1© Copyright 2008 EMC Corporation. All rights reserved.
David MendelSr. Product Marketing ManagerEMC CorporationJune 2008
EMC Documentum Information Rights Management
2© Copyright 2008 EMC Corporation. All rights reserved.
Securing Content Across the Enterprise
Confirm System is Secure – Auditing
Securing the PeopleAuthentication
Identity ManagementAccess Control & Authorization
Securing the ContentEncryption (TCS)
Digital Shredding (TCS)Retention Management
Leaving the Repository – Information Rights Management (IRM)
Ensure System is Secure – Hardening and Validation
Documentum Security Overview
Inside the Repository
3© Copyright 2008 EMC Corporation. All rights reserved.
Persistent Protection of Content
You secure your content at rest…
You ensure only certain people can access the content…
But once an authorized user opens the content, they are free to do whatever they want with it!
This is where IRM is needed
4© Copyright 2008 EMC Corporation. All rights reserved.
IRM Is Equivalent To Having a Remote Control…
• IRM is equivalent to having a remote control over your information
• IRM allows instant response to events and changing security conditions:
─ Employee changes
─ Changing partner relationships and roles
─ New document versions
─ Loss of laptops and storage media
─ Instant expiration control
5© Copyright 2008 EMC Corporation. All rights reserved.
Business Drivers for Content Security
Protect intellectual property– Trade secrets– Competitive information– IP theft– Secured collaboration
Compliance– Regulations– Classified Information– Audits
Risk mitigation– Legal exposure– Data loss– Privacy breaches
5
6© Copyright 2008 EMC Corporation. All rights reserved.
Workflow Integrations
How does IRM work?
Content is always encrypted with the encryption keys & policy rights stored on a Policy Server.
Policies are dynamic – rights can be changed or revoked at any time regardless of where the document resides.
IRM Policy Server
Content Owner+
Policy+
Policy
Desktop Integration
Content Mgmt, eRoom
7© Copyright 2008 EMC Corporation. All rights reserved.
Document Generation
Data values drive business rules to generate document from template
DocumentAssemblyEngine
New Account Opening Use CaseIncorporating IRM with Content Management
• CRM• Policy Origination System• Loan Management System
Transaction Data
From LOB systems or eForm
Documentum repository
Generated documents managed and archived and rights policy automatically assigned
Name J.Doe
Age 27
Cust. No
Review / Edit
Documentum workflow used as routing engine
Multi-Channel Delivery
Document delivered via selected channel
CD-Rom
Wireless
Portal
Policy Server
Store rights management policies and encryption keys
8© Copyright 2008 EMC Corporation. All rights reserved.
Features – Rights Enforcement by Policy
A document policy defines: Who can view
What PDF pages can be viewed
When it can be viewed
If copy or edit is allowed
If printing is allowed
If guest access is allowed
If offline viewing is allowed
Automatic expiration
Dynamic watermarks
9© Copyright 2008 EMC Corporation. All rights reserved.
Additional Functionality
Use of native business application– Uses plug-in within native business application, no 3rd party client.
Dynamic policies controls– Change or revoke privileges at any time, regardless of where document
physically resides
Continuous, granular audit trails– All policy controlled actions (and attempted actions) tracked, even off-line
mode
Leverage existing authentication infrastructure– Speeds deployment and minimizes impact to administration
Software Development Kit (SDK)– Extend IRM functionality to custom applications or new content types
10© Copyright 2008 EMC Corporation. All rights reserved.
Customer Case Study – VHA Novation Alliance
VHA - Company Background– Health care alliance formed in 1977– Nation-wide network of over 2,200 leading community-owned health care
organizations and their physicians– VHA network includes 27% of the nation's community hospitals
Novation – Company Background– Established in 1998 through consolidation of supply chain programs of VHA and
University HealthSystem Consortium (UHC)– Leading contracting services company in health care– Serves purchasing needs of over 2,500 members and affiliates of VHA and UHC and
over 12,000 Provista customers– Offers the most extensive range of advanced contracting services, such as contract
development & management, custom contracting and enhanced savings programs– VHA, UHC and Provista members and used Novation and alliance contracts to
purchase $33.1 billion in supplies and services in 2007.
11© Copyright 2008 EMC Corporation. All rights reserved.
Business Challenges Driving Need for IRM
Novation publishes marketing and contract information to member-facing, secure, web sites using Documentum WCM.
Actual signed contracts were confidential and not available on web sites.
Members could request to view a copy of an actual contract. Audience was usually CEO, CFO, Director, Materials Management or Director, Pharmacy.
Process prior to IRM:– Member makes request to view contract.– Novation sends hard-copy of contract to account executive via overnight delivery.– Account executive “walks in” copy of contract to meeting with member.– Contract is reviewed in presence of account executive.– Account executive leaves taking copy of contract with him.– Copy of contract is shredded by account executive.
THE BOTTOM-LINE:
Keeping contracts confidential was a labor intensive, costly process
12© Copyright 2008 EMC Corporation. All rights reserved.
What’s the Solution?
needed a more efficient and highly secure way to share contract information with alliance members.
wanted to leverage existing Documentum WCM to publish contracts to the web.
wanted the contracts in a “standard” read-only format.
needed security – only authorized users could access contracts.
was concerned that contracts downloaded by authorized users “might find their way” to unauthorized users, non-members, suppliers or competitors.
13© Copyright 2008 EMC Corporation. All rights reserved.
The Solution – Documentum IRM
Contracts scanned into PDF format
Members fill out online form to request access to documents.
Customer service grants/denies access after verification.
Members use same username/password to access website and documents.
Approved members have 24x7 access to contracts.
14© Copyright 2008 EMC Corporation. All rights reserved.
Initial Implementation Details
3,000 system-wide users
Policies automated through use of Policy Templates
Integrated with Active Directory for authentication/authorization
Set up user groups– View only privileges for authorized members– View only privileges for employees– Authoring privileges for contract administration– Printing privileges for legal
15© Copyright 2008 EMC Corporation. All rights reserved.
IRM Use Expanded after Initial Implementation
Securing confidential, internal documents– View only access to all employees– Published to corporate intranet– User must access document through corporate network or VPN.
Enhanced savings programs rebate documents secured for members– Uses same template as contract documents– Published to web site using Documentum WCM
Secured VHA Annual Financial Report– Access restricted to VHA CEOs and CFOs only.– New user group and AD group created to control access.
Secured Novation Management Dashboard– Access restricted to select employees.– New user group and AD group created to control access.
16© Copyright 2008 EMC Corporation. All rights reserved.
Key Benefits to using Documentum IRM
Flexible - Ability to have separate rights policies
Dynamic - Policies can be changed “on the fly.”
Ability to use multiple Active Directory forests to control access.
Instant expiration of outdated documents
Instant removal of former employees, members, etc.
Screen-prints, copy & paste are disabled
Auditing - Ability to track usage of documents and run reports
And… SECURE! SECURE! SECURE!
17© Copyright 2008 EMC Corporation. All rights reserved.
?