330 likes | 595 Views
EMC Documentum Information Rights Management. Roger Schmitt Technology Advisor EMC Documentum. Agenda. EMC Now Business Drivers Challenges Information Rights Management Use Cases Questions. EMC Now. EMC Security Capabilities. Assess Risk. Security Professional Svcs. EMC Infoscape,
E N D
EMC Documentum Information Rights Management Roger Schmitt Technology Advisor EMC Documentum
Agenda • EMC Now • Business Drivers • Challenges • Information Rights Management • Use Cases • Questions
EMC Security Capabilities Assess Risk Security Professional Svcs. EMC Infoscape, Discovery Solutions 1 Secure People RSA Identity Assurance and Access Mgmt 2 Secure Infrastructure Common Security Platform Product Security Policy Vulnerability Response Program 3 RSA Data Encryption and Key Mgmt. Secure Data Info Rights Mgmt. 4 Backup Tools Documentum Trusted Content Svcs. Assure Policy Compliance 5 Documentum Content Auth. Svcs, EMC Infoscape, Discovery Solutions SIEM
Information Rights Management EMC Information Rights Management (IRM) help organisations actively control, secure, track, and audit sensitive information wherever it resides— inside the firewall on laptops, outside on home machines, attached to emails leaving an organisation, across departments, with partners and suppliers outside the firewall, etc.
82% 18% Business Drivers for Content Security • Protect intellectual property • Trade secrets • Competitive information • IP theft • Secured collaboration • Compliance • Regulations • Audits • Risk mitigation • Legal exposure • Data loss • Privacy breaches “Despite massive investment in security technology and services… …fewer than one in five companies feel that all their data is adequately protected.” Source: Enterprise Strategy Group March 2006 6
The Digital Universe – IDC Key Findings • EFFECTS US ALL - Records managers, Content Managers, Content Managers, Librarians, Information Managers/Architects, Knowledge Managers, Information and Record Managers, CIO's, Website Designers/Developers, Web Authors, Systems Accountants, Intranet Managers, Archivists, Online Content Managers, Usability Managers, IS/IT Strategy, Leaders, Business Analysts, Technical Writers, IM Project Managers and User Interface Designers • The digital universe in 2007 — at 2.25 x 1024 bits, 281 exabytes or 281 billion gigabytes. • By 2011 the digital Universe will be 10 times the size it was in 2006 • Information created, captured or replicated exceeded available storage for the first time in 2007 • 70-85% created by Individuals – security, privacy, reliability and compliance Enterprise/Government responsibility • Digital Shadow
Rich Clients Web 2.0 Community Empowerment
3 2 1 Business Drivers for Information Protection Compliance Adhere to laws, regulations imposed by the government, regulatory bodies, or internal policies Intellectual Property Protection Protect sensitive data (trade secrets, intellectual property...)from unauthorized access and use Manage Risks Reduce or eliminate legal risks associated with sensitive information (customer data, patient data..)
Implications of Information Loss Credit Card #’s Stolen! March 2007 – Hackers steal millions of customer credit card numbers from TJ Maxx stores. Stolen cards used to purchase millions of dollars of goods. TJ Maxx sued. Trade Secrets Public! August 2007 – The Federal Trade Commission accidentally posts a Finding of Fact document in Whole Foods/Wild Oats anti-trust case on a public server with all text available. Personal Data Lost! October 2007 – The Gap loses laptop 800,000 encrypted job applications. Applications included applicants social security number and birth dates. Managers Charged! June 2003 – Former Boeing managers charged in a plot to steal trade secrets – Occurs during Lockheed Martin competitive bid Case Prejudiced! March 2005 – Morgan Stanley prejudices its own case in court by failing to provide relevant email records on a timely basis. Stock Plummets 3o%! March 2001 – Cerner Corp’s stock plummets 30% in one day after sensitive email from CEO is posted on the internet 10
Regulators Are Getting Involved Consumers Demand Protection and Governments Respond with Regulation
+ Perimeter-based Security Information-based Security Keeping the bad guys out Assume they’re already in Denial of Service, network intrusion, external attack Threat Privacy breach, intellectual property theft, insider attack Access and availability Focus Authorization and accountability Firewall, IPS/IDS, anti-malware Approach Identity management, data encryption Build and protect perimeters Solution Manage and protect information Addresses root cause The Threat Profile Has Shifted 84% of high cost security incidents are a result of insiders sending confidential material outside of their company. • Gartner 2006 Necessary but insufficient
Most information security products don’t actually secure information They protect networks, laptops, and servers They do little to protect confidentiality and integrity of information Anti-virus Threat Detection Change/Patch Management VPN Clients Servers Firewall LAN SAN Authentication Web Filtering Anti-virus Anti-spyware Solutions Not Addressing the Root Issue
Anti-virus Threat Detection Change/Patch Management VPN Clients Servers Firewall LAN SAN Authentication Web Filtering Anti-virus Anti-spyware ? Your Content is in Motion Information is in constant motion throughout its lifecycle, making it difficult to lock down • Perimeters and resources are constantly being traversed
Information-Centric Security Protects Dynamic Content • Treat security as an information management problem • Secure information throughout its lifecycle Version Query Collaborate Manage Create Publish Re-archive Capture Archive Retire THE LIFECYCLE OF ENTERPRISE CONTENT Corporations cannot secure information they do not manage
Transparent • Always there, not an option • Reduce user dependency & errors • Service Oriented • Available to applications via SOA • Consistent for all applications • Place Independent • Repository security • Roving content security Infrastructure Deep Intelligence - Security and Compliance
What is Information Rights Management? • Digital Rights Management first appeared in the late 90’s to protect MP3 Audio & Video data for media sector • Information Rights Management applied this concept in a different market focused on protecting unstructured data e.g. office documents and email • Key features: • Persistent high level encryption providing confidentially and integrity to your business files and data • Security travels WITH but is managed INDEPENDENTLY from content. • Dynamic post-delivery controls for view, print, copy/paste, edit • Revolutionary AUDIT capability
How Rights Management adds value… • Controls and audits information leakage • Enables extended sharing of information both internally and externally • Increases value and reduces risks associated with Intellectual Property • Supports many Compliance initiatives through its audit capability • DELIVERS INFORMATION RISK MANAGEMENT… ACROSS THE WHOLE LIFE CYCLE …FOR MINIMAL COST
IRM Architecture Policy Management Authorisation Auditing KeyManagement Authentication Encryption Internet Explorer EmailXtender Web Delivery Adobe eRoom Gateway MS Outlook & Lotus DCTM Admin File Share MS Office Webtop Java, WDK-based API Information Rights Management SDK DCTM IRM Server AUTHENTICATION INFRASTRUCTURE LDAP DCTM Custom X.509 Win RSA ALL Authentication Domains
Government Life Sciences Banking and Brokerage Insurance Manufacturing Permits and licensing Acquisitions and logistics Case management Clinical trials Patent management Loan origination and processing Credit dispute Securities processing Claims management Billing and payment processing Underwriting Shipping, receiving, returns processing Supply chain management Horizontal Applications IT Service Management, Employee On-Boarding, A/P Invoice Processing, Customer Service Requests, Contract Management, Regulatory Submissions Management Example Applications
IRM Policy Server IRM Server Key and Policy Management • Content is always encrypted • The keys are always separated from the content • The local key is destroyed after use Desktop Integration Workflow Integrations Content Owner File Share + Policy + Policy EMC Documentum Repository EMC Documentum eRoom
Partner Network Hacker EMC Documentum IRM Workflow Secure Data Sharing Partner Network Author Corporate VPN Internet Review IRM Policy Server Content Server
Protects Native Business Information • Clients for major business applications • E-mail • Microsoft Office • Adobe • HTML • RIM Blackberry • Lotus Notes • Works within native application • Allows secure sharing of sensitive documents with internal and external users
Rights Enforcement by Policy A document policy defines: • Who can view • What pages can be viewed (PDF only) • When it can be viewed • If copy or edit is allowed • If printing is allowed • If guest access is allowed • If offline viewing is allowed • Automatic expiration • Dynamic watermarks
Dynamic Watermarking • Dynamic watermarking can provide visible indication of who printed a copy and when they printed it • Can be used for compliance and auditing • Provide watermarks while viewing and/or when printing • Watermarks are customisable • Watermarks supports Unicode • Watermarks can use LDAP attributes
NEW Dynamic Policy Control Dynamic policy control allows recipient entitlements to be changed on-the-fly when individual roles or business needs change, regardless of where the content resides. Example: • In April a price list with IRM is downloaded by a sales person • The sales person e-mails the price list to a customer • On May 17, prices change and new prices are issued • At that time, rights on the old price list are revoked, affecting all copies, regardless of location
Automatic Expiration Control Rights can also be set to automatically expire • Enforce version control and document retention policies • Access can be revoked no matter where files reside • Example: A monthly price list can be set to automatically revoke all rights at the end of the month 29
Leverages an organisations exiting authentication security infrastructure Minimises impact to administration of E-DRM policies Speeds deployment IRM participates in Documentum’s open authentication framework, allowing for integration with LDAP directories Multifactor authentication Single Sign-on Biometrics X509.3 certificates Smart cards Leverages Existing Authentication Infrastructure 30
All events in IRM are auditable IRM provides granular audit trail of what recipients did with the documents, page by page See who did what, when Delivers on-going assurance of policy compliance Auditing is continuous, whether online or offline Leverage XML logging standards for reporting on audit trail Continuous Audit Trail 31
Information Rights Management EMC Information Rights Management (IRM) help organisations actively control, secure, track, and audit sensitive information wherever it resides— inside the firewall on laptops, outside on home machines, attached to emails leaving an organisation, across departments, with partners and suppliers outside the firewall, etc.