Embed Size (px)
DESCRIPTION
In a world of borderless organizations, how can organizations ensure security or confidentiality of information? This session will explore the potential and significance of Information Rights Management (IRM), and explain how IRM can be used effectively to maintain security and integrity in an environment of changing business relationships. Gupta will also show how encryption technologies can be extended to secure information during the lifecycle of create-store-transmit-collaborate-use-archive-backup-delete.
Citation preview
Information Rights Management
Coming of age
Presentation at InterOp 2009, Mumbai
Vishal Gupta
CEO, Seclore
TELEMARKETER
Information exchange in the collaborative world
Information is exchanged between Employees of the organisation
Enterprise
CUSTOMERS
VENDORS
Information is exchanged between employees & vendors & employees & customers
Competitors
What happens if an employee with privileged access leaves to join a competitor ?What happens if information shared with a vendor is lost by the vendor ?
VPN
SSL
UTM
…
Firewalls
Underlying Issues
Share it = It becomes his (also)Ownership and usage cannot be separated
Shared once = Shared foreverImpossible to “recall” information
Out of the enterprise = Free for allTechnology & processes are only applicable within
The Result
Information lands up in public websites !
Create Store Transmit & collaborate Use Archive & Backup Delete
DLP Anti-virus Anti-…
Hard disk encryption
SSL UTM
Application security
IDM DLP Vaults Digital shredders
Desktops
Laptops
Heterogeneous policies … Heterogeneous infrastructure
Mobile devices
Removable media
Content Management
Online workspaces
Remote desktops
Information lifecycle …
Shared folders Removable
media
Instant Messaging
Desktops
Laptops
Mobile devices
Archive
Backup
Document retention
Security
Options for securing unstructured information
Option 1 : Control Distribution
. . .
Security Collaboration
Options for securing unstructured information
Option 2 : Control Usage
. . .
Security Collaboration
• WHO can use the informationPeople & groups within and outside of the
organization can be defined as rightful users of the information
• WHAT can each person doIndividual actions like reading, editing, printing,
distributing, copy-pasting, screen grabbing etc. can be controlled
• WHEN can he use itInformation usage can be time based e.g. can
only be used by Mr. A till 28th Sept OR only for the 2 days
• WHERE can he use it fromInformation can be linked to locations e.g. only 3rd floor office by private/public IP addresses
Rights management technologies allow enterprises to define and implement information usage “policies”. A “policy” defines :
Information Rights Management
Information Rights Management
Policies are
• Persistent : Policies are implemented on information and all itscopies wherever they are transmitted or stored
• Dynamic : Policies can be changed without having access to or redistributing the information
• Monitored : Policy changes can be monitored
User actions are
• Monitored : Individual actions ( authorized AND unauthorized ) like
viewing, editing, printing etc. are monitored and centrally available in a reporting tool
Scenario: Research reports & drawings
Within office network
Till the time of employment
NoNoYesYesSanjiv
Within office network
30th November 2009
NoNoNoYesRahul
DistributePrintEditRead
WHEREWHENWHATWHO
organization
Rahul
Sanjiv
About
Seclore is a high growth information security product company focussed on providing Security without compromising collaboration
Seclore’s flagship product Seclore FileSecure is used by More than 1 million users & some of the largest enterprises
![Publications - Shodhgangashodhganga.inflibnet.ac.in/.../14/14_publications.pdf · Publications [142] 1. Manoj Kumar, Puja Kumari, Vishal Gupta, P.A. Anisha, C.R.K. Reddy and Bhavanath](https://img.pdfslide.us/doc/110x75/5ed238ca26ecc358d13eb40c/publications-publications-142-1-manoj-kumar-puja-kumari-vishal-gupta-pa.jpg)
