• No results found

Lab Validation Report

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Lab Validation Report"

Copied!
19
0
0

Loading.... (view fulltext now)

Download now ( 19 Page )

Full text

(1)

Lab Validation

Report

Content Raven

Secure Content Distribution

By Ginny Roth and Brian Garrett

February 2012

(2)

Contents

Introduction ... 3

Background ... 3

Content Raven Secure Content Distribution... 4

ESG Lab Validation ... 5

Agentless Simplicity and Versatility ... 5

Actionable Analytics ... 9

Trust and Reliability ... 11

Going Green ... 14

ESG Lab Validation Highlights ... 16

Issues to Consider ... 16

The Bigger Truth ... 17

Appendix ... 18

All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of the Enterprise Strategy Group, Inc., is in violation of U.S. Copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188.

ESG Lab Reports

The goal of ESG Lab reports is to educate IT professionals about data center technology products for

companies of all types and sizes. ESG Lab reports are not meant to replace the evaluation process that should be conducted before making purchasing decisions, but rather to provide insight into these emerging

(3)

Introduction

ESG Lab conducted hands on testing of Content Raven’s Secure Content Delivery solution to determine how content is delivered as a service securely and simply, and how the service can reduce costs by replacing physical materials and delivery.

Background

In any economy, but especially in today’s, cost reduction is always a top business initiative that drives IT spending decisions (see Figure 1).1 A cloud-based approach to delivering IT services can facilitate such a cost reduction, and additionally improve business processes, but the cloud raises its own business concerns around security and risk management. Companies need solutions that can address these multiple business initiatives.

As companies look at the reduced costs and improved processes that come with sharing their data with customers, business partners, and internal employees via cloud solutions, the challenge in protecting that data becomes paramount. Not only is it important to ensure that only the right customers have access to the right data, it can be difficult to control the illegal proliferation of that data, thereby compromising company assets and creating real revenue losses.

Figure 1. Business Initiatives Impacting IT Spending

Source: Enterprise Strategy Group, 2012.

14% 16% 17% 18% 24% 29% 30% 43% 0% 10% 20% 30% 40% 50%

Increased use of social networking technology for marketing, customer outreach, market research, etc. Improved business intelligence and delivery of real-time

business information

Business growth via mergers, acquisitions, or organic expansion

Improved internal collaboration capabilities Regulatory compliance Security/risk management initiatives Business process improvement initiatives Cost reduction initiatives

Which of the following business initiatives do you believe will have the greatest impact on your organization's IT spending decisions over the next 12-18 months? (Percent of

(4)

Content Raven Secure Content Distribution

Content Raven Secure Content Distribution allows organizations to securely distribute sensitive content to their customers and manage policies on how that content is consumed. The solution can be deployed on premise within a private cloud or purchased as a public cloud software as a service (SaaS) offering from Content Raven.

Published files are encrypted and rendered on the Content Raven service with no temporary files created locally when accessed by the user. Policies control who can access the data and what they can do with the files (save, copy to a USB stick, print, etc.) when retrieved. Analytics, which provide real-time content access, can be used to make sure that the right content is getting to the right users at the right time.

Figure 2. Content Raven Secure Content Distribution

The Content Raven service boasts several features that provide a comprehensive solution for secure content distribution.

Cloud-based services. Companies can publish and deliver content through the cloud with no installation

required at the client.

On-premise deployment. Content Raven can be contained behind the firewall to protect sensitive internal

communication.

Analytics. Organizations can quickly see who is viewing content, how often, and from where to tailor

offerings to user preferences.

Mobile support. Content can be securely delivered to most major mobile devices including iPhone, iPad,

Blackberry, and Android devices.

Multiple file types. The secure delivery solution supports video, audio, Microsoft Office, PDF, Flash, and

(5)

ESG Lab Validation

ESG Lab performed hands-on evaluation and testing of Secure Content Distribution at Content Raven’s facilities in Marlborough, Massachusetts. Testing was designed to demonstrate the simplicity of delivering content securely, the ease of tracking data and analyzing content consumption, and the capacity for reducing costs by eliminating material and distribution expenses.

ESG Lab used Content Raven’s service, hosted in the cloud, to test the features and functionality of the Secure Content Distribution solution. A PC was used for the web-based administration console to publish content and also collect analytic data. Content was delivered to various devices, including a laptop, iPad, and Android device.

Figure 3. ESG Lab Test Bed

Agentless Simplicity and Versatility

The key to effectively delivering content online is a straightforward solution that is easy to implement and consume. Content Raven’s hosted service requires no installation and content is published using a web-based administrative console. Content is delivered to a viewer built into any browser using existing APIs. No plugins are required to view the content.

ESG Lab Testing

(6)

As shown in Figure 4, a single dialog box is used to add a user. ESG Lab filled in the required fields, and granted the user mobile access to content. Administrators can grant content access to groups without the cumbersome task of selecting multiple users individually for access.

Figure 4. Add a New User

Once the user is added to the service, the final step to complete the task is for the user to access an e-mail sent to her from the Content Raven service. The e-mail contains an “Authenticode” that allows the user to register for the first time. An additional e-mail is sent with a password that must be changed the first time a user logs into the service.

ESG Lab tested the registration process from the user’s point of view and found that the two steps involved were straightforward and easy to follow. The e-mails contained hyperlinks to the web service for both the first time registration and initial login, making the process simple to complete.

(7)

Figure 5. Publish Content

Before content can be published, the user must create a key and build a policy for access rights. ESG Lab was able to access the “Publish Key” option from the content page that lists the video file. As Figure 6 shows, multiple options are available for access policies. ESG Lab chose to make the video file available to two users, and to enable three ”Maximum Activations,” which allows both users to access the content on three separate machines, including mobile devices. ESG Lab also set the rights for users to display the details of the file and remove the file from active content.

Figure 6. Publish Key

After the attributes were completed, ESG Lab chose the “Publish” key. This automatically generated an e-mail to the two users to inform them that new content had been assigned to them with a hyperlink to the content online. On a laptop with an internet connection, ESG Lab opened a browser window, logged into the Content Raven secure console service with the user “[email protected],” and saw the content listed in the online console as new. ESG Lab chose the “activate” option next to the file and the key for the file was delivered to the console. Once the activation was complete, ESG Lab was able to click on the file and view the video as delivered through a

(8)

Figure 7. Secure Video Delivery

ESG Lab also tested the content delivery on a second laptop with the user “[email protected],” with the same results. Finally, ESG Lab published a PDF document to the same users and tested the document on a remote laptop, an iPad, and an Android tablet. All the devices were able to successfully access and read the PDF content. ESG Lab tested whether Content Raven policies can be used to restrict the number of devices from which a user can access a file and their ability to print or copy content. A policy which restricted access of a PDF to one device for a single user was created. The policy also blocked the ability to print or save the file. After initial access on a laptop, an attempt to access the file on an iPad failed as expected. It was also confirmed that the PDF could not be printed or saved.

Why This Matters

Content leakage is a growing concern for organizations of all sizes. Content leaking into the wrong hands can lead to increased risk, lost opportunity, a loss of reputation, and a loss of revenue. For example, consider the National risks associated with Wikileaks and the millions of dollars associated with the unauthorized duplication of

electronic training materials. Endpoint devices (e.g., laptops and mobile phones) are the last line of defense in the reduction of content leakage.

(9)

Actionable Analytics

Part of the Content Raven solution is an analytics component that captures metrics on public content usage both when users are online and when they’re offline. Reports can be presented as a detailed list, line graph, bar graph, or pie chart. These reports allow administrators to track metrics and make future distribution decisions based on how content is accessed.

ESG Lab Testing

ESG Lab ran multiple reports on a separate live system hosted by Content Raven that had collected information over several months in order to capture more data on usage. Figure 8 shows a Document Access report that details by date and report name the number of times a document was accessed.

Figure 8. Content Access Report

(10)

Figure 9. Location Access Report

In addition to the above, ESG Lab was able to successfully run the following reports:  Registrations: Number of active registrations and who the registrants are.

Activations: Number of successful activations daily.

Failed Activations: Number of failed activations due to unauthorized access. Reasons for failed activations

include invalid keys and exceeding the maximum number of activations.

Distributions: Comprehensive data on files and the status of their activation by users.

Console: Data on client console downloaded and registered by users.

Document Page: Details on document access, including user time spent by page.

Why This Matters

Using this detailed information on data usage, administrators can quickly see how and where data is accessed. Knowledge of the type of content that is most popular with their customers can aid organizations in content creation. Using this information, they can tailor their offerings to fit the market more effectively, thus increasing revenue potential.

(11)

Trust and Reliability

When delivering content over the web it is important to provide a trust model that protects data in transit, at rest, and when it is delivered to the endpoint. Content Raven provides end-to-end encryption to protect data after it’s published for users. It also provides policies to limit which users can access the data and what they can do with the content once it’s received.

Since data is often only available through a hosted service, the reliability of that service is critical to those who consume that data. With the public cloud option, Content Raven’s service is provided through Savvis’ cloud computing infrastructure with the data recovery and high availability functions that are offered by the Savvis solution. The service can also be hosted on-premise behind the corporate firewall.

ESG Lab Testing

ESG Lab tested the encryption used, starting with data published to the Content Raven service. As shown in Figure 10, when content is published, it is encrypted using AES 256 encryption and sent to the hosted service where it is stored as an encrypted file. When the user accesses the document, the access key is used to decrypt the document and present the readable content through a browser window.

Figure 10. Encrypted Document

ESG Lab tested the encryption by publishing a PDF document to the Content Raven service. With a browser, ESG Lab was able to view the content using a key to decrypt the data after choosing an option to activate the content. ESG Lab next attempted to examine the same file without the key available through a logged-in browser session. Using the offline mode, we were able to browse to the file located on the local hard drive. The title itself was changed to a long alpha-numeric string so it was not recognizable from the original file name.

(12)

Figure 11. Encrypted Content

To effectively provide content to a diverse user community, it’s important that strong access controls are present. ESG Lab tested the effectiveness of Content Raven access control policies by assigning access to multiple files and testing the actual content delivered to the end-user.

ESG Lab assigned two files to user “[email protected]”:  A PDF titled “content raven datasheet”

 A video file titled “Brian Garrett – Intro video”

ESG Lab also assigned thee files to user “[email protected]”:  A PDF titled “content raven datasheet”

 A video file titled “Brian Garrett – Intro video”  An electronic reader file titled “Ascent eBook”

(13)

Figure 12. Content Access for Different Users

With any cloud service, a primary concern for customers is availability of data. Sufficient durability must be

available in the service to withstand outages and deal effectively with disaster recovery scenarios. Content Raven’s cloud solution is currently hosted in the Savvis cloud computing infrastructure, which is a SAS70 Type II, certified managed hosted service.

Savvis’ service level agreement provides 100% infrastructure and 99.99% end-to-end availability. The networking capabilities include 100 Mb/sec bandwidth and an Enterprise Grade QoS with server load balancing up to two pools.

Why This Matters

According to ESG research, the top concern organizations have in adopting public cloud strategies is data security.2 However, over half of the companies surveyed expect public cloud computing to have a moderate to significant impact on their IT strategy over the next five years.3 Organizations would be eager to provide content with a common platform for both internal and external users. Many solutions are available that provide a cloud solution for file storage and sharing, but are not equipped with the encryption and secure access rights technology that allows companies to feel confident that their intellectual property is shared with the right people and not

distributed in the wild. Significant capital is invested in intellectual assets and the theft of those assets can be very costly to the business.

ESG Lab tested the encryption algorithm and the access control policies of the Content Raven service and found effective security controls to allow companies to safely secure their content and manage the distribution.

2

(14)

Going Green

Content Raven’s solution provides customers the ability to address green initiatives within their organization. Using the cloud service for publishing content, the only assets required for electronic distribution of that content already exist in the data center, since files are stored and maintained within enterprise IT.

ESG Lab Testing

ESG Lab toured the distribution warehouse located at the Content Raven facilities and observed the materials required to print and distribute physical paper product. As Figure 13 shows, the physical facility itself is not the only piece required, but additional material needed included printers, paper, ink, binding equipment, etc. Distribution of content also has an impact on green initiatives through the use of oil and gas resources for delivery vehicles. Contrast those methods with Content Raven’s solution and most physical assets are eliminated, as shown in Figure 13.

(15)

In addition, ESG Lab tested document version updates and expiring documents. ESG Lab chose a PDF document, made a change to the graphic within the file, and published the content with a new version number. Using a remote laptop ESG Lab logged in as a user with access rights to the document and instantly received the changes made to the document, showing the speed to delivery of new and updated content compared to paper distribution.

ESG Lab used the same PDF file and expired the document. As Figure 14 shows, ESG Lab logged into the service and instantaneously received an “Expired” status in the main document page.

Figure 14. Expired Content

Why This Matters

The promise of green technology is not only an environmental benefit to a company but can contribute to significant cost reductions in CAPEX and OPEX expenditures. Converting physical assets to electronic versions not only shows a true reduction in hard dollars, but enables increased speed to delivery of updated content for customers. This provides tremendous competitive value to companies.

(16)

ESG Lab Validation Highlights

 Creating and publishing content was quick and easy.

 Consuming content through a web browser was very intuitive and required no training to accomplish.  Content was encrypted end-to-end and undecipherable without logging into the service online or using the

required access keys in offline mode.

 Content access was controlled per user, ensuring that only the right users had access to assigned files.  Actionable analytics were collected about file usage that allowed administrators to adjust permissions and

access as needed.

 Secure electronic distribution of files provided a significant impact on green initiatives.

Issues to Consider

 Users are added manually or bulk loaded from e-mail addresses. Integration with existing identity stores is currently not supported.

 Policies effectively control how content is distributed, who can access the content, and whether they can save or print the content. No polices currently control such access modes as type of device, location, and other contextual content.

(17)

The Bigger Truth

Companies have long struggled with delivering content, whether it’s training materials, internal communications, subscriptions, or consumer digital products. The traditional methods of printed materials and postal delivery are costly and difficult to scale, especially in a business-to-consumer market. However, the digital delivery of content presents its own challenges to ensure that the data is secured and used as intended by the customer.

Much of this content represents significant intellectual property and investment in research and development. The data leakage that can occur when this content is shared without permission strikes directly at a company’s revenue potential and carries risks when internal communication inadvertently leaves the secure corporate environment. These risks become magnified by the introduction of mobile devices, where management of these endpoints is still a work in progress. Companies are already opening up such content as company confidential data (40%), customer data (38%), regulated data (36%), and intellectual property (35%) to mobile device users.4 Solutions that have the flexibility to allow access and present data to smartphones and tablets securely are essential to creating a

productive workforce and satisfied consumers of content.

With cloud technology becoming a true cost reduction driver for corporate IT, it’s evident that secure content distribution can provide significant benefits to the bottom line. But, the choices for file sharing in the cloud vary widely. Many address the need with peer-to-peer or SaaS solutions that lack the strong security controls required to restrict the free distribution of content beyond corporate policies.

Content Raven attacks this problem head on with a solution that provides secure distribution of content to internal users, customers, partners, and contractors. Using a combination of policy management and analytical reporting, the solution controls how data is consumed and when content can be removed. Documents can be quickly published and easily accessed online with a simple browser.

ESG Lab examined the cloud service provided by Content Raven and found publishing documents easy and intuitive, with no special software required for either the management tool or client. ESG Lab also found the secure

distribution of files extremely effective in managing user access to data, and protecting against data leakage from the end-user. The data provided in the analytics reporting allowed ESG Lab to obtain actionable insight into who is accessing files, how often, and from where.

It’s clear that Content Raven has focused on a single mission to provide a secure content delivery platform that helps companies protect intellectual property while providing significant costs savings with electronic delivery. The wave towards public cloud services and the consumerization of IT puts Content Raven squarely in the sights of companies looking for secure content delivery solutions.

(18)

Appendix

Table 1. ESG Lab Test Bed

Content Raven Secure Content Distribution

Software

Content Raven Cloud Service Version 3.0

Client Software Version 2.1

Clients

Management Console Windows XP

Client Laptop Windows XP

Client Laptop Windows 7

Samsung Galaxy Tablet Android Version 3.1

(19)

References

Download now ( PDF - 19 Page - 2.59 MB )

Related documents

An iterative speaker re-diarization scheme for improving speaker-based entity extraction in multimedia archives

We propose introducing each globally unique speaker model, as hypothesised by our baseline attribution, into the clustering stage of the diarization of its as- sociated recordings,

Some recent developments in microeconometrics: A survey

applications. Furtherm~re, some estimators exhibit lower convergence rates than ..[ii, have non-normal distributions and may require bootstrapping in order to obtain the distrubution

Quantifying the Quality of Web Authentication Mechanisms A Usability Perspective

Environmental factors were not considered when the quality coefficient was calculated in the previous section, and this weakens the measure as a determinant of its efficacy within the

High Availability Infrastructure for Cloud Computing

– Protect database against server failure with automatic failover: Virtual IP (VIP) automatic failover by Oracle clusterware. – Reduce planned downtime for hardware, OS,

Dreams come true: youth entrepreneurs in eSikhawini township, Richards Bay

Furthermore, the Zululand Chamber of Commerce and Industry has assisted in arranging support and maximising impact through the various youth entrepreneurship

The Term Structure of Interest Rates: Evidence and Theory

To anticipate, the main empirical conclusions of the early literature are that at the very short end of the maturity spectrum forward rates are not accurate predictors of

November Q20 Performance Review

The presentation has not been updated since it was originally presented, and does not constitute a commitment by any CDF entity to underwrite, subscribe for or place any securities or

Case Study: The National Archives UK

‘We were impressed with the way Huntsman® integrated into our data infrastructure,’ the Security Team Manager makes the point, ‘and how well it works with our other security