Enterprise Rights Management as Enabler for Doing Business Today

7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today

1/34

Enterprise Rights Management

Enabler for Doing Business Today

Michael Coleman

Teamcenter Product Manager

May 2010


2/34

Page 2 May-10

Copyright Siemens PLM Software Inc. 2010. All rights reserved.

Siemens PLM Software

Enterprise Knowledge Management


3/34

Page 3 May-10



Enterprise Knowledge Foundation


Objective:

Describe Enterprise Rights

Management and its use in a

global product development

ecosystem

Outline:

What is Enterprise Rights

Management

Drivers and business

requirements of ERM PLM and ERM strategies

Partnership GigaTrust


4/34

Page 4 May-10



Agenda

ERM at a glance

Drivers and business requirements of ERM

PLM and ERM strategy

Partnership - GigaTrust


5/34

Page 5 May-10



We are confronted with changing security

requirements and threat scenarios

Previous: keep the bad guys out

Threat: Denial of service, viruses,

external attacks

Approach: Firewall, IPS/IDS, Anti-Malware

Solution: Protection of infrastructure

Now: assume they are already in

Threat: Theft intellectual property,

internal attacks

Approach: ERM, RBAC

Solution: Administration and protection of

information

Perimeter approach Information protection


6/34

Page 6 May-10



Compliance

Secure usage

Secure transfer

Secure

storage& access

Information

Role Based Access Control

Policy Enforcement

Auditing / Logging

Least Privileges

VPN Encryption

Access Control Lists

Smart Cards

ERM includes all security aspects within the

information lifecycle

Standard methods / technologies:

Enterprise Rights Management:

Integration of many technologies

Protection of information itself


7/34Page 7 May-10



Agenda

ERM at a glance





8/34Page 8 May-10



Drivers for Enterprise Rights Management

The development of new markets like China or India requires an extensive

exchange of critical information with external partners locally. Only an

adequate protection defends from imitation products.

Protection ofknow-how

E-Commerce of digital products is just profitable if the almost free

duplication and distribution of such goods is restricted.

Implementation ofnew business models

The digitalization of business processes are assumed to have a high

benefit. Due to compliance requirements many workflows can only be

digitized if appropriate security measures can guarantee the protection of

the distributed information.

Realization ofcom peti t ive advantages


9/34Page 9 May-10



Digital Models

Most companies are adopting model-based product definition process

Objective is to ensure all pertinent design and manufacturing

information is contained in a three-dimensional digital product model and

related annotations

Information can be easily extracted into engineering deliverablessuch as inspection information, assembly instructions, and NC tool paths

Benefits of the digital product model include

increased design reuse

shorter product development cycles

faster time to market Digital Models (CAD and visualization files) contain valuable IP

In todays extended enterprise, the digital models are shared with

partners and suppliers worldwide, significantly increasing the risk of

misuse of IP


10/34Page 10 May-10Copyright Siemens PLM Software Inc. 2010. All rights reserved.


Business RequirementIntellectual Property Protection

From Our Customers:

Provide protection for Intellectual Property (in the form of JT, CAD,

Simulation or Specification files) in the Supplier / Partner

Collaboration process

Files are frequently transferred by email, download or transfer

media Growing pressure for support in global market (piracy, theft, )

Internal controls need to address - informal sharing and theft

From Siemens PLM:

Support for protection of Customers Intellectual Property in datadelivered to Siemens PLM


11/34Page 11 May-10

Copyright Siemens PLM Software Inc. 2010. All rights reserved.Siemens PLM Software

Agenda

ERM at a glance





12/34Page 12 May-10


PLM Security Model

Control Intellectual Property

Who can access (user, group, team, role)?

What objects to access?

When does the individual gain access?

What action can be performed?

Manage at the system level

Project, Group, Folder

Manage at the object level

Access Control List for object

Support Inheritance

User

Data

Security applies to User, When he/she tries to Access Data.

Y

N

YN

Y

NY

N

Y

N

Y

Entitlement

Validation

- Message Access

- ACL

- Export Control


13/34Page 13 May-10


Current PLM Security / IP Protection

PLM

Web Server

Business Logic

Server

Database

Server

File

Server

RemoteClientsRemote

Clients

Local

Clients

Supplier 1

File

File

File

File

File

File

File

File


14/34Page 14 May-10


PLM Integration with ERM Solution

Leverage a commercial ERM solution

ERM is an enterprise purchase to include protection of e-mail, file

servers, and managed repositories

ERM Enable Applications

Integrate with ERM runtime client application to: Obtain permissions and decrypt the application file

Set permissions and encrypt the application file

ERM Runtime Client will interact with the rights management server

to obtain the appropriate permissions and encryption keys


15/34Page 15 May-10


Rights Management Components

File Encryption/Decryption

Manage Keys

Manage Policies and Rights

Audit Log

ERM Server

ApplicationFile

ERM Client

Application


Obtain Rights

Audit User Actions

Plug-in

File


16/34Page 17 May-10


PLM Integration with ERM Solution

Leverage a commercial ERM solution ERM is an enterprise purchase to include protection of e-mail, file servers, and

managed repositories

ERM Enable Applications

Integrate with ERM runtime client application to:

Obtain permissions and decrypt the application file Set permissions and encrypt the application file

ERM Runtime Client will interact with the rights management server to obtain

the appropriate permissions and encryption keys

PLM integration to ERM Server

Background process to protect the application files encrypt andembed protections/rights All application file types supported by ERM vendor

Policy Management rights for user access Driven by PLM access control and rules


17/34

Page 18 May-10Copyright Siemens PLM Software Inc. 2010. All rights reserved.


File

Rights Management Components


Manage Keys

Manage Policies and Rights

Audit Log

ERM Server

ApplicationFile

ERM Client

Application


Obtain Rights

Audit User Actions

Plug-in

FileTeamcenter

Request File Encryption/Decryption

File

Specify Rights Access Audit Log


18/34



PLM Security / IP Protection

PLM

Web Server

Business LogicServer

Database

Server

File

Server

RemoteClientsRemote

Clients

Local

Clients

Supplier 1

File

File

File

File

File

File

File

File


19/34



PLM Integrated ERM

PLM

Rights Management on Files In Motion

In Use outside PLM

File

Client

Application

FileFMS

File

E-MailFile

File

At Rest


20/34



Policy Management

Policy does not specify the user permissions

Rights Management provides permissions based on User

Credential, IP Identification, and Policy

User actions allowed

State of document - obsolesce / newer version

Watermark / Notification application can display

ClientRights

Management

Rights Management can interact with Teamcenter to get

permissions

Teamcenter


21/34



Enterprise Rights ManagementKey Benefits

Provides persistent and dynamic access control to IP information

Precise control over file level data access rights such as file open,

copy, save, print, online and offline access

Action controls extensible to application features

Instantly updates access rights to shared files as needs change for fileversion control or changes in partner/employee relationships

IP information is secure everywhere, even outside physical firewalls

and secure content management systems

Robust design IP protection improves design and manufacturing

outsourcing processes


22/34

Copyright Siemens AG 2008. All rights reserved.

Siemens PLMERM Strategy


23/34



Siemens PLM Software Phases to Support ERM

Phase 1 ERM Enable Applications

Open, Update, Copy/Paste, Print action controls

Protect files if write/update enabled

Phase 2 Teamcenter Protect Files for Supplier Collaboration

Protect files on export operationsUnprotect files on import operations

Phase 3 Teamcenter Rules driven protection of files

Dynamic rights driven by rules

Support external and internal access

Phase 4 Enhanced Application rights management

Additional applications action controls

Content level access controls

Technological

Foundation

JT can be protected

process

independently

Process support

PLM integration

(Teamcenter)

Sophisticated

processes and

use cases


24/34



Challenges

Types of ControlsAccess Controls actions and content

Types of Controls static or dynamic

Content Level Access Controls

What content types to control access

PMI / GD&T

Properties / attributes

Components of an assembly

Part History

What granularity within a content type

Impact on authoring and tessellation/rendering

Multiple File Packages

CAD Models

Visualization


25/34



Challenges

Federated Environments

Protections of information that is shared with suppliers/partners

Management of user authentication extended enterprise LDAP

Management of dynamic permissions user identification for rules

Scenario

OEM creates a rights protected file and sends the file tosupplier/partner. OEM trusts supplier to access the data, but

doesnt know the user.

Seamless Operation

Performance file encryption/decryption and client/server chattiness

User Impact accessing and protecting information


26/34



Agenda

ERM at a glance





27/34

Copyright Siemens AG 2008. All rights reserved.

GigaTrust Overview

Founded in 2000Security solutions that enhance and extendMicrosoft RMS

Protect data shared anywhere

Continuous protection from unauthorized use and loss

Won one of the largestRMS deployments, Veterans Admin


28/34



The Solution


Microsoft ApproachRights Management Services (RMS) native to Windows desktop

platform and Office applications alreadyon your desktop

GigaTrust Approach

Enhancenative RMS by delivering integratedsolution for the

things native RMS does not supporting: non-Office content andnon-Windows platforms PDF, CAD and BlackBerry devices

Microsoft + GigaTrust combine to bui ld a ful ly

in tegrated solut ion enhanc ing RMS to prov ide contro l

over the con tent and devices you use today and in the

future


29/34



GigaTrust Enhancement of Microsoft RMS

GigaTrust Applications

Office 2000/XP/03/07, web server, non-Office

contentPDF & image files, customizable

viewer, RMS enable file shares, Blackberry

client, PLM/CAD

GigaTrust Identity Management Service

authenticate, provision, activate users across business

partner network and supply chain

Trusted

Authentication

Trusted

Application

Trusted User

Operating SystemMicrosoft Windows 2000/XP/Vista

Microsoft Apps

Office 2003/2007/S-Point

Microsoft AD

Intra-company

GigaTrust

Non-Windows

platform (RIM)


30/34



GigaTrust Product Roadmap

Enabling Siemens PLM applications withMicrosoft Rights Management Services (RMS)

SPLM Application Security RightsPermission

File Type GA - Timing

JT2GO View and Print JT Shipping

Tc VisView (basic, pro,

mock-up)

View and Print JT, Shattered, PLMXML Q2 2010

Tc VisView (basic, pro,mock-up)

Above + Save (Views,Markups)

Above + Session + NX(CGM) open

Q3 2010

Tc VisView (basic, pro,

mock-up)

Above + Watermarks Above Q4 2010

NX See spec from NX team See spec from NX team Customer demand


31/34



Enterprise RMS AdministrationManagement of RMS outside the enterprise

Connectors for Access and Content

Active Directory

LDAP

CA SiteMinder

GigaTrust Enterprise Plus


32/34



GigaTrust Enterprise Plus


33/34



GigaTrust Contact Info

Darryl Worsham

[email protected]

www.gigatrust.com
mailto:[email protected]://www.gigatrust.com/http://www.gigatrust.com/mailto:[email protected]


34/34

Michael Coleman

Product Manager

Teamcenter

[email protected]

Siemens PLM Connection 2010

Nashville, TN

May 24-27

Documents

Enterprise Rights Management as Enabler for Doing Business Today