Persistent Protection Using E-DRM Technology

Jason Sohn @ Fasoo

06/18/2008

Executive Summary

• Strategic Value Proposition of Enterprise DRM (E-DRM)

– Protect your knowledge assets and client’s confidential information even from insiders and after the delivery

– Fully utilize your IT investments

– Take most out of your partners and clients

– Comply with regulatory compliances

Increased Risk of Losing Confidential Information

• The volume of documents shared explodes due to the successful adoption of document distribution/management systems

• Loss of data from insiders are increasing dramatically

Emergence of high

technology

Documents shared

Info

rmati

on

leak

E-mail, CMS, PDM, ERP etc.

Document leak is just a click away~

Are you protected?

• Existing security solutions are effective to protect from hackers (outsiders) but fail to prevent document leak by authorized users (insiders)

Authorized User

Authorized User

Unauthorized User

File-server Application Systems(CMS, KMS, etc.)

Unauthorized User

Unauthorized UserUnauthorized User

Partner

Hackers

Firewall, IDS, VPN, Date encryption, Authentication, ACL, PKI, …

A Glance at Enterprise DRM

• You can control document usages

E-DRM for Persistent Protection of Documents

• A solution that protects information persistently, even after it has been delivered, and it is strongly required in the market.

• E-DRM enables persistent control of document use

– Who and where (Device, Network address, …)

– How (View, Print, Print watermark, Edit, Copy/Paste, Screen capture, Revoke, …)

– When (Set period, How long, How many, …)

• E-DRM traces the log of document usages

• E-DRM covers all perimeters: PC, File-server, Application Systems, E-mail, FTP, CD/DVD/USB, Web, etc.

• E-DRM is the only systematic solution against document leak by the authorized users (solution for insider threat management).

Data Encryption Is Not Enough

• The encryption key needs to be delivered securely

• After decryption, the content is out of control. It can be used and forwarded freely

Content ContentEncrypted Content

Encryption Decryption

Key Management

Rendering Applications

Architecture Model of Enterprise DRM Technology

• Content use is governed by DRM Client according to the policy of DRM Server

• Key delivery is automated by DRM Server

Content Rendering Applications

DRM Packager

DRM Server

Metadata

Identifier

Metadata

Signature

Secure ContainerEncrypted Content

Policy

License

License

Metadata

Signature

Secure Container

Deployment @ S Group

• Ad-hoc DRM (Securing deliverable file w/o managing

– was deployed for all S Group companies’ E-mail systems since November, 2006

• Server DRM (ERM encryption @ download/upload from Apps)

– was deployed since May, 2002 for more than 50 S Group Companies and expected to complete for all S Group companies before 2008. (S Electronics, SDI, SDS, Life Insurance, Fire & Marine Insurance, Corning, Semiconductor, Electro Mechanics, Heavy Industries, Networks, Foundation, SERI, Card, Total, Fund, etc.)

• PC DRM (Enforce automatic ERM encryption from all PC)

– was deployed since December, 2006 for 3 S Group Companies and expected to complete for all S Group companies before 2009 (S Electronics, Life Insurance, Engineering, etc.)

Benefits @ S Group

• E-DRM systems

– are successfully deployed and running under S Group companies’ environment that has more than “300,000 active users, 1,000,000 total transactions and 100,000 file packaging transactions per day on average. Allowing S to have complete protection of their documents and application systems including MS Office, PDF, various CAD apps, PLM, KMS, CMS, Web Collaboration, etc. against both outsiders & insiders.

• S Group’s security infrastructure

– is now considered as a best practice benchmarking case to raise strategic value of organization by fully utilizing inter-organization communication, knowledge management and comply with regulations.

Strategic Value of E-DRM Technology

Inter-organization Communication

Knowledge Management Regulatory Compliance

Competitive

Advantage

Wrap-up

• Any Questions?

• Inquiry: jsohn@fasoo.com