CurtainTM e-lockerWe safeguard your information!
© Copyright 2001-2011 Coworkshop Solutions Ltd. All rights reserved.
CURTAIN – Security challenges
CURTAIN – How we safeguard your information
CURTAIN – Deployment
Agenda
Data leakage
Multiple Layered Security Control
Perimeter-based security solutions: Intruder Prevention, Firewall & VPN, Web & Email Filtering, Antivirus , Anti-spam.
Security challenges
Comprehensive External Security Control
Expensive and difficult to implement and manage these layered defenses. Still, It cannot protect internal document.
Security challenges
Security Challenges besides External protection: Internal Protection
Security surveys
35% report attacks from an internal source, compared to 2004 (14%) and 2003 (10%) in the financial industry (2005 Global Security Survey, Deloitte Touche Tohmatsu)
More than half of the computer threats come from within the organization (CSI/FBI Security Survey 2005)
Latest security surveys show the significance and trend of Internal Security Breach
– 52% (Insider breach) VS 48% (Hacker breach)
Security surveys
Because it is not easy to discover insider copies information to external devices
Insider breach should be higher than 52%
8
But once user getsREAD rights, he owns the document.
The problem
Most systemsalready have built-in security access control.
9
Print screen
Save to USB disk
Copy to mini PC (by LAN cable)
Copy & paste
ICQ, MSN, QQ
Upload to FTP server
More…
Once the user gets READ rights, he can…
The problem
Numerous mass storage mobile devices & wireless connectivity to exploit
New technologies
Widely use of Peer-to-peer (P2P) software, such as Foxy and BT
Administrative security policies and procedures are NOT enoughfor the Trusted Community
Control USB port
Control Internet access
Control usage of printer
Control data sharing
Some companies try to prevent data leakage by:
Traditional ways
Question: Is it the way out? Definitely, NOT!Expensive & difficult
Inconvenient (No Internet, No email, No USB…)
The most important is: Not a complete solution!
Smart users can copy data through a cross cable
Curtain e-locker is an InformationRights Management (IRM) system that prevents sensitive informationfrom leaking out of the company.
Curtain e-locker is a complete solution
to stop the Information Leakage!
A complete solution
CURTAIN – Security challenges
CURTAIN – How we safeguard your information
CURTAIN – Deployment
Agenda
File Rights:
control Save Anywhere
control Send
control Print
control Print Screen
control Copy and Paste out
control New Document
It changes “Uncertainty” to “Company Practice”
A complete solution
Curtain Protected
CurtainPolicyServer
Fileserver
Architecture
Servers Workstations
Curtain Protected
Server protected directories
Local protected directory
It forms a Protected Zone. All unauthorized actions are prohibited
Curtain client must be installed, in order to access server protected directories. A local protected directory will be created.
Protected Zone
Demo screens
Unauthorized actions (i.e. Save As, Print, Send To) are Disabled
All Rights can be configured by System Administrators
Curtain e-locker with SolidWorks
Curtain e-locker with SolidWorks EPDM
Users can access sensitive files by using the native application (not through a third party file viewer)
Curtain supports over 50 applications, includes MS Office, Adobe Acrobat, AutoCAD, Photoshop, CorelDraw, and etc.
Curtain has been extending the coverage to support more applications
Application-level protection does not change user behavior. Users still use native application for reading & editing
Application-level protection
We will cover more applications continuously. Please refer to our corporate website for the full list.
Office Applications– Adobe Acrobat– Adobe Reader– Microsoft Word– Microsoft Excel– Microsoft PowerPoint– Microsoft Access– Microsoft Visio– Microsoft Internet Explorer– Windows Media Player– Notepad– Microsoft Paint– Cognos Impromptu– WinRAR– QuickBooks– FileFinder– Macro Express– Kodak Imaging for Windows– Windows Picture and Fax Viewer
Supported applications
Graphics Design– Adobe Illustrator
– Adobe Photoshop
– CorelDRAW
– JewelCAD
– Jewelry Database
CAD/CAM– AutoCAD
– AutoCAD LT
– Ansoft Maxwell– Autodesk DWF Viewer
– Zhong Wang CAD (中望)– DWGeditor
– eDrawings
– Gerber AccuMark
– Matrix– MasterCAM
– Pro/ENGINEER
– Rhino
– Perfactory Systems– SolidWorks
– SolidWorks Viewer
– SolidWorks Enterprise PDM
– Unigraphics NX
– Volo View Express
Online/Offline controls – “Sensitive data can be used”:
Users can download sensitive information to local protected directory, and go out for meeting or business trip
Information in local protected directory is still protected by Curtain e-locker, even the PC is offline
Users can edit files in local protected directory. When they come back office, they can upload the latest version of files back to servers
Online/Offline protection
– ONLY when the PC is online
– ONLY when the PC is online within a period of time (e.g. 2 hrs)– Even the PC is offline
Protect first draft – if this feature is enabled, user must save newly created document to protected zone. This feature protects information at the point of creation
Smart copy & paste control:
– Copy & paste in-between documents in protected zone is allowed
Personal local protected directory
Smart protection
– Copy data to protected zone is allowed
– However, copy data from protected zone to other locations is prohibited
Smart screen-capture protection:
– Only window of sensitive data is dimmed
Screen-dump software is also blocked
Screen capture protection
– Users still enjoy the convenience of screen-capture for non-sensitive data
Encrypt sensitive file first –the encrypted file can be copied out of protected zone.
Send the encrypted file to colleague
Colleague simply double-clicks the encrypted file – the file will be automatically decrypted to protected directory for viewing or editing.
Secure file sharing (internal)
Encrypt sensitive file with password – the encrypted file can be copied out of protected zone.
Your business partner can encrypt the file by entering correct password – the file will be automatically decrypted for viewing or editing.
Secure file sharing (external)
Copy/Send the encrypted file to your business partner – the sensitive file is encrypted in USB drive or Email.
Secure “Print to PDF”
Secure generation of PDF file
– Users can convert sensitive documents to PDF format by using the function of print-to-pdf.
– However, the pdf file can be only saved to protected zone. It makes a good balance on convenience and security. Users can generate pdffiles, but data still cannot be leaked out of the company through this channel.
User-friendly Client Interface – Windows Explorer-like interface and all columns can be sorted
User-friendly interface
Policy droplet– Users can click the droplet to view their rights to the document
Clear message –Curtain provides clear message to users, so that they know what they can do to the controlled document
Multi-lingual – Curtain supports English, Traditional Chinese, and Simplified Chinese.
Multi-lingual Support
Switch between languages –Users can switch between languages themselves. There is only one installer for all languages.
Fully localized – All prompts, bubbles, and messages from Curtain are shown in selected language.
Auto patch update – Patches are automatically applied to clients
Easy administration
Admin can define different rules to clean up files in users’ local protected directories, such as daily, weekly, N days, and etc
Housekeeping
Central audit log is available in Policy server. It logs activities to sensitive files
Central audit log
Allow some users to print protected documents out. e-locker will log below information.
• Date / Time
• User / Workstation
• Result (Allow, Deny, etc)
• Application
• Printer
• Filename / Title
• No. of Pages
• Snapshot of printouts
Print log
Allow some users to print protected documents out with self-defined watermark
• Date / Time
• User / Workstation
• IP address
• Page number
• Self-defined sentence
Adjustable
• Margins
• Font colour
• Font size
Watermark
– Select protected document(s) and right-click to select “Send Request”
– After fill in the form (e.g. Request reason), the request will be sent to approver
– Approver can approve or reject the request
– The whole approval process will be logged in Audit Trail
Send Request
If an unauthorized user needs to share a protected document with external parties, the user can submit a Request for approval.
Office:Users can work with sensitive information within protected zoneUsers cannot copy files out by all meansInformation is SECURED
A complete solution
USB disk (e.g. copy files to home PC):Files are encrypted in USB diskIf USB disk is lost, information is still SECURED
Home:Users can work with sensitive information within protected zoneCurtain e-locker can also prevent data leakage thru P2P software, such as Foxy and BT
CURTAIN – Security challenges
CURTAIN – How we safeguard your information
CURTAIN – Deployment
Agenda
Curtain e-locker ClientInstall on each machine to be protected thru local or remote (Silent install) install
Curtain e-locker Policy ServerInstall on server-side. Admin can define policies centrally.
Curtain e-locker Server Plug-inInstall on server(s) you want to protect. For example, if you want to protect shared folders in 5 File servers, you need to install the plug-in in the 5 servers.
Basic components
Basic architecture
For example:
Curtain e-locker ClientIntel Pentium or above processorWindows 2000/XP/2003/Vista/Win 7
(both 32/64-bit)128MB RAM (Recommended 256MB RAM)50MB Hard Disk (in NTFS) for installationTCP/IP network
Curtain e-locker Policy ServerIntel Pentium or above processorWindows 2000/XP/2003/2008/Vista/Win 7
(both 32/64-bit)128MB RAM (Recommended 256MB RAM)60MB Hard Disk (in NTFS) for installationTCP/IP network
System requirements
Pricing model
Install base of Curtain e-locker client (i.e. workstation), no Server license
Curtain modules
For example:License:
100 x Curtain office suite license
20 x Curtain universal license (cover all modules)
First year software maintenance & upgrade is included
Implementation service charge is not included
Secure information EVERYWHERE
Software Development Kit (SDK) is available
Curtain e-locker can be used to secure third parties solutions or your self-developed system
ERP,DMS, orin-house systems
Curtain Protected
CurtainPolicyServer
Architecture
Servers Workstations
Curtain Protected
Backend system is protected
Only secure client can connect to protected backend system
All unauthorized actions are prohibited
Curtain client must be installed, in order to connect to protected backend system. A local protected directory will be created.
Protected Zone
Some of our customers
Some of our customers
採用Curtain e-locker已有三年多的新興光學集團控股有限公司,對這個系統的表現非常滿意,該集團的資訊科技部經理李樹勳先生認為:“…在產品開發部全面採用Curtain e-locker後,這方面的問題已獲徹底解決;我們現正考慮把Curtain e-locker應用到其他部門和層面上。”
What our customers say
凱溢珠寶營運部經理鄧育文先生表示:“Curtain e-locker不僅能有效保護伺服器上的檔案,並可應用到網上文件管理系統(Web-based DMS) ,這絕對有助企業跟上檔案移植到網絡的趨勢,而無須擔憂資料保安問題。”
寶雲號行政經理章志豪先生認為Curtain e-locker真正能夠保護公司機密資料免被外洩,適合需要處理敏感資料的各行業。”資訊系統部主管張東升先生相信:“Curtain e-locker是一套令系統管理者感到自豪的程式, 只須幾個簡單步驟就完成設定需要保護的檔案類型;同時也給我百分百信心,肯定資料檔案不會透過任何途徑外洩。”
What our customers say
Our partners
Over 100 resellers in the Greater China
Awards “IT Excellence Award”
Asia Finalist in the Best Security of the GSC 2010
Finalist for the 2010 Red Herring 100 Asia Award
Partners
IBM Certificates
One of Seven Authorized ISV Solutions in Fu Dai program
SolidWorksSolution Partner
Coworkshop was established in 2001.
Office in Hong Kong and ShenZhen
Awarded in 2001 by Hong Kong Science and Technology Parks (HKSTP) to be a member of the Incu-Tech Program.
Supported by the Hong Kong Government – Innovation and Technology Fund in the years of 2003 and 2004.
About Coworkshop
About Coworkshop
About Coworkshop
Sensitive information can be leaked out of the company without your knowledge. When you know the leakage, it is already too late.
Let Curtain e-locker protect your valuable
information!!!
Conclusion
Thank You