information rights management (irm): enhancing security of ibm filenet
TRANSCRIPT
Information Rights Management (IRM): Enhancing Security of IBM FileNet
The Problem:
A Typical File Downloading Scenario
IBM FileNetUser
Click for NEXTClick for NEXT
Once the file is downloaded by the user, IBM FileNet has no control on the file.
It can further be: Edited, Copied, Printed, Distributed, Viewed (by others)
Edited
Copied
Printed
ViewedUn-protected File
Distributed
Click for NEXT
A Typical File Sharing Scenario
It can further be:Edited, Copied, Printed, Distributed, Viewed (by others) !!
The Solution:
File Downloading Scenario with Seclore FileSecure
IBM FileNet + Seclore FileSecure
User
Click for NEXTClick for NEXT
When the file is downloaded, Seclore FileSecure protects the file
It can further be: Edited, Copied, Printed, Distributed, Viewed (by others)
Edited
Copied
Printed
ViewedProtected File
Distributed
Click for NEXT
File Downloading Scenario with Seclore FileSecure
The user has only restricted usage rights (e.g. view only, edit + print only, etc)
Feature IBM FileNet IBM FileNet + Seclore FileSecure
Access Control Can provide control while the information is within the system only
Can provide control even after the information is download from the system
Usage Control (View, Edit, Print, etc)
Doesn't provide usage control
Can provide usage control persistently within & outside the system
Policy changes Can reflect changes in policies while the information is within the system
Can reflect changes in policies while the information is outside the system & in real time
Audit trail Can provide audit trails for information before download only
Can track all authorized and unauthorized attempts on information before and after download
Some screen shots
1. Assigning Seclore Policies to FileNet folder“Hot-Folder”
Policy AdminComputer
Policy definition could be centralized (done by central team) or decentralized (done by dept. level teams)
Internal Users
External Users
Policy AdminComputer
Policy is defined as-a. WHO - people / groups within or outside
of the enterprise
Policy AdminComputer
Policy is defined as b. WHAT - (VIEW, EDIT, PRINT,
FORWARD,… )
Policy AdminComputer
WHENdate range,
time span, …
Policy AdminComputer
Policy is defined as-c. WHEN - date range, time span, …
Policy AdminComputer
Policy is defined as- d. WHERE - Specific computers, specific networks, only
from the office, …
2. Downloading document from “Hot-Folder”
User logs into FileNet and downloads a fileUser’s Computer
User’s ComputerThe downloaded file is automatically protected with the policy of the “Hot Folder”. Notice the “red” lock
3. Opening the document
User’s ComputerWhen the user opens the file, he gets to see the rights that he has on the document
4. Performing un-authorized actions
User’s Computer If he tries to print….
User’s Computer He will be restricted from printing !!
User’s Computer If the user tries to copy data…
User’s Computer He will be restricted from copying data!!
User’s Computer Even print-screen is blocked !!
User’s ComputerThe system also maintains a complete audit trail of all the user actions, time & even location !!
About Seclore
Corporate Background …
“Seclore is a high growth software product company. Seclore’s technology helps mitigate the risks arising out of
information breaches whilst enhancing collaboration”
6 years old, Headquartered in Mumbai, India
Geographical and customer presence
Middle East, India, ASEAN, Western Europe, North Africa
Keywords
Information Rights Management, Secure outsourcing
Investors
The largest private bank in India, one of the foremost R&D institute & professional financial investors
Why are we different
Minimally intrusive security technology, value based pricing, usage without training
About …
Seclore is a high growth information security product company focussed on providing Security without compromising collaboration
Seclore’s flagship product Seclore FileSecure is used by More than 1.5 million users & some of the largest enterprises