1. IRM requires that all users with access should have matching encryption keys.This requires a strong and comprehensive identity structure.
2.Each user will need to be provisioned with an access policy and keys.
3.Access can be identity based or role based (RBAC)
4.Identity can be implemented with a single direction location or across federated trust.
5.End users will likely have to install a local IRM agent for key storage or authenticating and retrieval of protected information.
6.Can be challenging with disparate systems and document readers.