IRM for AIIM Theater
Download
Report
Transcript IRM for AIIM Theater
EMC Documentum Information Rights Management
David Mendel
Sr. Product Marketing Manager
EMC Corporation
June 2008
© Copyright 2008 EMC Corporation. All rights reserved.
1
Securing Content Across the Enterprise
Documentum Security Overview
Confirm System is Secure – Auditing
Leaving the Repository – Information Rights Management (IRM)
Securing the People
Authentication
Inside the Repository
Identity Management
Access Control & Authorization
Securing the Content
Encryption (TCS)
Digital Shredding (TCS)
Retention Management
Ensure System is Secure – Hardening and Validation
© Copyright 2008 EMC Corporation. All rights reserved.
2
Persistent Protection of Content
You secure your content at rest…
You ensure only certain people
can access the content…
This is where
IRM is needed
But once an authorized user opens the content,
they are free to do whatever they want with it!
© Copyright 2008 EMC Corporation. All rights reserved.
3
IRM Is Equivalent To Having a Remote Control…
• IRM is equivalent to having a remote control
over your information
• IRM allows instant response to events and
changing security conditions:
─ Employee changes
─ Changing partner relationships and roles
─ New document versions
─ Loss of laptops and storage media
─ Instant expiration control
© Copyright 2008 EMC Corporation. All rights reserved.
4
Business Drivers for Content Security
Protect intellectual property
–
–
–
–
Trade secrets
Competitive information
IP theft
Secured collaboration
Compliance
– Regulations
– Classified Information
– Audits
Risk mitigation
– Legal exposure
– Data loss
– Privacy breaches
© Copyright 2008 EMC Corporation. All rights reserved.
55
How does IRM work?
Content is always encrypted with the encryption keys & policy rights stored on a
Policy Server.
Policies are dynamic – rights can be changed or revoked at any time regardless of
where the document resides.
Desktop Integration
Workflow Integrations
+
Policy
+
Policy
Content Owner
IRM Policy Server
Content Mgmt, eRoom
© Copyright 2008 EMC Corporation. All rights reserved.
6
New Account Opening Use Case
Incorporating IRM with Content Management
Transaction Data
From LOB systems or eForm
Name
Age
J.Doe
27
Cust.
No
Document Generation
Multi-Channel Delivery
Data values drive business
rules to generate document
from template
Document delivered via
selected channel
Portal
Document
Assembly
Engine
• CRM
• Policy Origination System
• Loan Management System
Email
Wireless
CD-Rom
Review / Edit
Documentum repository
Policy Server
Documentum workflow used
as routing engine
Generated documents managed
and archived and rights policy
automatically assigned
Store rights
management policies
and encryption keys
© Copyright 2008 EMC Corporation. All rights reserved.
7
Features – Rights Enforcement by Policy
A document policy defines:
Who can view
What PDF pages can be viewed
When it can be viewed
If copy or edit is allowed
If printing is allowed
If guest access is allowed
If offline viewing is allowed
Automatic expiration
Dynamic watermarks
© Copyright 2008 EMC Corporation. All rights reserved.
8
Additional Functionality
Use of native business application
– Uses plug-in within native business application, no 3rd party client.
Dynamic policies controls
– Change or revoke privileges at any time, regardless of where document
physically resides
Continuous, granular audit trails
– All policy controlled actions (and attempted actions) tracked, even off-line
mode
Leverage existing authentication infrastructure
– Speeds deployment and minimizes impact to administration
Software Development Kit (SDK)
– Extend IRM functionality to custom applications or new content types
© Copyright 2008 EMC Corporation. All rights reserved.
9
Customer Case Study – VHA Novation Alliance
VHA - Company Background
– Health care alliance formed in 1977
– Nation-wide network of over 2,200 leading community-owned health care
organizations and their physicians
– VHA network includes 27% of the nation's community hospitals
Novation – Company Background
– Established in 1998 through consolidation of supply chain programs of VHA and
University HealthSystem Consortium (UHC)
– Leading contracting services company in health care
– Serves purchasing needs of over 2,500 members and affiliates of VHA and UHC and
over 12,000 Provista customers
– Offers the most extensive range of advanced contracting services, such as contract
development & management, custom contracting and enhanced savings programs
– VHA, UHC and Provista members and used Novation and alliance contracts to
purchase $33.1 billion in supplies and services in 2007.
© Copyright 2008 EMC Corporation. All rights reserved.
10
Business Challenges Driving Need for IRM
Novation publishes marketing and contract information to member-facing,
secure, web sites using Documentum WCM.
Actual signed contracts were confidential and not available on web sites.
Members could request to view a copy of an actual contract. Audience was
usually CEO, CFO, Director, Materials Management or Director, Pharmacy.
Process prior to IRM:
–
–
–
–
–
–
Member makes request to view contract.
Novation sends hard-copy of contract to account executive via overnight delivery.
Account executive “walks in” copy of contract to meeting with member.
Contract is reviewed in presence of account executive.
Account executive leaves taking copy of contract with him.
Copy of contract is shredded by account executive.
THE BOTTOM-LINE:
Keeping contracts confidential was a labor intensive, costly process
© Copyright 2008 EMC Corporation. All rights reserved.
11
What’s the Solution?
needed a more efficient and highly secure way to share contract
information with alliance members.
wanted to leverage existing Documentum WCM to publish contracts to
the web.
wanted the contracts in a “standard” read-only format.
needed security – only authorized users could access contracts.
was concerned that contracts downloaded by authorized users “might
find their way” to unauthorized users, non-members, suppliers or
competitors.
© Copyright 2008 EMC Corporation. All rights reserved.
12
The Solution – Documentum IRM
Contracts scanned into PDF format
Members fill out online form to request access to documents.
Customer service grants/denies access after verification.
Members use same username/password to access website and
documents.
Approved members have 24x7 access to contracts.
© Copyright 2008 EMC Corporation. All rights reserved.
13
Initial Implementation Details
3,000 system-wide users
Policies automated through use of Policy Templates
Integrated with Active Directory for authentication/authorization
Set up user groups
– View only privileges for authorized members
– View only privileges for employees
– Authoring privileges for contract administration
– Printing privileges for legal
© Copyright 2008 EMC Corporation. All rights reserved.
14
IRM Use Expanded after Initial Implementation
Securing confidential, internal documents
– View only access to all employees
– Published to corporate intranet
– User must access document through corporate network or VPN.
Enhanced savings programs rebate documents secured for members
– Uses same template as contract documents
– Published to web site using Documentum WCM
Secured VHA Annual Financial Report
– Access restricted to VHA CEOs and CFOs only.
– New user group and AD group created to control access.
Secured Novation Management Dashboard
– Access restricted to select employees.
– New user group and AD group created to control access.
© Copyright 2008 EMC Corporation. All rights reserved.
15
Key Benefits to using Documentum IRM
Flexible - Ability to have separate rights policies
Dynamic - Policies can be changed “on the fly.”
Ability to use multiple Active Directory forests to control access.
Instant expiration of outdated documents
Instant removal of former employees, members, etc.
Screen-prints, copy & paste are disabled
Auditing - Ability to track usage of documents and run reports
And… SECURE!
SECURE!
© Copyright 2008 EMC Corporation. All rights reserved.
SECURE!
16
?
© Copyright 2008 EMC Corporation. All rights reserved.
17