Length of time to deploy, difficult to use and costly to implement. Just provided basic functionality which added little business value.

Length of time to deploy, difficult to use and costly to implement.

Lack of true cross perimeter solutions.

Just provided basic functionality which added little business value.

Very limited identity integration and authentication.

No true policy integration and enablement.

Lack of integration into multiple system.

Lessons learnt from The UK military and the answers that gave Avoco the foundations to develop Good Enterprise DRM:

During the cold war we assumed the the second data has been created it will be stolen. What can you do?

• Protect data at inception and link it to multiple authentication and PKI identity.

• Put the access controls/permissions in the right hands

• No the data administrators • Yes compliance, legal etc…

Hundreds of thousands of users in de-perimeterised environments.

• Requires an untethered architecture that dynamically protects data wherever it resides, integrates with different systems.

Data is in a de-layered and de-perimeterised

network environments environment in the

Enterprise today.

Insiders and outsiders unauthorised access to

information is a high risk.

Secure collaboration is a must and achieving will

add real value.

DLP products stop at the perimeter and failed to

prevent the major recent leaks in the UK civil

How to store the information securely.

Controlling who has access to the information.

How do they gain that access.

Controlling how the information can be used once accessed.

All without negatively impacting the organisation’s ability to

transact business.

A system must be able to articulate and enforce the business

rules that the enterprise applies to its content.

In the De-perimeterized world and eventually the

Cloud, data must be considered in a new way.

Previously static data that did not get disseminated.

Data is now dynamic in an environment encompassing

distributed computers and distributed users.

In this environment, the ability to link dynamic

security

policies

to

identity

and

information

is a key

enabling factor in creating solutions that will

Encrypts the contents you wish to protect.

Authenticates who can access that content.

Controls what the recipient can do with that

content.

Leverage identity and policy by the use of multiple

authentication to access and control content contained in files ie Word, Excel, Powerpoint, PDF etc…

Secure intellectual property from the moment of creation.

Facilitates secure intra- and inter-organisational collaboration by restricting access and retaining control of content whilst allowing editing.

Extend the security of enterprise content management.

Revoke an identity and an individual ceases to have access to the documents wherever the reside.

Active Directory and LDAP

Digital certificate (including eTokens and smart card

based)

Information Card

Biometrics (fingerprint but extensible to other forms

Location GPS

Anyone

Infocards can provide the ability to control and see what

information is being provided to third parties.

May be deployed for access from the Internet or a

corporate Intranet.

Selectable authentication including X509 digital certificate.

Custom dynamic claims may be added e.g. user security

clearance level, reputation rating (1-10 star)…

Supports instant revocation of cards to revoke access

rights.

The requirement was to secure training materials

which contains PEX intellectual property. PEX

required a method of identifying the end user

user that could be then tied to the access and

control the use of the PEX training materials.

Dean Sexton, Owner and CEO, PEX:

“The Information card option, being user-centric,

reduced the delivery lead time from a minimum

of 5 days to 5 minutes”.

No copying content, includes:

No third party screen capture

No access of content in memory (e.g. WinHex)

Watermarking with the person and organisation information.

No printing content

Audit

Track Data

Read Only

Date restrictions:

Add document levels controls to:

Online portals (SharePoint, eRoom, etc)

Document/Content Management Systems

Database front end

Etc…

Can be used in Workflow to dynamically

change access and usage rights

The data itself being viewed as a mini container and the protection being an inherent part of this, to create a secured data package.

This secured data package being un-tethered (independent) and so retaining the natural fluid movement that is a defining aspect of unstructured data.

Directly linking an identity or identities to the secured data package – setting a policy of belonging to (policy linkage).

Driving the protection of the data package using policies
Applied automatically at any point in the data cycle

That can be changed on demand

Applying an additional layer of controls to the use of the content after access to assure integrity.

These elements, built into the process of retaining data,

will ensure privacy of the information due to a culture of

‘belonging to…’ built into the system:

The security of the data is determined by the encryption

and controlled access.

The integrity is assured by the post access content

controls.

Identities, dynamic policies and claims being utilised to enforce

Sandy Porter

[email protected]

+44 (0)791 750 7636 www.avocosecure.com

Data in motion which may be located anywhere

-needs dynamic security linked to user centric

identities and policies- that is seamlessly applied to

your information.

For a copy of the PEX case study please email.