, an end user can assign a series of permissions to an object such as an Outlook e-mail message or a Word document. The permissions can restrict how the object is used and who can use it. These permissions can grant or deny recipients permission to read, save, copy, modify, print, and forward protected objects. Access permissions can also be set to expire after a finite period. As a result of using RMS permissions, the end user sender can help prevent the inappropriate sharing of content long after it has been sent. RMS offers persistent protection, that is online and offline, inside and outside of the organization. RMS protects the information in transit (on the network) as well as storage (Hard disk, USB storage etc).
Alexander Shcherbinkin, System Administration and Users Support Team, Astelit, sums up: “Implementing RMS was a key step for Astelit in moving from basic infrastructure development to develop services demanded by business. RMS helps us safeguard digital information from unauthorized use, it is flexible and aligns with our business, operational, security and compliance needs – we made the right choice.”
Microsoft Server Product Portfolio
For more information about the Microsoft server product portfolio, go to: