EMC Documentum Information Rights Management

EMC Documentum Information Rights Management Mayank Choudhary Principal Product Manager 1

The big question Information Rights Management (IRM) & Digital Rights Management (DRM) What s the difference? IRM (also called ERM) Usage Differences Protects sensitive enterprise information Business Problem Differences Control access to intellectual property or other confidential business information Technical Similarities Policy Server Cryptographic technologies Client applications to define rights DRM Usage Differences DRM protects consumer content, such as audio/video Business Problem Differences Optimal monetization of digital content Technical Similarities Policy Server Cryptographic technologies Client applications to define rights 2

The big question - How secure are we? Facts Over 261 million data records of U.S. residents exposed: http://www.privacyrights.org/index.htm Data breaches in the U.S. rose almost 50 percent in 2008. 12 percent of the reports came from financial-services firms - http://www.privacyrights.org/index.htm 84% of the attacks were from insider - Gartner 9,000 USB sticks have been found at laundromats- Credant Technologies Recent stories - Q1 09 My Space : Disgruntled employee walks away with employee records Comcast : List of 8000 Comcast users available on Scribd; Insider job. US Military: A New Zealand man accesses US military secrets on an MP3 player he bought from an Oklahoma thrift shop for $18 Merrill Lynch: A third-party consulting services firm working on behalf of Merrill Lynch reported, one of their employees was burglarized. The burglars took various computers. 3

Factors Driving Data Security Focus Storing More data Growing More Data Business Disruption Breach Remediation Sharing More Data Cost Brand Erosion Customer Churn More Credential Users Growing Need for Stolen Data More Mobility 4

Calculating the cost of a Security Breach Average cost is $4.8 million per breach - Ponemon Institute survey in 06 5

The Threat Profile Has Shifted + Perimeter-based Security 84% Keeping of the high bad guys cost out security incidents Assume they re are already a result in Denial of Service, network intrusion, external attack Access and availability Focus Authorization and accountability Firewall, IPS/IDS, anti-malware Approach Identity management, data encryption Build and protect perimeters outside of Solution their company. Manage and protect information Necessary but insufficient Threat Information-based Security Privacy breach, intellectual property theft, insider attack of insiders sending confidential material Gartner Addresses root cause 6

EMC Information-Centric Security Vision The hard reality of information security is that you cannot secure what you cannot manage Version Collaborate Manage Query Create Publish Re-archive Capture The Lifecycle of Enterprise Content Archive Secure information throughout its lifecycle Retire 7

Documentum Information Rights Management Control, secure and track sensitive information wherever it resides Controls Fine-grained control over who can do what Secures Cryptographic technologies to secure data Track Audit activity associated with the content RIM Persistent Control Rights are enforced no matter where the data exists 8

Information Rights Management Workflow 1 Author authenticates to IRM Server 4 Protected content is distributed as part of work flow 5 Recipient authenticates to IRM Server 3 Author selects policies & applies protection 6 IRM Server queries domains & generates decryption keys IRM Server queries domains & generates encryption keys 2 7 Content is opened with Policy enforced 9

Off-Line Access Off-Line Capabilities Dynamic policies require a policy server, and that requires a network connection. What if a person wants to work on a document offline? On an airplane, for instance? Documentum IRM allows users to take a document off-line for a period of time. Policies may allow offline usage for a set period of time. The audit logs are fully maintained during off-line usage to ensure a contiguous audit trail. 10

Features Protects Native Business Information Business applications Microsoft Office Microsoft Outlook Lotus Notes Email Adobe Reader & Writer Internet Explorer Blackberry Information Mgmt. Applications Documentum Clients Collaboration Applications eroom 11

Features Rights Enforcement by Policy Policy defines Who can view? User or Group of users What operations? Copy Editing Printing Offline Viewing Automatic expiration Dynamic watermarks When it can be viewed? Where can it be viewed? 12

Features Rights Enforcement by Policy Mandatory and discretionary policy enforcement options Administratively defined global templates or ad-hoc policies Flexibility supports organizational rollout Confidential_Template Top Secret_Template Allows for workgroup and enterprise-wide applications 13

Feature Dynamic Policy Control & Expiration Control Recipient entitlements to be changed on-the-fly when individual roles or business needs change, regardless of where the content resides NEW Example: Jan01 : Price list is shared with the OEM partners April 01 : New Price list comes out Access to old price list is revoked irrespective of its location (Network, File Share, USB etc) Access to users is revoked if they leave the company 14

Feature: Audit & Versioning Control Complete Audit trial Who did what & when Offline & Online Audit Audit events stored in the DB Complete Version control Enforce version control Example: Allow the users to always refer to the latest version of the price list 15

Features Dynamic Watermarking Dynamic Watermarking Display watermarks while printing & viewing Embed LDAP Attributes Customizable watermarks Asian & European font support Visible indication of who printed a copy Visible indication of when was it printed Can be used for compliance and auditing 16

Feature Leverages Existing Infrastructure Leverages exiting Authentication & Authorization Infrastructure No Duplication of User Information Speeds deployment Simplified external authentication Supports Authentication Domains Active Directories LDAP directories RSA Secure ID X509.3 certificates Custom (Oracle DB, DCTM ACL s..) Support SSO 17

Other Features Automate protection Protects outbound e-mail via integration with content scanning engines Monitor folders for protection Bulk protection Robust support for external users Shared secret data bases Automate creation of users not defined in AD/LDAP Strong cryptography Symmetric Cipher (256-bit AES) Encrypted SSL communication (168 bit triple DES key) Keys are separated from content 18

IRM Services for eroom Secure Collaboration - IRM natively integrated with eroom New (IRM) Information Rights Management Dashboards Chat Discussions Notes Links Files Folders Inbox Poll IM Presence Calendar Project plans Databases Real time 19

Key Feature & Benefits Native Integration Supports eroom s AutN model eroom Users & groups Supports eroom s AutZ model Open (eroom s ACL) Edit (eroom s ACL) Print Copy Expires Offline Watermarking Supports SSO Benefits No additional configuration required Bundled with eroom 7.4 20

Key Feature & Benefits Native Integration Supports eroom s AutN model eroom Users & groups Supports eroom s AutZ model Open (eroom s ACL) Edit (eroom s ACL) Print Copy Expires Offline Watermarking Supports SSO Benefits No additional configuration required Bundled with eroom 7.4 21

Key Feature & Benefits Ease of Use Consistent experience Configure IRM Server through server site settings page Configure rights through eroom access control page Usability Improvements Copy protected files/folders Move protected files/folders Delete protected files/folders Drag & Drop protected files/folders Protect multiple files/folders Visual Encoding techniques Display lock icons Benefits Get up and running quickly 22

Key Feature & Benefits - Flexible Protection Support c mon Business App s Microsoft Word Adobe Acrobat IRM Enable Site Communities Rooms Folders Files Supports Hierarchical Protection Benefits Automate protection by defining room policies 23

Feature Rights Enforcement by Policy eroom Policy defines Who can view? User or Group of users What operations? Open - eroom Editing - eroom Printing -IRM Offline Viewing -IRM Automatic expiration - IRM Dynamic watermarks IRM Benefits Easy for eroom users to comply with corporate security policies. 24

Other features Complete Version control Each Version of the document is automatically protected eroom widgets DB tables Attachment box Template Data Bases Import protected rooms/facilities 25

IRM Services for Documentum Native Integration Support DCTM AuthZ & AuthN model Extend DCTM ACL s SSO Leverage Webtop/TaskSpace Enabled by default Supports external users Flexible Protection At time of ingestion As part of work flow Manual protection Version Control Rendition control Auditing Authentication Rights Management Auditing Digital shredding Single sign-on Encryption Electronic signatures 26

IRM-CenterStage Integration Business Applications End to End Security CenterStage/Webtop/ TaskSpace Email Documentum Configure security policies Protect at ingestion, work flow etc Version & Expiration control Granular auditing IRM Server Vault Encryption keys Provisioning of keys SSO & Authentication Secure Administration Wireless CD-Rom 27

28

IRM SDK IRM-enable content rendering applications AutoCAD OpenOffice Consistent user experience and feature set UI dialogs Key & policy mgmt, encryption, authentication, authorization, C/C++ API Decryption API Development platform: IRM SDK Server Management API Server Extensions API Content Decryption API Application Enablement API 29

Customer Success Manufacturing Sharing of new product specifications, planning, R&D, and pricing documents Government Share information on a need-to-know basis within federal and state agencies Healthcare HIPPA Compliance Control of PHI dissemination Others Legal : M&A, Attorney collaboration Fin Services : Internal and partner communications Controlled publication of Intellectual Property Secure distribution of content Internal Use Only-Not to be distributed 30

Federal IRM Standalone Company US Congressional committee US House of Representatives & the U.S Senate Challenges Securing the work flow of classified documents Currently, keep documents locked and use a manual system to log, track and track sensitive content IRM Leverage PDF and email plug-ins Page level policy Continuous audit trail & dynamic policy control Easy deployment and use 31

Law firm : IRM Services for eroom Company Large legal services provider Challenges Secure collaboration Inadvertent circulation of M&A content Preventing Information Leaks IRM IRM enable legal eroom with IRM Services for eroom Automatic protection of content as it comes into a eroom with pre defined rights Audit who does what with the content http://powerlink.emc.com 32

Entertainment : IRM Services for DCTM Company : Largest movie studio in the world Feature file production and distribution company Challenges Protect movie scripts shared with agents, actors, script writers and executives as part of the work flow Risks Control distribution of movie scripts Make sure sensitive content is protected as it moves through a process work flow IRM Services for Documentum (IRM & TaskSpace) Kick off protection when the scripts are ready for distribution Enable working on documents offline, apply studio watermarks, enable PDF protection on Mac & Windows Inline viewing of content (protection within a browser window) Leverage DCTM platform with BPM suite for managing protect content 33

34

Customer Success Story Company Delivers on-demand evidence management platform Challenges Reduce risks posed by distribution of information (ediscovery) Risks Inadvertent production of content Control distribution of sensitive information (For attorneys eye only) Automatic expiration of produced documents (Revoke access) IRM PDF and Office plug-ins After delivery control Expire or change rights to any documents Block copying, printing, editing, screen capture of sensitive legal content Watermarks on sensitive content http://www.casecentral.com/documents/jandocs/irm_whitepaper.pdf 35

Customer Success Story Company #1 ocean shipping company (18% share, $30b revenue) Providing e-bills of lading title documents worth millions, used in international financing transactions Challenges Control access, allow title to print only 1x, expire in 7 days Integrate with Maersk s e-commerce front end IRM Secure PDF generated & protected on the fly Allowed to print once; then APIs shut off print automatically Authentication via certificates for strong identity management IBM Global Services partnership for the complete integration http://www.maerskline.com/link/?page=brochure&path=/user_terms_general/website_info 36

Competitor Comparison eroom 7.4 with IRM Tight integration between eroom-irm Persistent/dynamic policy controls Manual and automatic expiration controls Both Microsoft & Adobe formats covered Customized digital watermarking SharePoint and Rights Management Cannot modify policy or track activity from application Cannot expire documents or revoke access after distribution No practical support for external users Third-party required to support non - MS Office formats Collaboration Suite and Information Rights Management No integration within native business applications Documents are rendered to another format, viewed through browser; Must use separate application to seal and unseal documents Small collaboration market presence 37

Server Extensions API 38

Case Study: Reckitt Benckiser Challenges #1 supplier of household cleaning products, $5b revenue Sharing competitive brand strategy documents with 500 executives, brand managers and account execs in 60 countries Prevent competition from gaining access when employees leave EMC IRM Solution Users access strategy docs via Reckitt portal application All docs protected against external Authentica server Print prevented, older versions automatically expired Forwarding prohibited, accounts eliminated at resignation All use is audited and reported Business case: Keep brand strategy secrets, driven by CEO 39

IRM Product Vision IRM Platform Pervasive IRM Non-invasive IRM Continue to build a platform IRM Standalone IRM 4.5 IRM 4.6 IRM 5.0 IRM as part of Info. Mgmt. applications Build integrations DCTM eroom Doc Sciences CenterStage. Partners (OEM/SI) Channel OEM & SI/ISV Automate IRM protection Integration with DLP technology - RSA Protection of data in Rest Motion End Points 40

DLP-EMC Documentum IRM Integration High Level Use Case Various Stored Content Files Shares, Network Drives, etc. Multi-Channel Delivery Document delivered via selected channel Portal Data Loss Protection Data enter Scan stored content to discover sensitive content in need of protection Email Wireless CD-Rom Documentum repository Discovered documents are placed in the repository where rights are automatically assigned IRM Policy Server Store rights management policies and encryption keys 41

Title 24 Point Arial Regular Blue* 20 Point sentence case Indent 16 point Indent #2-14 point Indent #3-12 point * Note: this ruled area will accommodate a three-line title 42

Layout with Subtitle Subtitle 18 Point Arial Bold Title Caps 20 Point sentence case Indent 16 point Indent #2-14 point Indent #3-12 point 43

Layout with Graphic Area and Text Text on the right Photo area on left with outer rule Note all photos on the S drive: S:\\Creative Dev Photos\Royalty free for EMC USE ONLY are sized to fit in this area 44

PowerPoint RGB Color Palette PMS 294 R 0 G 85 B 150 PMS 312 R 0 G 175 B 219 376 Alternate R 106 G 161 B 33 PMS 123 R 255 G 196 B 37 PMS 153 R 209 G 131 B 22 PMS 1807 R 181 G 18 B 27 265 Alternate R 119 G 107 B 177 45