clou doc overview_eng_20130520
DESCRIPTION
Nowadays, the most important property of corporation is electronic document rather than real estate and machinery. However, the market research firm Gartner published that 90 percent of corporate documents exists on employee PC and the remaining 10 per cent are stored on the server. The Small Business Administration also published that more than 70% criminals of Information Disclosure are current & former employees or partners. To resolve the problem, files are saved encrypted and the hard disk of retired is returned to company. However, some wiped hard drive can prevent the Information Disclosure? File encryption method also hinder the performance of your PC or can protect only the specified version of the program data. So most of application data can’t be protected. The Product enables you to use Personal Document Drives and Team Document Drives saved in the central server as if you would with the Local Drive in your PC. By the corresponding application, the product disables you to save a document in the Local Drive, but enables you to save it in the central server. The Product supports various user interfaces: it can be used not only on Windows Explorer, Java Explorer and Web Browser, but also on Smart phone and Tablet. This means that users in any environment (Windows, Linux, Mac, mobile etc) are enabled to use the Central Document Drive You can view central documents safely in mobile (smart phone, Tablet PC etc) environments. If the mobile device is lost by accident, you can track the document location and delete it remotely. Documents saved in the mobile device cannot be leaked out since they are encrypted.. When you edit an Office document stored in the Central Document Drive, the old version of Office document is automatically kept in the Drive. The old version kept in the Personal or Team Document Drive can be recovered as and when required. Many organizations control USB memory, email, Messenger, printer and etc to prevent unauthorized export of documents saved in PCs. But the hard disk of PC can be the major source of data leak and therefore requires to be strictly controlled. Disklock is the world best module for ‘document-save control’, which is developed based on the file system driver technology of NETID. Unlike others that control documents by name of application, DiskLock uses internal information of the applications for better security. The Product is rapidly growing at the rate of 168% on average each year since 2009. Global leading organizations like Samsung Engineering, LG Electronics, Tokyo Electron Korea, SKT, Lotte, Samsung Card, Seoul City, OCI etc use ClouDoc for centralization of their mission critical documents. “The product preventing data leak for personal use by the central document management just through the policy setup at the center” We recommend ClouDoc for document centralization and anti-data leak.TRANSCRIPT
- 1 -
ClouDoc [The New name of Central ECM]
- 2 -
Contents
1. Overview and staus 2. Application Areas 3. Product Function 4. Customer Case Studies
1. Company Overview 2. Business Area
- 3 -
- 4 -
NETID Co., Ltd.
Yoo, Sang Leol
Software Business | Internet Business
L-9092 Life-Living, Garden5, 66 ChungMin-Ro Songpa-gu, Seoul, Korea
TEL : 02-588-0708 FAX : 02-588-1012
March 6, 2002
Since March, 2002 ~
Plus Disk ClouDoc
Company name
CEO
Bussiness Area
Address
Phone
Foundation data
Engagement in the
Same industry
Product
“ Let s make a conscientious software ”
NetID
We are working on Solution business through con-
struction a wide Variety of partnership based on
our core technologies like security File server,
Online PC backup,… And we had been putting in a
great Deal Of effort to develop oversea Market
since foundation.
- 5 -
NetID
Plus Disk As a package
ClouDoc As a solution
KDISK’s homedrive.co.kr
KT SafeDisk
Hostway PC Backup
LG Dacom Webhard
Korea.com Mdisk
Nate FileTank
SKNetworks UbiHard
LG Electronics Plus Disk for NAS
Core Technology : File System Driver, Disklock, Cloud Technology
- 6 -
ClouDoc Overview and Status
- 7 -
Cloud Storage (Document Centralization Program)
NetID s Cloud Storage Solution ‘
What s the Document centralization? ‘
The current trend where all documents are saved in the central server instead of individual PCs to prevent data leak for personal use
- 8 -
Need for Document Centralization
Corporate electronic documents that are more important than real estate or machinery
90% of corporate documents are saved in PCs, while only10% are saved in the server.
- GATNER, a market research company
More than 70% of data leak is committed by current and former employees and partners
- SMBA
Current & former
employees, Partners
Data Leak Criminals
Corporation
Documents
90%
70%
- 9 -
Corporation Reactions
2. Disk Returned
Delete
1. File Encrypted Save
The Problems
Disk Wiped and Returned
Encryption Performance and
Effectiveness
BUT!
Problem with existing anti data leak measures
- 10 -
Personal purpose of the (document) download
Employee s PC/ Notebook
Save and Download
Employee s PC/ Notebook
Remote Disk(X:)
ClouDoc Server
Management Document Centralization
AS-IS
TO-BE
Why ClouDoc?
‘
‘
Remote Disk >> Save and Downlaod
Local Disk >> Prohibit to Save and download
- 11 -
Background on Development-Problems of traditional ECM products
Skipping complex classification system and registration process!
Easy and quick implementation of interface!
- 12 -
Background on Development -Why ClouDoc?
Prohibited ‘Save’ in personal PCs and
external disks
Read and Write through ClouDoc
Optimized for the current user environment
Easy Security For
business
- 13 -
Saving in Local Disk is disabled even for notebook users,
and as a result corporate information cannot be leaked.
Complete application-based control (including Office documents,
CAD documents, design documents, source code etc) is enabled.
Background on Development - Why ClouDoc?
- 14 -
ClouDoc Application Areas
- 15 -
Application Areas - Security and Protection (Against leakage of corporate information)
Item Diagram Encryption Document Centralization
Diagrams Stored in PC Central document drive
Application Compatibility
Limited to applications Compatible with diagram
Encryption solution
Provides application compatibility without additional development,
basic maintenance costs
Maintenance
Basic maintenance costs + additional application module (or new version) costs
Basic maintenance cost
CASE STUDY: An officer of a company which has the system that encrypts drawings, deleted all drawings under his control when he left the company. This makes one wonder who the rightful owner of the documents saved in PCs is. Why and how can this happen? Let us compare two types of solutions as below:
As shown by the patent wars between Samsung and Apple, the electronic document is quickly growing in importance to the modern corporation, more so than buildings or equipment. Intangible property in the form of office documents, CAD diagrams and program source codes have become the most important property to protect. To protect CAD diagrams, companies have the options of ‘diagram encryption’ or ‘document solutions can be compared as follows.
Document centralization properties and protects the work output of employees. It can also be used as a means of Cooperative work with the sharing of information
- 16 -
The recent leakage by company K of a subscrib er list of 8 million users and company S’- financial services
customer information leakage were perpetrated by a corporate partner and employee, respectively.
Application Areas – Personal Information leakage prevent solution
Information leakage prevent solution
Outside hacking Prevention Insider leakage Prevention
DB Encryption, NAC, Intrusion Detection, Application Modification and Forgoing
Protection, Web Firewall
PC scan, System and DB Access Control, DLP, Secure USB Log analysis (Forensic),
DRM, Document Centralization
Detection of personal data within PC Encryption
Separation PC Scan
ClouDoc Document
Centralization Documents can be used after a request
for approval for data export is made
Data export disabled
Client data and personal data
Comparison of types of data leak by internal staff
- 17 -
The Ministry of Security & Public Administration of Korea has introduced 3 types of Cloud services in its ‘Guideline to the implementation of work environment for administrative authorities’
Application Areas– Cloud Storage (Public administration, Corporation)
About the Compare with 3-way Cloud storage is receiving good reviews in all fields,
for its enabling of smart work,
prevention of information leakages,
I/O re sponse speed,
support for business SW,
low startup costs,
systematic management of materials,
automatized management of the work environment,
and low carbon footprint.
- 18 -
ClouDoc Product Function
User UI / Document drive / PS Backup / Security / Disklock / Cloud storage
- 19 -
User UI – Interfaces for different roles/ functions
In the ClouDoc there are various users including central administrators such as the information protection manager and service manager, folder managers, which correspond to the leaders of each team, and members who are normal employees. Synced with the central human resources DB, ClouDoc provides an efficient cooperative work environ-ment.
- 20 -
User UI - User interface support for mobile environments
Windows Explorer
XP/Vista/2003/
2008/7 Java Explorer
MAC, Linux Web Browser
IE, Firefox, Chrome, Safari
Smart Phone
IPhone, Android
In the Future
IPAD
Android Tablet
Google TV
Option Module
- 21 -
Login screen
Application exclusive for iPhone and Android Phone is provided. You can open a file inside the
Document Drive in the Server so as to save in the Smart phone’s Local Storage. With Android Phone,
you can upload a document after editing. Device interoperation (such as album, photo, video etc) is
also supported.
User UI – Smartphone supported
View Server Document Drive Various setups
supported
Send Link Mail
Folder selection screen
Option Module
- 22 -
User UI - Tablet PC
Application exclusive for iPhone and Android Phone is provided. You can open a file inside the Document Drive in the Server so as to save in the Smart phone’s Local Storage. With Android Phone, you can upload a document after editing. Device interoperation (such as album, photo, video etc) is also supported.
Album/Photo/Video (Device Interoperation)
Device registration
View Server Document Drive
View Server Document Drive
Option Module
- 23 -
Document Drive – Direct Document Input/Output
You can edit various documents including CAD drawings, and playback video data just like you would with C: drive. You can also distribute installation programs.
- 24 -
Document Drive – MS Office Document Version Management
Programs such as Microsoft
Office first generate a new copy
of documents when editing,
then Delete the previous file.
These otherwise deleted files
are stored separately, and the
interface allows for their
restoration by users later on.
Version Management
- 25 -
Document Drive -Team Document Drive based collaboration
This product offers the Team Document Drive function. Depending on the permission granted to the
logged-in user, the level of accessibility to the Team Document Drive varies.
- 26 -
Document Drive - Metadata Search
File name search
Metadata search will provide It’s own document category View…
File name
Size Date File
Extension
Subject Content type keyword
Metadata Search
Because the rudimentary file search function in Windows Explorer can have a negative effect on system performance and response time, a proprietary file name search feature is included. And metadata search is also supported.
Customizable full text searches
Search
Provides searches of all documents in all document drives
File name
Size Date File
Extension
Option Module
- 27 -
Document Drive – Use of Document Links
HappyNY.avi
Forecast.ppt
Y:\ STT Electronics
Strategy
USA
Marketing
Oversea
Using UNC path (Universal Naming Convention)
Files and Folders inside the ClouDoc Team Document Drive
Permission
(○)
File://Y:\marketing\oversea File://Y:\ marketing\oversea\usa\forecast.ppt
[Filename_example:]
Permission
(X)
- 28 -
Document Drive – Document link (Linkmail / Copy Weblink)
2
4 2
1 Copy Document Link 1
Link Sender
Link Receiver
3 Document Copy
(storage thereafter) 2
Document Download
Document Download
Security Linkmail : email
Security Copy weblink : email, Board, messenser …
Linkmail : email
Copy weblink : email, Board, messenser …
Security Linkmail : email
Security Copy weblink : email, Board, messenser …
HappyNY.avi
Forecast.ppt
HappyNY.avi
Forecast.ppt
Approval Procedure
- 29 -
PC Backup – PC document backup support
Important work materials in PCs taken out of the office for repairs must be backed up and the PC
must be wiped. What would happen if your work files stored on your PC or laptop were to suddenly
disappear? The PC backup solution takes care of this problem.
• HDD will be out together with PC when the PC needs repair
•Scheduled backup • Incremental backup
• Backup files online • Confirm integrity of backup files • Finally erase original files
2.Usual backup
1. Prevent data leak from repairing PC
PC Backup Reporting File Management
Secure Backup Server
Repair / Replace
Inspection
Backup and Restore
Option Module
- 30 -
Algorithm
Security – Prevention of document leakage through encryption
Online Banking
Transferring files from PC to a central server uses 128-bit SSL. This is the same as that used by online banking
technology. Works with files on a central server are logged into the database and all files are saved encrypted
using the ARIA(a kind of AES) algorithm automatically.
Central Sever
= using the same technology
Authorization certificate
Log-in
- 31 -
Security - Stable system operation by various security features
All documents are saved encrypted using safe speedy encryption algorithm, ARIA (based on AES).
Files are transmitted using 128 bit SSL from PC to server to prevent tapping. User authentication and read/write/delete/re- name/copy/move of all documents on server are logged. All deleted files are kept for a certain period that employees can’t delete important files on their own.
Access Log
IP Filtering IP Authentication
Encrypted Transfer(SSL) File Access Log Encrypted Saving(ARIA
Account Locking
Password Complexity
Secure Login
ACL setting logging
Two kinds of admins SQL Injection, Cross Site Script, File Integrity,…
Security features on documents
Security for network elements
Security features on the human element
Other Security Features
- 32 -
Cloud storage – Public administration, Corporate
The cloud storage model promoted by Korea’s Ministry of Public Administration and Security
applies not just to government agencies as well as corporations. Disabling PC saves using the
DiskLock model of ClouDoc, the virtual desktop environment can be desktop virtualization or
application virtualization environments, cloud storage allow for the systematic document con-
trol these systems lack..
- 33 -
Cloud storage – Web Office
The document edit function is available, which is compatible with services like Google Docs, Microsoft Office365 and existing Office documents under Cloud environment. Interoperability with Web Office installed at your company is also available.
On PCs with office applications installed, document edits can be performed directly from the
Central ECM’s windows explorer drive. In PCs without the office applications, documents
can be edited using web office.
View/Modify/Create Office Documents from web browser
Option Module
- 34 -
Cloud storage – Virtual desktop compatibility
Individual and department document drives are provided by ClouDoc in virtual desktop environ-ments such as Citrix and Vmware..
Users logged into Citrix XenApp are
permitted to read the local PC disk
but are not permitted to write.
- 35 -
Items DiskLock Y of X company B of A company
Concept Controls applications Controls file extensions Controls applications
File extension change Controlled Not Controlled Not Controlled
Application name change Controlled Not Controlled Not Controlled
Additional options File size, … Nothing Nothing
Disk Types Local/Network/USB/CD*DVD Local Local
Application list Automatically gathered Admin input manually Admin input manually
Policy setting unit Application Category File extensions Application Name
Policies are applied to Company/Team/Personal Company/Team/Personal Company only
System folder input Supported Supported Not Supported
Disklock – Why Disklock?
Disklock is based on file system driver technology of NetID.
We do not use only application name nor filename but we use
internal application information that we control disk IO perfectly.
Option Module
- 36 -
Disklock – Types and Application of Additionally Available Disk
Thanks to the Disklock function, a number of disks as follows are provided to accommodate various
applications. The virtual disk drive provided for the Local Disk on PC is used to encrypt and save
documents and prevent the documents from being moved to other local locations.
Shared information
utilization
Taking over process
The possibility of
document leak
TCO
Restricted to the
registered documents
No standard process
High because they are
under personal control
Cost for each teams
Not a company asset yet
Personal Computer
Team file server
Registered documents
Centralized documents
Occurs according to
the standard process
Low because they are
controlled centrally
Cost for only a central service
Valuable company asset
Centralized content
management server
TO BE AS IS
Document
saving location
Option Module
- 37 -
DiskLock – File Drive
Online/Offline/Export Disk of DiskLock are encrypted file drives and you can read the Export Disk
only after authentication even in offline environments. File copy from file drives to local drives is
limited and files are protected even though you insert the disk into another PC because the files
are encrypted.
Local Drive, USB Drive,…
DiskLock Temp Disks (File Drives)
Lost
Lost Notebook
DiskLock Temp Disks (File Drives)
Without Offline logon
DiskLock 임시디스크
(파일드라이브)
Files are Encrypted DiskLock
Temp Disks (File Drives)
Export &
Insert D i s k
Option Module
- 38 -
Disklock - The need for local disk control
Necessity of control
A senior researcher at Burton Group, a leading IT researching organization, advised that
‘the best way to protect corporate data is to ban saving of such data into the employees’ terminal.
Option Module
- 39 -
Disklock – CAD Drawing security and protection
DiskLock is a world-class document save disabler developed by NetID based on file system driver technology. Because the lock is enforced using internal application information instead of the name of the application, the function is perfectly secure.
ClouDoc
Option Module
- 40 -
We may allow or reject copy&move between disk types. We don’t use separate similar explorer but use
windows explorer so that the policies are applied to user environments with minimal changes.
Central Document Drives
Network Drives
CD/DVD Drives
USB Drives
DiskLock Temp Drives
Local Drives
Option Module DiskLock – Limiting Copy/Move from Windows Explorer
- 41 -
Disklock - Carry-out of Document
The Document Export function enables a document to be released from the Central Document Drive when you need to take it outside for presentation or meeting. Document Export only applies to the requested file for release, and the copy of the requested file is saved in Server at the time of approval.
5.반출
온라인
오프라인
ClouDoc
ClouDoc
5. Carry out
Online
Offline
Option Module
- 42 -
Disklock – Offline Temporary Disk
0
When access to the Central Document Drive is disabled for network disconnection, a temporary drive is created so
that you may continue to perform tasks. For a document created in the temporary drive, the upload UI will appear
in the center of the screen automatically when the connection to the Central Document Drive becomes available.
Security Policy
Basic Policy
Sales’s teams policy
Network Disconnection Policy
…
Export Policy
Policy initialization including the ‘network
disconnection’ policy
1
Upload upon ‘online’ status. 4
ClouDoc Server
X:\ Shared
Y:\ Team
Z:\ Personal
Network disconnection automatically implementing the
‘network disconnection’ policy
2 Encrypted save in
Temporary Document Drive
Employee
PC X:\ shared
Y:\ Team
Z:\Personal
T:\Temporary
Employee
PC
3
Sales team’s policy Network Disconnection
Policy
Sales team’s policy Network
Disconnection Policy
Option Module
- 43 -
Document backup in Public cloud storage
Company A-To backup
first save Encryption
De-duplication
Disaster recovery enabled by double-triple replica
A A A A
A
B
B B
B
Amazone S3, Google Storage,
Rackspace / CloudeFiles, SKT Cloud,
OpenStack/Swif, tKT U Cloud
Documents of clients can directly be saved or backed up in Public Cloud Storage. In this way, clients’ documents are safely protected.
Company B-To save
Option Module
- 44 -
External Document Exchange Server
External agencies
The Office Central Server
DMZ ZONE
External Document Exchange Server
Request for approval
for sending out
• Sending Out internal document and requesting for approval • Copying of the sent out documents and history management
Linkmail
Guest ID Upload
Approval Document
Copy
Download
Upload Document
Copy
Since the Central Document Control Server is located inside a company, access thereto from outside is disabled. The External Document Exchange Server is located in the DMZ zone to enable safe exchange of documents with external organizations. .
: Document sent
: Document received
Introductory remarks
1
2
3
4
1
2
Option Module
- 45 -
ClouDoc Customer case Studies
- 46 -
Company‘O’, Launched ClouDoc
[Company ‘O’ that uses Documenterm of EMC]
Company ‘O’ that had been using our traditional ECM product Documenterm for document classification and search, now launched ClouDoc (formerly, Central ECM) in addition, to encourage its employees to save documents in the Central Document Drive.
ClouDoc Server
No DATA
Exported Notebook
Block Media
Local drive(C:)
Remote
Drive(X:)
PowerPoint
Word
Excel
아래한글
……AutoCAD
Corporate PC Environment
ClouDoc Documentum
- 47 -
Traditional ECM
Product Function
Detailed document category management is
provided through a professional document
management capabilities.
Product Features
Open and Saving documents involve security and performance issues because they are using temporary files and hooking techniques in employee PC.
it is impossible to apply Hooking for some applications.
The new version of MS Office, and the corresponding need a separate budget. It can be a significant burden.
It’s inconvenient and slow. / Complex administrative environment.
Customers
Posco, Samsung Electronics, LG Display, … are using.
Compared with traditional ECM products
“We purchased expensive SW
but it’s not useful.” IT manager of ‘N’company
ClouDoc
Product Function
Key features are local drive-based document
management and security features (SSL, ARIA, logs).
Product Features .
Opening and saving documents are similar to the local drive (eg. X: drive) way.
All applications in company can use the drive.
Response to a new version, such as MS Office does not need a separate actions.
After install, Environments are the same as before and document is available in high-performance.
Simple administrative environment makes it easy to manage the documents.
Customers
OCI Company, Samsung Card, Seoul City, … are using.
- 48 -
Items Server Based Computing Local Disk Locking
Concept Employees use virtual machines for document centralization & DLP
Employees use existing PC but file save is not allowed for local disks.
Product Citrix XenDesktop, VmWare, … Central ECM
Document save location
Central Storage Central Storage
User Desktop Provides 20 virtual desktops per one virtual desktop server.
Existing PC as is
User environment changes
User should logon to remote virtual desktop server to begin their work.
Same environment but local disk save will not be allowed for some applications.
Cost •Expensive VDI license •More windows and office licenses for virtual desktops •Cost for many VDI servers •Central Server and Storage
•Reasonable ECM SW license •Central Server and Storage
Apply for •Limited use for sales person, work –at-home, … •Low performance for CAD works
•Very flexible for any kind of works
CPU Use of server CPU Use of PC CPU
RAM Use of server RAM Use of PC RAM
PC Video Card Can’t be used Use of PC Video Card
Compared with SBC(Server Based Computing)
The method of banning the ‘document save’ in PC’s Local Disk offers cost saving and high efficiency compared to the SBC method, yet it offers better security.
- 49 -
Ways of applying a variety of document centralization
We cooperate with virtual desktops of Citrix, VMWare and Microsoft to provide the best document management
environment. Also, we cooperate with PC security solutions to manage enterprise contents.
The local file system of the remote storage connection to the drive in Windows Explorer.
Virtual Machines
DLP Solution
PC VM PC Security
Network Booting
Terminal Server
Rules
Document Centralization(ClouDoc)
Recycled bin
: Personal : Team : Shared
- 50 -
Effect of Implementation of ClouDoc
Document Centralization not only reduces the risk of data leak, but also improves the utilization of shared knowledge and smooth transition. From the overall cost aspect, the central management is more advantageous than management by team. By taking the ownership over the corporate documents, it can add new values to your company.
Shared information utilization
Taking over process
The possibility of
document leak
TCO
Restricted to the
registered documents
No standard process
High because they are
under personal control
Cost for each teams
Not a company asset yet
Personal Computer
Team file server
Registered documents
Centralized documents
Occurs according to
the standard process
Low because they are
controlled centrally
Cost for only a central service
Valuable company asset
Centralized content
management server
TO BE AS IS
Document saving location
- 51 -
Customers in Korea, Japan and China
ClouDoc is used by corporations you may already know. Document Management Features are used by KT, GS Construction, OCI, Tokyo Electron Korea,… etc. PC security features are used in POSCO, Samsung Semiconductor, LG LCD,… etc. We are reliable and corporation friendly.
유넥스 다임즈 청하기계 송원산업
금영
성산테크
2009 2010 2011 2012
OverSea