Upload
gilbert-woods
View
220
Download
2
Tags:
Embed Size (px)
Citation preview
1© Copyright 2008 EMC Corporation. All rights reserved.
Information Rights Management
EMC Content Management and Archiving
2© Copyright 2008 EMC Corporation. All rights reserved.
Business Drivers for Content Security
Protect intellectual property– Trade secrets– Competitive information– IP theft– Secured collaboration
Compliance– Regulations– Audits
Risk mitigation– Legal exposure– Data loss– Privacy breaches
“Despite massive investment in security technology and services…
…fewer than one in five companies feel that all their data is adequately protected.”Source: Enterprise Strategy Group March 2006
82% 18%
2
5© Copyright 2008 EMC Corporation. All rights reserved.
The Threat Profile Has Shifted
Necessary but insufficient
Keeping the bad guys outPerimeter-based Security
SolutionBuild and protect perimeters
ApproachFirewall, IPS/IDS, anti-malware
FocusAccess and availability
ThreatDenial of Service, network intrusion, external attack
+
Assume they’re already inInformation-based Security
Manage and protect information
Identity management, data encryption
Authorization and accountability
Privacy breach, intellectual property theft, insider attack
Addresses root cause
84% of high cost security incidents are a result of insiders sending confidential material outside of their company.
— Gartner 2006
6© Copyright 2008 EMC Corporation. All rights reserved.
Solutions Not Addressing the Root Issue
Most information security products don’t actually secure information
They protect networks, laptops, and servers
They do little to protect confidentiality and integrity of information
Authentication
Clients
SAN
WebFiltering
Anti-spyware
LAN
Anti-virus
VPN
Anti-virus
FirewallServers
ThreatDetection
Change/PatchManagement
7© Copyright 2008 EMC Corporation. All rights reserved.
Authentication
Clients
SAN
WebFiltering
Anti-spyware
LAN
Anti-virus
VPN
Anti-virus
FirewallServers
ThreatDetection
Change/PatchManagement
Your Content is in Motion
Information is in constant motion throughout its lifecycle, making it difficult to lock down
Perimeters and resources are constantly being traversed
10© Copyright 2008 EMC Corporation. All rights reserved.
InformationRights
Management
IRM actively controls, secures and tracks sensitive and confidential information wherever it resides.
12© Copyright 2008 EMC Corporation. All rights reserved.
IRM Server Key and Policy Management
Content is always encrypted
The keys are always separated from the content
The local key is destroyed after useWorkflow Integrations
Desktop Integration
IRM PolicyServer
EMC Documentum eRoom
EMC Documentum Repository
File Share Content Owner
+Policy
+Policy
13© Copyright 2008 EMC Corporation. All rights reserved.
Partner
Hacker
Network
IRM PolicyServer
ContentServer
EMC IRM Services for Documentum WorkflowSecure Data Sharing
Corporate VPN
PartnerNetwork
Internet
Author
Review
15© Copyright 2008 EMC Corporation. All rights reserved.
EMC IRM Architecture
Internet Explorer
Adobe
MS Office
MS Outlook and
Lotus Notes
EmailXtender
eRoom
Documentum Admin
Webtop
Java, WDK-based
Web Delivery
Gateway
File Share
API
Information Rights Management SDK
Authentication Infrastructure
ALL Authentication Domains LDAP Win X509 RSA Documentum Custom
EMC Documentum IRM Server
Key Mgmt Authorization Policy MgmtAuthentication Auditing Encryption
16© Copyright 2008 EMC Corporation. All rights reserved.
Features – Protects Native Business Information
Clients for major business applications
– E-mail– Microsoft Office– Adobe– HTML– RIM Blackberry– Lotus Notes
Works within native application
Allows secure sharing of sensitive documents with internal and external users
17© Copyright 2008 EMC Corporation. All rights reserved.
Features – Rights Enforcement by Policy
A document policy defines: Who can view
What pages can be viewed (PDF only)
When it can be viewed
If copy or edit is allowed
If printing is allowed
If guest access is allowed
If offline viewing is allowed
Automatic expiration
Dynamic watermarks
18© Copyright 2008 EMC Corporation. All rights reserved.
Features – Rights Enforcement by Policy
Mandatory and discretionary policy enforcement options
Choose rights enforcement using administratively-defined templates or ad-hoc policies
Flexibility supports organizational rollout
Allows for workgroup and enterprise-wide applications
19© Copyright 2008 EMC Corporation. All rights reserved.
Features – Dynamic Watermarking
Dynamic watermarking can provide visible indication of who printed a copy and when they printed it
Can be used for compliance and auditing
Provide watermarks while viewing and/or when printing
Watermarks are customizable
Watermarks supports Unicode
Watermarks can use LDAP attributes
20© Copyright 2008 EMC Corporation. All rights reserved.
Feature – Dynamic Policy Control
Dynamic policy control allows recipient entitlements to be changed on-the-fly when individual roles or business needs change, regardless of where the content resides.
Example: In April a price list with IRM is downloaded by a sales person The sales person e-mails the price list to a customer On May 17, prices change and new prices are issued At that time, rights on the old price list are revoked, affecting all
copies, regardless of location
NEW
22© Copyright 2008 EMC Corporation. All rights reserved.
Feature – Continuous Audit Trail
All events in IRM are auditable IRM provides granular audit trail of
what recipients did with the documents, page by page
See who did what, when
Delivers on-going assurance of policy compliance
Auditing is continuous, whether online or offline
Leverage XML logging standards for reporting on audit trail
22
25© Copyright 2008 EMC Corporation. All rights reserved.
Ford Motor Company
Requirements Securely share the 10 year “Vehicle Vision” product plan for the Ford brands
and keep away from competitors and the media
Require multiple access levels for brand executives
Must be easy to use for 1,000 insiders around the world, including Chairman Bill Ford Jr.
IRM Solution Document owner protects and distributes through portal
No access outside of current insider list
Username watermark raises the bar on distribution
“We don’t want to see this in the Detroit Free Press…”
Customer Case Study
26© Copyright 2008 EMC Corporation. All rights reserved.
Case Study
ROI: 6 month payback, elimination of paper and delivery costsMarketing update price books monthly instead of quarterly
Challenges– Sharing price lists and competitive materials with 2000 sales agents
and suppliers globally– High cost for logistics to distribute by paper– Competitors placing bounty on our price books
IRM Solution– Access is tracked continuously and audited– Ensures only authorized users can access info.– Username is impressed as a watermark– Marketing can irrevocably delete at any time
27© Copyright 2008 EMC Corporation. All rights reserved.
Off Wall Street
Requirements Protect highly valuable financial information sold as a subscription
Ensure that documents are not forwarded to unauthorized users, especially competitors
Regulate what recipients can do with the information (e.g., print, edit) consistently for all reports regardless of who distributes them
IRM Solution “The product has been trouble-free from the start. We've never had a problem
with the software, ever.“— Mark Roberts, CEO
Increases revenue: users cannot access reports without paying for it
Provides policy-based usage controls and audit trail for information access
Customer Case Study
28© Copyright 2008 EMC Corporation. All rights reserved.
Industry Use Examples for IRM
Manufacturing – Sharing of new product specifications,
planning, R&D, and pricing documents
Government – Share information on a need-to-know basis
within intelligence community
Healthcare– Communications with business associates– Control of PHI dissemination
Financial and Legal Services– On-line mergers and acquisitions– Protect customer data– High value research circulation control– Secure distribution of bills of lading
28