210 likes | 470 Views
EMC Documentum Information Rights Management. David Mendel Sr. Product Marketing Manager EMC Corporation June 2008. Securing the Content Encryption (TCS) Digital Shredding (TCS) Retention Management. Securing the People Authentication Identity Management Access Control & Authorization.
E N D
EMC Documentum Information Rights Management David Mendel Sr. Product Marketing Manager EMC Corporation June 2008
Securing the Content Encryption (TCS) Digital Shredding (TCS) Retention Management Securing the People Authentication Identity Management Access Control & Authorization Securing Content Across the Enterprise Documentum Security Overview Confirm System is Secure – Auditing Leaving the Repository – Information Rights Management (IRM) Inside the Repository Ensure System is Secure – Hardening and Validation
Persistent Protection of Content You secure your content at rest… You ensure only certain people can access the content… This is where IRM is needed But once an authorized user opens the content, they are free to do whatever they want with it!
IRM Is Equivalent To Having a Remote Control… • IRM is equivalent to having a remote control over your information • IRM allows instant response to events and changing security conditions: • Employee changes • Changing partner relationships and roles • New document versions • Loss of laptops and storage media • Instant expiration control
Business Drivers for Content Security • Protect intellectual property • Trade secrets • Competitive information • IP theft • Secured collaboration • Compliance • Regulations • Classified Information • Audits • Risk mitigation • Legal exposure • Data loss • Privacy breaches 5
Content Owner + Policy + Policy IRM Policy Server How does IRM work? • Content is always encrypted with the encryption keys & policy rights stored on a Policy Server. • Policies are dynamic – rights can be changed or revoked at any time regardless of where the document resides. Desktop Integration Workflow Integrations Content Mgmt, eRoom
Document Generation Data values drive business rules to generate document from template Multi-Channel Delivery Document delivered via selected channel Transaction Data From LOB systems or eForm Portal Document Assembly Engine • CRM • Policy Origination System • Loan Management System Email Wireless CD-Rom Documentum repository Generated documents managed and archived and rights policy automatically assigned Policy Server Store rights management policies and encryption keys Review / Edit Documentum workflow used as routing engine New Account Opening Use CaseIncorporating IRM with Content Management
Features – Rights Enforcement by Policy A document policy defines: • Who can view • What PDF pages can be viewed • When it can be viewed • If copy or edit is allowed • If printing is allowed • If guest access is allowed • If offline viewing is allowed • Automatic expiration • Dynamic watermarks
Additional Functionality • Use of native business application • Uses plug-in within native business application, no 3rd party client. • Dynamic policies controls • Change or revoke privileges at any time, regardless of where document physically resides • Continuous, granular audit trails • All policy controlled actions (and attempted actions) tracked, even off-line mode • Leverage existing authentication infrastructure • Speeds deployment and minimizes impact to administration • Software Development Kit (SDK) • Extend IRM functionality to custom applications or new content types
Customer Case Study – VHA Novation Alliance • VHA - Company Background • Health care alliance formed in 1977 • Nation-wide network of over 2,200 leading community-owned health care organizations and their physicians • VHA network includes 27% of the nation's community hospitals • Novation – Company Background • Established in 1998 through consolidation of supply chain programs of VHA and University HealthSystem Consortium (UHC) • Leading contracting services company in health care • Serves purchasing needs of over 2,500 members and affiliates of VHA and UHC and over 12,000 Provista customers • Offers the most extensive range of advanced contracting services, such as contract development & management, custom contracting and enhanced savings programs • VHA, UHC and Provista members and used Novation and alliance contracts to purchase $33.1 billion in supplies and services in 2007.
Business Challenges Driving Need for IRM • Novation publishes marketing and contract information to member-facing, secure, web sites using Documentum WCM. • Actual signed contracts were confidential and not available on web sites. • Members could request to view a copy of an actual contract. Audience was usually CEO, CFO, Director, Materials Management or Director, Pharmacy. • Process prior to IRM: • Member makes request to view contract. • Novation sends hard-copy of contract to account executive via overnight delivery. • Account executive “walks in” copy of contract to meeting with member. • Contract is reviewed in presence of account executive. • Account executive leaves taking copy of contract with him. • Copy of contract is shredded by account executive. THE BOTTOM-LINE: Keeping contracts confidential was a labor intensive, costly process
What’s the Solution? • needed a more efficient and highly secure way to share contract information with alliance members. • wanted to leverage existing Documentum WCM to publish contracts to the web. • wanted the contracts in a “standard” read-only format. • needed security – only authorized users could access contracts. • was concerned that contracts downloaded by authorized users “might find their way” to unauthorized users, non-members, suppliers or competitors.
Contracts scanned into PDF format Members fill out online form to request access to documents. Customer service grants/denies access after verification. Members use same username/password to access website and documents. Approved members have 24x7 access to contracts. The Solution – Documentum IRM
Initial Implementation Details • 3,000 system-wide users • Policies automated through use of Policy Templates • Integrated with Active Directory for authentication/authorization • Set up user groups • View only privileges for authorized members • View only privileges for employees • Authoring privileges for contract administration • Printing privileges for legal
IRM Use Expanded after Initial Implementation • Securing confidential, internal documents • View only access to all employees • Published to corporate intranet • User must access document through corporate network or VPN. • Enhanced savings programs rebate documents secured for members • Uses same template as contract documents • Published to web site using Documentum WCM • Secured VHA Annual Financial Report • Access restricted to VHA CEOs and CFOs only. • New user group and AD group created to control access. • Secured Novation Management Dashboard • Access restricted to select employees. • New user group and AD group created to control access.
Key Benefits to using Documentum IRM • Flexible - Ability to have separate rights policies • Dynamic - Policies can be changed “on the fly.” • Ability to use multiple Active Directory forests to control access. • Instant expiration of outdated documents • Instant removal of former employees, members, etc. • Screen-prints, copy & paste are disabled • Auditing - Ability to track usage of documents and run reports • And… SECURE! SECURE! SECURE!
? QUESTIONS?