Enterprise Digital Rights Management (Persistent Security)
description
Transcript of Enterprise Digital Rights Management (Persistent Security)
The Core Question
HOW ARE YOUR ORGANISATION’S MOST
VALUABLE ASSETS PROTECTED?
SC Magazine found that more than 90% of an organisation’s intellectual capital – its inventions or know-how - can be found in a digital format.
Security Fact Number 1
ERM stands for Enterprise Rights Management. Its also known as IRM, Information Rights Management and DRM, Digital Rights Management.
The commonly adopted name is Enterprise Digital Rights Management, eDRM.
Introducing ERM
ERM is the persistent control of access to and usage of electronic information regardless of where it exists. Be it inside or outside your organisation’s firewall.
Defining ERM
In the US the Gartner Group estimates the loss of business information via email is valued at more than $24 billion per year.
Source: Gartner Group 2008
Security Fact Number 2
The Enterprise strategy Group defined ERM as the Superior Approach to Information Protection and Control
Source: Enterprise Strategy Group March 2008
Why ERM?
Protecting Unstructured Data
According to the survey conducted by the Ponemon Institute targeting 945 adults in the United States who were laid-off, fired or changed jobs in the last 12 months, 59% of employees stole company data when they left their job.
Source: The Ponemon Institute 2009
Security Fact Number 3
Enterprise Rights Management provides superior information protection and control for data at rest, data in motion and data in use at all times.
How Does ERM Protect Data?
In July 2009 HSBC was fined £3.3m for personal data loss.
“HSBC failed their customers by being careless with personal details which could have ended up in the hands of criminals”
- Margaret Cole, Financial Services Authority
Data Security Breach #1
The threat profile has shiftedPerimeter-based Security
Keeping the Bad Guys Out
Necessary but insufficient
Threat Denial of Service, network intrusion, external attack
Focus Access and availability
Approach Firewall, IPS/IDS, anti-malware
Solution Build and protect perimeters
Information-based SecurityAssume They’re Already In
Addresses root cause
Privacy breach, intellectual property theft, compromise of HR files, insider attack
Authorization and accountability
Identity management, data encryption
Manage and protect information
59% of employees surveyed said that they removed confidential information when they were let go by their employers!
– Gartner Feb 2009
• After a serious document breach
• After a document breach in the same industry
• A government regulation goes into effect
• Client or supplier implements DRM
• Senior Management implements a proactive document security strategy
What initiates a DRM Project?
Eli Lilly PharmaceuticalsIn January 2008 one of Eli Lilly’s outside lawyers at Philadelphia-based Pepper Hamilton had mistakenly emailed highly confidential information on the talks to New York Times reporter Alex Berenson instead of Bradford Berenson, her co-counsel at another law firm Sidley Austin.
The content of the email was regarding a $1b secret settlement on the Zyprexa drug investigation.
Data Security Breach #2
Who Leads a DRM Project?
• CEO
• Compliance Officer
• CIO/CSO
• IT managers
• Business managers
Executive level sponsorship is required in order to overcome the reluctance of users to secure
information
What most DRM Can Provide…
• Persistent protection of documents:Who and where (device, network address)How (edit, save, print, copy … )When (period, how long, how many)Protection of all kinds of documentsSome can revoke rights after delivery
Fasoo Modules
Fasoo Enterprise DRM is comprised of the following 6 modules:
Fasoo Secure Document (FSD)
Fasoo Secure Node (FSN)
Fasoo Secure Exchange (FSE)
Fasoo Secure Web (FSW)
Fasoo Secure Print (FSP)
Fasoo Secure File-server (FSF)
Complete Data Protection Cycle
Usage
Access
Granularity of Control
Protection of data at rest
Protection of data in transit
Protection of data in use
Enterprise DRM
Data Loss Prevention
Public Key Infrastructure
Enterprise Content Mgt.
Network Transport Encryption
Full Disk Encryption
Introducing Fasoo.com
Probably The World’s Largest eDRM Solution Provider by number of licensed seats
Introducing Documentti
Specializes in1. Enterprise Digital Rights Management2. Enterprise Content Management3. SaaS – Documentti on Demand
Technology Advantages
Core Technology Fasoo’s DRM Client
technology allows wide range of permission controls by controlling rendering apps
Supported Apps/Formats
Organizations are using a variety of rendering apps, yet other vendors only support limited apps
HighLowHighSecurity
Any application
Limited 2)
Limited 1)Applicability
EMC, Oracle
Plug-In
FasooMicrosoftVendors
Overriding (Hooking)Embedded
1) Applicable only if its source code is available2) Applicable when Plug-in is allowed
Comparison of DRM Client Technologies
Fasoo’s DRM Client technology allows wide range of permission controls by
controlling rendering apps
Applications & File Formats Supported by Fasoo’s E- DRM Suites
psd, ai, bmp, tiff, jpg, gif, png
Adobe Photoshop, Adobe Illustrator, MS Paint, ACD See
Image Files
avi, mpg, mpeg, mp3, wma, wmv, asf, mid, wav
Windows Media PlayerMulti Media Files
dwg, catpart, catproduct, prt, asm, mf1, mf2, sldprt, sldasm
Autocad, Catia, Pro-E, I-deas, Solid Works CAD Documents
doc, xls, ppt, pdf, hwp Microsoft Office, Acrobat, Area Hangul, Notepad, WordPad
Documents
Typical File Formats 3)Native Applications 3)
3) Upon request, others can also be supportable
Organizations are using variety of rendering apps, yet other vendors
only support limited apps.
Technology Advantages
Fasoo E-DRM Suites To meet all the complicated
document security needs throughout the full document lifecycles & workflows.
Easy to integrate with existing systems (Providing SDK for authentication, packaging, policy management).
To support all sorts of documents/files/content being circulated in the everyday enterprise work environment.
Proven security, reliability and scalability 24/7/365 since 2000
Content Management
Solutions
Rendering Applications
MSOffice
Adobe Acrobat
CAD
Others
OthersDocumentum Stellent
DRM solution must support multiple server applications, DMS,
KMS, CMS, etc.
Comparison of Security Domains1) Supported
*****Liquid Machines
*****Microsoft
**Adobe
********Oracle
***EMC
*****************Fasoo
WebAd-hocPCServer App
Other DRM vendors’ solution does not cover all security domain
(e.g., file creation)
Are you doing enough?
Final Question
The investment required to prevent a data breach is dwarfed by the resulting costs
of a breach – Ponemon Institute