Enterprise Rights Management: Protection beyond the perimeter

Similar documents
Seclore FileSecure. Securing Information Wherever it Goes. Extending Information Security Beyond Your Border

White paper: Information Rights Management for IBM FileNet. Page 1

Information Rights Management for Banking Seclore FileSecure Provides Intelligent Document & Data Protection that Extends Beyond Enterprise Borders

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Top. Enterprise Reasons to Select kiteworks by Accellion

Security Overview Enterprise-Class Secure Mobile File Sharing

Alexander De Houwer Technology Advisor Devices Win 10 Vincent Dal Technology Advisor Business Productivity

May 14 th, 2015 INTRODUCING WATCHDOX. And The ABC s Of Secure File Sharing. Jeff Holleran VP Corporate Strategy BlackBerry

Top. Reasons Federal Government Agencies Select kiteworks by Accellion

Top. Reasons Legal Firms Select kiteworks by Accellion

FileCloud Security FAQ

MaaSter Microsoft Ecosystem Management with MaaS360. Chuck Brown Jimmy Tsang

The SparkWeave Private Cloud & Secure Collaboration Suite. Core Features

Kelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan

Enterprise Mobility Services

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

How To Secure Shareware Kiteworks By Accellion

Data Protection McAfee s Endpoint and Network Data Loss Prevention

EMC Syncplicity Overview. Copyright 2015 EMC Corporation. All rights reserved.

Ensuring Document Security Across Any Device with the WatchDox Platform

Enterprise Content Sharing: A Data Security Checklist. Whitepaper Enterprise Content Sharing: A Data Security Checklist

Vs Encryption Suites

Enterprise Mobility Management: A Data Security Checklist. Whitepaper Enterprise Mobility Management: A Checklist for Securing Content

Agenda. Enterprise challenges. Hybrid identity. Mobile device management. Data protection. Offering details

Enterprise Rights Management

Axway SecureTransport Ad-hoc File Transfer Service

The SparkWeave Private Cloud & Secure Collaboration Suite. Core Features

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

RightsWATCH. Data-centric Security.

CA Technologies Data Protection

SECURE FILE SHARING AND COLLABORATION: THE PATH TO INCREASED PRODUCTIVITY AND REDUCED RISK

White paper. Why Encrypt? Securing without compromising communications

Compliance in 5 Steps

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Glyder Mobile Doc s(for commercial business & healthcare) May, 2014

An Enterprise Approach to Mobile File Access and Sharing

8 Critical Requirements for Secure, Mobile File Transfer and Collaboration

Comprehensive Agentless Cloud Backup and Recovery Software for the Enterprise

Information Risk Management. Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

How To Protect Your Data From Harm

edocs Strategy and Roadmap

BYOD File Sharing - Go Private Cloud to Mitigate Data Risks. Whitepaper BYOD File Sharing Go Private Cloud to Mitigate Data Risks

Introducing Databackup.com Cloud Backup. File Locker File Sharing & Collaboration EndGaurd EndPoint Protection & Device Management

Business Case for Voltage Secur Mobile Edition

Fileweave. Large File Transfer. Seamless Microsoft Outlook add-in. Simple drag and drop functionality

FileMaker Security Guide The Key to Securing Your Apps

How To Protect Your Mobile Devices From Security Threats

Comprehensive Agentless Cloud Backup and Recovery Software for the Enterprise

Devising a Server Protection Strategy with Trend Micro

Secure Document Sharing & Online Workspaces for Financial Institutions

Fasoo Data Security Framework

Cloud Computing An Auditor s Perspective

How To Make Files Share Secure (Fss) Work For Corporate Use

Take Control of Identities & Data Loss. Vipul Kumra

Readiness Assessments: Vital to Secure Mobility

Microsoft Enterprise Mobility and Client Futures

Total Enterprise Mobility

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS.! Guyton Thorne! Sr. Manager System Engineering!

A Buyer's Guide to Data Loss Protection Solutions

Access Database Hosting. An introduction to Cloud Hosting Access databases from Your Office Anywhere

Enterprise Mobility Suite (EMS) Sean Lewis Principal Partner Technology Strategist

Using ADOBE LIVECYCLE ES4 Connector for MICROSOFT SHAREPOINT

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

Five Best Practices for Secure Enterprise Content Mobility

Chapter 7: Trends in technology impacting SDLC Learning objective Introduction Technology Trends

owncloud Architecture Overview

Storgrid EFS Access all of your business information securely from any device

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

ILM et Archivage Les solutions IBM

What are Hosted Desktops?

Devising a Server Protection Strategy with Trend Micro

Microsoft Enterprise Mobility Suite

overview Enterprise Security Solutions

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Athena Mobile Device Management from Symantec

The Webcast will begin at 1:00pm EST.

Best Practices for PC Lockdown and Control Policies. By Dwain Kinghorn

Cloud Computing Security: Public vs. Private Cloud Computing

Data loss prevention and endpoint security. Survey findings

ediscovery Features of SharePoint 2013 and Exchange 2013 Paul Branson Solution Architect Microsoft

IT Peace of Mind. Powered by: Secure Backup and Collaboration for Enterprises

Transcription:

Enterprise Rights Management: Protection beyond the perimeter

Introductions Guardian Technologies Limited Barrie Kenyon Rupert Beeby 2

AGENDA Guardian Technologies Security Background What is the problem How does ERM address Adoption of Rights Management What if. Overview of Rights Management 3

GUARDIAN TECHNOLOGIES - FOCUS Young, value-added Provider of products and services in the Information and Asset Securi market Focussed on addressing fundamental areas of risk with innovative and breaking technologies One of the first companies to provide DLP solutions to international market with VerSec Innovative solutions for access controls, information protection and attack intelligence Clients across finance, credit control, public sector Manage Risk Information Risk Infrastructure Risk Access Controls Data Loss Prevention Rights Management Change Controls Asset Management 4

Common Scenarios Information security during collaboration within and outside the enterprise Information security technologies give perimeter protection. Perimeter is no longer effective and cannot protect once information is outside Once information is outside the organisation there is no way to control access to it - E.g.. M&A, bid work, RFPs, etc. Information Leakage during outsourcing Organisations find it difficult to ensure security policies within outsourcing partner operations Results in increased costs associated with physical and process audits and control of the outsourcing partner. In some cases it prevents outsourcing Tracking and auditing the flow of information with the value chain Compliance to digital asset management policies of regulatory frameworks like ISO, SOX, GLBA & PCI means not only internal compliance but also compliance of the value chain of partners, vendors and customers Security for the Cloud Cloud security is still evolving and is a detractor for adoption as information protection is difficult Microsoft cloud offerings use RMS which is all or nothing 5

THE PROBLEM.. 6

Traditional Security Approach: Protect the Perimeter Anti-virus Email SSL Disk Encryption UTM Application Firewall DLP PIM Anti-spyware 7

The Challenge of the Perimeter Definition Email 8

The Solution 9

Borderless Security: Is it Possible? Rights Management protects your information any digital information that resides in files Docume nts Spreadshe ets Presentati ons Text Files PDF Files Drawi ngs wherever it goes Images 10

Make Information the New Perimeter Email 11

Information-Centric Security WHO can use info People & groups within and outside of the organization can be defined as rightful users of the information WHAT can (s)he do with info Easily Define, Attach, WHEN Enforce can (s)he& use Audit info Granular Usage Policies Individual actions like reading, editing, printing, distributing, copy-pasting, screen grabbing etc. can be controlled Information usage can be time based e.g. can only be used by Mr. A till 28th Sept OR only for the 2 days WHERE can (s)he access/use info Information can be linked to locations e.g. only 3rd floor office by private/public IP addresses 12

Usage Policy Attributes Permanence Protection will always persist with the file Remote-Control Change your usage policies for information sitting anywhere in the world Audit Trail All activities on information tracked: Users, activity type, date/time, location 13

Audit Usage of Information WHO accessed the file, WHAT did the user do, WHEN & WHERE, is captured from distributed usage environments & consolidated centrally for simplified reporting 14

Data Expiration Expire your data. After a consultation with a potential customer, do not leave your methods and costs behind expire it! After a third party is no longer required then do not leave your plans behind expire it! If you have sub-contractors working on services such as utilities with updated plans then don t let then access outof-date information expire the old versions Bid processes leave information behind and can get into competitors hands Expire it! 15

Essential Device Support Desktop / Laptop Client, Lite, and Browser ios iphone, ipad, ipad mini Client, Lite, and Browser Android SmartPhone & Tablet Client, Lite, and Browser 16

Enterprise Rights Management Summary Technologies that protect sensitive information from unauthorized access inside and outside the organisation ERM is a technology which allows for information (mostly in the form of documents) to be remote controlled Information and its control can now be separately created, viewed, edited & distributed What is it for? Information security during collaboration Often seen as mutually conflicting goals Security systems perimeter centric rendered useless when information leaves the perimeter Information breaches during outsourcing Security, privacy and compliance expectations while outsourcing Present day solutions archaic and centered around building walls Information audits Present systems help IT systems audits and not information audits Compliance to ISO, HIPAA, PCI, SOX,... 17

ERM Architectures: Different Landscapes Key differentiator is the architectures (and therefore cost)! 1. Some vendors build rights management directly into their applications which is the platform approach Microsoft RMS Adobe 2. Others build upon platform providers to extend capability GigaTrust Foxit 3. Some vendors use a plug-in approach Seclore WatchDox 18

Platform-based ERM The main player is Microsoft with AD RMS and Azure RMS Platform approach can provide tighter integration and easier to deploy if a Microsoft AD user Platform approach builds upon existing infrastructure to include rights management. Scaling can be an issue Platform approach particularly Microsoft will only use their product base to provide authentication Particularly suited if all parties are with your AD environment Extension outside the organisation can be problematic To integrate with other applications requires use of MS SDKs Best suited to organisations with heavy investment in Microsoft products and services 3 Office 365 SalesForce Conventional SaaS Offers Contoso (North America) Azure AD and RMS 1 2 Azure SaaS/PaaS/IaaS Amazon Web Services Conventional Hosters Fabrikam (Europe) 19

Platform Extension Approach Extension approach requires significant investment in the platform if no deployed Purchase of extension product may be overtaken by increase in functionality of platform vendor 20

Plug-in Approach Plug-in approach can support more file types and give users more versatility in setting controls, policies, etc Plug-in solutions can start small and grow as required The time for a new recipient to be able to access is usually significantly less than platform approach (less than one minute) Cost of solution and cost of deployment is less than a platform approach and more configurable 21

Considerations Consider the risk of misappropriation and try to put a value to it In general, costs are proportional to the amount of information that needs to be protected What formats is the critical information maintained such as CATIA, CAD, etc Most vendors support the common document such as Office, PDF. However, check what you need to be protected and then check the vendor coverage Plug-in approach may be more secure than say, Microsoft as smaller vendors are less of a target for hackers Key adoption of ERM in an organisation is the user experience. It has to be easy for the users to protect documents or access protected documents. Most vendors focus on the protection and forget the users. Be aware of the costs try to start small and protect the critical information first. Consider the amount of sharing required by your organisation: If a lot then a platform approach may require more administration and configuration 22

Who are the players? Seclore leading vendor with over 100 types of files protected and versatility of protection Adobe LiveCycle Rights Management ES2 Good for PDFs and Office EMC integrated with Documentum GigaTrust expansion of RMS Liquid Machines (now part of Checkpoint) uncertainty in product direction Microsoft RMS only protects office documents and PDFs complexity is the issue and cost. Oracle withdrawn. 23

The Document Recipient is key! Support for all methods of access Windows desktop client Web Viewer View documents inside web browser Tablet / Phone Free App for ipad and Android Permitted first time users need access quickly and efficiently Policy on information security needs to be promoted to users All though information that is passed on cannot be accessed, people can be tracked and they need to know it. Consider repercussions of sending unauthorised information to third parties 24

View of the Analysts Because ERM allows data to protect itself via encryption, it is theoretically the perfect security technology for a world where the dissolving perimeter is an established fact. But historically, most enterprises don t use ERM on an enterprise-wide basis and do not use to protect documents shared outside company boundaries. High cos application rigidity, and integration shortcomings have limited marke adoption. Forrester expects that ERM s appeal will widen in the futur Integration with data leak prevention technology, content manageme infrastructure, and other risk mitigation solutions will drive adoption growth, particularly as enterprises roll out the latest versions of Microsoft Exchange and SharePoint. Forrester Research Market Overview: Enterprise Rights Management 25

Questions? 26

EXTRA SLIDES 27

MODES OF PROTECTING INFORMATION 28

1. Manual Protection A document on users desktops/laptops can be manually protected by: Using mouse right click option or As soon as the document is created on a user driven prompt or predefined settings 29

2. Folder-Based Protection A document gets protected as soon as the document is placed in a certain location: e.g. Folder/File Server 30

3. Email Protection A document gets protected along with the email content by using FileSecure s email protection functionality 31

4. Extending ECM Protection A document gets protected using prebuilt connectors for ECM systems such as: MS SharePoint IBM FileNet EMC Documentum Omnidocs 32

5. Extending Reach of DLP Systems A document gets protected as soon as it is discovered or tagged by a DLP system Stored data Print/Fa x Untruste d network s USB/CD/DV D DLP Policy Email Monitoring & Prevention Discovery & Protection Webmail Instant Message FTP View only access View + Edit access File Servers SharePoint / Lotus Notes / Exchange Databases Web servers Policy Server Unauthorized All DLP processes monitoring Endpoint, Network and Storage can invoke API to protect file-based content 33

Seclore FileSecure ARCHITECTURE 34

Overview - How Does ERM Work? Recipient opens the document Usage policies are applied by FileSecure while opening the document Protects the document and Assigns Usage Policies to the document User creates a normal document on his machine Document is distributed via 35

FileSecure Architecture Document Protector WEB CONNEC T Document Consumers https:// INTERN ET https:// INTERN ET FileSecure Hot Folder Servers Internal Users Seclore FileSecure FileSecure Web Policy Server Services DMS like Sharepoint JDBC LDAP LDAP External Users DLP like Symantec External Users With Web View Use rs FileSecure WebConnect Engine Datab ase Active Direct ory Components OpenDS LDAP Server Other Custom Applicatio ns Applications 36

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information