As content becomes more readily accessible to enterprise users, it also becomes more difficult to control distribution, particularly in situations where content is shared outside of the corporate network. This is especially concerning when the nature of the content could give competitive advantage to outside parties. In order to minimize the potential impact of sensitive data falling into the wrong hands, organizations are looking to implement Information Rights Management IRM solutions. IRM allows companies to gain tighter control of how content is distributed both within the organization and external via partners, vendors, and customers. EMC Documentum provides the leading platform for storing and managing content in the market.
|Published (Last):||2 March 2011|
|PDF File Size:||10.46 Mb|
|ePub File Size:||12.56 Mb|
|Price:||Free* [*Free Regsitration Required]|
As content becomes more readily accessible to enterprise users, it also becomes more difficult to control distribution, particularly in situations where content is shared outside of the corporate network. This is especially concerning when the nature of the content could give competitive advantage to outside parties. In order to minimize the potential impact of sensitive data falling into the wrong hands, organizations are looking to implement Information Rights Management IRM solutions.
IRM allows companies to gain tighter control of how content is distributed both within the organization and external via partners, vendors, and customers.
EMC Documentum provides the leading platform for storing and managing content in the market. With a recent acquisition, Documentum now includes IRM capabilities in its product offering.
These services ensure that Documentum is able to provide a truly secure content management and distribution system. Traditionally, organizations have approached data security by ensuring that malicious persons or entities are kept out of the network and resources attached to it. This type of security paradigm is known as perimeter security.
While this approach has served the enterprise well, it does not cover situations in which persons within the organization are sharing sensitive data to unauthorized users outside of the network e. Information Rights Management IRM attempts to solve this problem by securing the content, not just the resources that house the content like file servers or web sites.
With IRM, enterprises can mark selected content as protected and authorize select users or groups of users to perform specific actions on the content, including copying, printing, and emailing. Any request to perform an action on protected content is first sent to the IRM policy server, along with the credentials of the person attempting the action.
Otherwise, the user is denied from acting on the content. In either case, the user needed to provide information to consumers as to how to open the protected content. With IRM, authors can take advantage of plug-ins built into their applications allowing them to protect content and assign rights policies. Consumers receiving this protected content need not know how to unprotect it. This responsibility is left up to the IRM client embedded in their applications this client communicates with the policy server to determine if the user has the rights to unprotect the content.
Information Rights Management generally encompasses the following concepts:. At the time of the purchase, Authentica was amongst the leading players in the relatively immature IRM market SealedMedia and Liquid Machines being other notables. This integration allowed for users to easily create IRM protected content from tools they were already familiar with.
EMC clearly saw the benefits of rights management in the enterprise, and reeling in Authentica would complete the security picture between Content Server and enterprise users.
The core component, IRM Server, only requires connectivity to a database server for storing policy and key information. Enterprise users can easily encrypt content via a number of clients that securely connect to the Server. The IRM Server is responsible for storing policies that indicate what Principals can do, as well as for issuing a usage license when protected content is opened A usage license tells the IRM client what the user can do with the content and how long the user has rights to the content.
In addition to storing policies, the Policy Server also stores keys that were used to originally encrypt the content. When a user attempts to open protected content, a secure call is made to the Policy Server.
If the user has the correct permissions according to the stored policy , the Server passes back the key that can be used to decrypt the content. Typically, the IRM Server is deployed behind the corporate firewall. Documentum IRM Clients When users want to protect content, they typically do so using a variety of clients provided by Documentum. These clients make a secure connection to the Policy Server, which provides encryption keys and a policy for the content. After successfully communicating with the Policy Server, the client applies the policy to the content and encrypts it using the key provided by the Server.
In addition to facilitating the creation of protected content, these clients are also responsible for determining whether or not a user can open protected content.
Documentum currently provides clients for the following:. It is ideal for organizations who want to expose protected content to outside parties such as vendors, partners, or even potential customers. IRM Repository Server actually stores protected content and allows for document creators to send messages to target recipients. These users will then get links back to the protected content stored in the IRM Repository Server at which point these users will have to identify themselves.
In addition, IRM Repository Server provides several web services that external applications can connect to in order to stream protected content over a secure connection. Content Server manages the lifecycle of enterprise content. IRM Repository Server is intended to serve up secure content that is published from within the enterprise. For example, a Sales and Marketing team will use Content Server to create, review and edit a new marketing presentation intended for clients who have signed an NDA.
Included in these features:. Some notable enhancements include:. Roll out of an enterprise IRM solution is not something that happens overnight. A tremendous amount of planning must go into the initiative, from infrastructure build-out with corporate IT to business change management for the users who will be interacting with IRM. Here are some key points to consider when implementing an IRM solution:. Implementation of an Information Rights Management solution helps companies gain confidence that content is secure, no matter where it resides.
With the continued demand for organizations to distribute content within the enterprise as well as outside the firewall, the need to control this content is ever increasing. Information Rights Management attempts to fill this need by providing dynamic policy control that follows content, no matter where it goes.
While implementation of an enterprise-wide IRM initiative is a significant undertaking, with proper planning and execution, an organization can ensure that only the right people are able to view or manage sensitive information. Terence McDevitt. August 29, Overview As content becomes more readily accessible to enterprise users, it also becomes more difficult to control distribution, particularly in situations where content is shared outside of the corporate network.
What is IRM? Information Rights Management generally encompasses the following concepts: Principals — IRM defines Principals as those entities that are authorized to perform given actions on content. Typically, a Principal is a user on the network.
In some IRM implementations, a Principal could be a group of users, another network e. Policies — Policies define what actions are acceptable for a given piece of content and a particular Principal or set of Principals. Some IRM products can also allow content owners to create policies which revoke content privileges that were once established.
If a new release of the product is introduced, the Sales and Marketing content owners can revoke rights on the old version of the product data sheet, forcing the sales team to request the latest copy.
This encryption prevents unauthorized users from making any sense of the data. Content encrypted with IRM products can only be unlocked using valid encryption keys known to the IRM policy server and the authorized client. Included in these features: Dynamic Rights — A key feature in the Documentum IRM offering is the ability to change document policies on the fly. Imagine a scenario where a document owner decides to give a vendor access to a document.
When the vendor opens the document, the Documentum IRM Policy Server is contacted to determine if the user opening the document has the appropriate rights to do so. This notion of dynamic policy assignment is critical for enterprises wishing to truly manage access to content that is distributed outside of the corporate network. Offline Rights Management — Documentum IRM Services provides functionality to allow offline usage of content, while continuing to respect any policies that have been defined for the document.
For example, documents can be made available to users with set expiration dates. Thus, customers do not need to have Documentum in place in order to take advantage of the features provided in IRM Services.
Support for Dynamic Watermarks — Documentum IRM Services allows protected documents to carry watermarks, which are useful for identifying the status of a printed document e. In addition to standard watermarks, Documentum IRM Services can place dynamic watermarks on documents when certain actions are taken. For example, if a user prints a document, IRM Services can embed a dynamic watermark on the content with the login name of the user who is printing the document. Thus, if an unauthorized hard copy of the data is found, organizations can immediately track down those responsible.
This integration provides an easier means of applying IRM policies to documents with limited changes to existing Documentum-based architectures. In addition, current business processes e. As an example, an organization may have a custom desktop integration with Documentum.
Here are some key points to consider when implementing an IRM solution: Sending Content over the Wall — While most organizations will want to exclude outside parties from accessing sensitive information, there are often situations where access must be granted. For example, if a company is working closely with a manufacturing partner, it is very likely that content will be shared with that partner. Documentum IRM Services can be deployed in a manner that keeps policy information secure, while still exposing services to the outside world this could be done either by setting up IRM Server in a DMZ or having Repository Server directly serving protected content.
This decision should be made as early in the planning stages as is possible. An enterprise wishing to roll out an IRM solution must understand at which point they want content protected. If an IRM policy is applied when content is created, enterprise services such as indexing will need to have a way to unprotect that information when it is read. Depending on the number of services, customizations required to decrypt data could derail the IRM initiative.
Organizations could consider protecting content at the point of distribution to alleviate this problem. Who Controls the Policies? In this situation, the usage of policy templates helps ensure that users aren?
Of course, this power can be left in the hands of the user if the company prefers. Like this article? Share on facebook Share on Facebook. Share on twitter Share on Twitter. Share on linkedin Share on Linkdin. Share on pinterest Share on Pinterest. Next Avalanche of Articles Next. Leave a comment.
Introduction to Documentum IRM Services
Governance, risk management and compliance are increasingly being prioritized within organizations. As a result, organizations are much more aware of potential risks, and many have made good governance a strategic priority. Documentum comprises a comprehensive set of security and compliance services to protect company information by preventing its unauthorized access and use. Enforces security and individual access control policies based on a combination of rules and requirements.
EMC Documentum IRM
Documents are protected using high-security encryption and are easily accessed when users verify their identity with a central IRM server over a wireless connection. IRM-protected documents can be centrally managed either by document owners or by automated policies. IRM-protected document cover a wide number use-cases and may be intended for and organizations clients, vendors, employees or partners. Description Details Versions.
OpenText Documentum governance and compliance