Transcript EMC Documentum Trusted Content Services

EMC Documentum
Trusted Content Services
© Copyright 2008 EMC Corporation. All rights reserved.
1
EMC Documentum Trusted Content Services
EMC Documentum offers unparalleled protection for the most
security-conscious organizations. Trusted Content Services
extends the already robust security features of the content
server with enhanced access controls and encryption.
Risk Minimization
Information security breaches exposing personal
data, classified documents, credit card information,
and financial documents can cost a company
millions of dollars.
Regulation Compliance
Increased regulation around the capture, storage,
and retention of information has increased the
demands on IT departments to ensure companies
are in compliance.
© Copyright 2008 EMC Corporation. All rights reserved.
2
EMC Documentum Trusted Content Services
Encrypted File Stores
Documentum products encrypt all data traffic. With Documentum Trusted
Content Services (TCS), the content files can be encrypted as well.
Digital Shredding
Trusted Content Services’ digital shredding irrevocably destroys content at
an operating system level by overwriting the data on the storage device.
Logic-Based and Dynamic Access Controls
The additional access controls in TCS give organizations the ability to
define entitlements at a more granular level.
Electronic Signatures
Documentum Trusted Content Services provides the capability to sign
documents electronically.
© Copyright 2008 EMC Corporation. All rights reserved.
3
Data Encryption: Content and Communications
Encrypted File Stores
Documentum products encrypt all data traffic. With Documentum Trusted
Content Services (TCS), the content files can be encrypted as well.
 Encryption of content files
–
–
–
–
Algorithm used = 3DES-CBC, Key length = 192-bit (168-bit effective)
Selective by file store
Full-text search still enabled
Accessed by users and applications as if unencrypted
 Benefits
–
–
–
–
Ensures content security even if OS security is compromised
Protects against “rogue” administrators
Secure backups
Secure storage media disposal
© Copyright 2008 EMC Corporation. All rights reserved.
4
Digital Shredding
Digital Shredding
Trusted Content Services’ digital shredding irrevocably destroys content at
an operating system level by overwriting the data on the storage device.
 Permanently destroys file data as a result of issuing OS delete/unlink
command
 Shreds content on both file systems and content addressed storage
(EMC Centera)
 Supports record management applications
 Number of overwrites is configurable (default is 3X)
© Copyright 2008 EMC Corporation. All rights reserved.
5
Logic-Based and Dynamic Access Control
Logic-Based and Dynamic Access Controls
The additional access controls in TCS give organizations the ability to
define entitlements at a more granular level.
 Dynamic access based on variable parameters such as time, geographic
location, and login connection
 Multi-dimension groupings
– “Top Secret” AND “U.S. Citizens”
– “In U.S.” OR “in Japan”
 Configurable default to highest or lowest access
designation
© Copyright 2008 EMC Corporation. All rights reserved.
6
Logic-Based Access Control Example
M&A Project
Invite all users who are:
Operations Staff
 Executive VPs or Officers
 VPs who are also members of
Operations Staff
 Not in Sales and not in Services
Vice Presidents
Executive VPs
or Officers
Sales OR Services
© Copyright 2008 EMC Corporation. All rights reserved.
7
Electronic Signatures
Electronic Signatures
Documentum Trusted Content Services provides the capability to sign
documents electronically.
 Approval signatures securely linked to document
 Modification attempts invalidate signature
 Display signature information when viewed:
– Full name
– The date and time of the signing
– The justification for the signature
 Define valid signatories for document types
 Compliant with regulatory requirements such as FDA’s 21 CFR Part 11
© Copyright 2008 EMC Corporation. All rights reserved.
8