Information Rights Management
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Certified Cloud Security Professional premium course — no separate purchase.
Included in this chapter:
- What IRM is, and why it travels with the file
- How an open works: the online policy check and PKI
- Objectives, access models, and provisioning rights
- Where IRM fits: classification, DLP, and exam traps
Where each data-security control enforces, and what it controls
| Control | Enforcement point | Survives leaving the perimeter? | Granularity | Primary job |
|---|---|---|---|---|
| IRM / DRM | Inside the file, checked at every open against a policy/key server | Yes, travels with the file | Per-user, per-action (view, print, copy, expiry) | Persistent usage control after distribution |
| Classification | Metadata label on the object | Label travels, but enforces nothing by itself | Sensitivity tier (e.g. Confidential) | Decide how data should be handled |
| DLP | Chokepoint: network egress, endpoint, or storage scan | No, stops at the inspection boundary | Policy match on content or destination | Detect and block policy-violating transfers |
| Storage / volume encryption | At rest in the storage layer | No, protection ends when data is read out | All-or-nothing for holders of the key | Make data unreadable on disk or in a bucket |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.