Information rights management (IRM) is critical for any enterprise seeking to protect sensitive information and knowledge assets from unauthorized access. Current IRM technologies offer several levels of security, for example, providing standardized encryption of content, governing usage of content in accordance with corporate policies, and enabling a fair amount of usage tracking within the enterprise network environment. Existing IRMs also monitor and restrict incoming and outgoing communications to and from the enterprise network. This secures distribution of sensitive information within the enterprise network from falling into unauthorized recipients. However, the information shared with authorized users in a primary distribution list, for example, internal employees and trusted business partners may often be misused. For example, the authorized users may frequently edit and distribute the information to recipients who are not part of the primary distribution list, such as, secondary vendors. In other instances, the authorized users may indiscreetly distribute the information without being aware of the level of confidentiality that the information requires. This provides an avenue for inadvertent information leaks and results in potential information thefts. Also, once the information leaves the boundaries of the enterprise network environment due to such information leaks, the IRM loses control over the information flow and usage.
Furthermore, most of the current IRM solutions provide a default set of rights-management specifications for protecting sensitive information from unauthorized persons, and are not adaptive to cater to different user positions and access levels based on an enterprise's hierarchy. Moreover, the current IRM solutions are limited to enforcing default access and usage restrictions, but lack extensibility for incorporating functions that augment information security and consumption, because the IRM features are stored within the information itself, for example, within the document file itself.
Hence, there has been a long felt but unresolved need for a computer implemented method and system for management of information security and access that governs content usage across the enterprise network environment, prevents information misuse outside the enterprise network environment, and provides extensibility for custom functions related to information security and consumption.