Post on 18-Nov-2014
description
transcript
Information Rights Management
Redefining Information
Security
The Traditional View to
Information Security• Perimeter:
"Traditional" Network Security
• Core: Desktops, Servers, Machines, OSes, Applications
• Content: Content in all forms, whether at rest or in motion
Perimeter
Core
Content
Perimeter Thinking• Traditional Security is
about securing the edge, primarily from outsiders
• Standard policy is:OUTSIDE = UNTRUSTEDINSIDE = (COMPLETELY) TRUSTED
• Traditional Security is generic and does lowest common denominator levels of protection to secure the network, apps, desktops, but not content specifically
Trusted
“Modern-Traditional”
Security• Due to VPNs, WiFi, HTTP
(web) traffic freely passing corporate firewalls
• Perimeter shrinks down to the device/person, regardless of where you are, how you're connected, what you’re doing
• This provides a new level of CONTEXT to security, only allowing trust to exist in very specific instances, although still typically a generic defense - securing the machine itself, but not the content on it, or sending to/from it.
Semi-Trusted
Application-Level Security• Document/Content
Management provides access into repositories with document/user level controls - a mini perimeter
• Records Management provides lifecycle management for Archive and Destruction
• Content is free to go where it will once it is out of those systems
Information Rights Management
• Policy-based• Imposed at the
document/user/application level (context)
• Omni-present • Auto-auditing• Content
Authentication• User Authentication• Encryption
POLICY
“Traditional” Security Strategy
Which of the following definitions of Digital Information Access Control most closely aligns with your definition?
Control & Secure Collaborate & Innovate
IRM Security Strategy
Which of the following definitions of Digital Information Access Control most closely aligns with your definition?
Control& Secure
Collaborate& Innovate
Risk vs.Benefit
Why IRM?•Conflict of interest•Self-regulating secure access
•M&A•Bi-directional sharing files in a
controlled space•No extended sharing•Project timeline
Why IRM?•E-Discovery•The “Ultimate” Secure Collaboration
Platform•No extended sharing - In Context•Automated Clawbacks•Dynamic enabling/disabling•Automated & Complete End of Trial
Expiration•Policy-based / repeatable
Market RealityWithin the past 2 years, has content been accesses by an unauthorized individual either deliberately or accidentally?
Is Your Organization’s Content Security Strategy Driven More by a Desire to Lock Down Content or to Enable Secure Collaboration?
Market RealityWithin the past 2 years, has content been accesses by an unauthorized individual either deliberately or accidentally?
How Well is Content Security Understood in Your Organization?
0% 7.5% 15.0% 22.5% 30.0%
Well Aware and areExpressly Addressing It
Vaguely Familiar and Understandits Relationship to the BroaderTopic of Security
Not Sure How This is DifferentForm Security in General
No Clear How Understanding
Market RealityWithin the past 2 years, has content been accesses by an unauthorized individual either deliberately or accidentally?
What is Your Organization’s Current Involvement With Content Security?
Developing a Strategy
Assuming budget is available, identify the primary obstacles to implementing Digital Information Access Control?
Control& Secure
Collaborate& Innovate
Why Care?•Security is a major issue for CxOs•Future-proofing your business
requires addressing this as competitive advantage
•IRM is critical but requires positioning and education
•Strategic deployment and alignment with business provides competitive advantage, holistic benefit
•Carl Frappaolo•Cfrappaolo@aiim.org•617 933 2584
Q & A