Microsoft Rights Management Services (RMS) is a solution that might help Secure Information Sharing become a topic for the masses, at least at the enterprise level. I just recently wrote a report on the product. However, as with any Information Security technology – especially ones that are Cloud-based – there are questions about security details.

For Microsoft Azure RMS specifically, it is worthwhile to look at this post. It describes in detail how RMS protects and consumes documents. The other document worth having a look at is a whitepaper Microsoft published a while ago. That whitepaper goes (among other topics) into detail regarding two important aspects:

  • The various deployment options from fully Cloud to “pretty much on premises”
  • The BYOK (Bring Your Own Key) approach that allows doing a lot of things based on local HSMs (Hardware Security Modules)
These might answer some of the questions you might have concerning security and confidentiality of Microsoft RMS.