Content Security Strategy Risk vs. Benefit

The Traditional View to Information Security Perimeter: "Traditional" Network Security Core: Desktops, Servers, Machines, OSes, Applications Standard policy is: OUTSIDE = UNTRUSTED INSIDE = (COMPLETELY) TRUSTED Content: Content in all forms, whether at rest or in motion Perimeter Core Content

Perimeter: "Traditional" Network Security

Core: Desktops, Servers, Machines, OSes, Applications

Standard policy is: OUTSIDE = UNTRUSTED INSIDE = (COMPLETELY) TRUSTED

Content: Content in all forms, whether at rest or in motion

Application-Level Security Document/Content Management provides access into repositories with document/user level controls - a mini perimeter Records Management provides lifecycle management for Archive and Destruction Content is free to go where it will once it is out of those systems

Document/Content Management provides access into repositories with document/user level controls - a mini perimeter

Records Management provides lifecycle management for Archive and Destruction

Content is free to go where it will once it is out of those systems

Content Security Policy-based Imposed at the document/user/application level (context) Omni-present Auto-auditing Content Authentication User Authentication Encryption POLICY

Policy-based

Imposed at the document/user/application level (context)

Omni-present

Auto-auditing

Content Authentication

User Authentication

Encryption

Content Security Strategy

Content Security Strategy

Content Security Component Technologies Records Management Document Management Web Content Management Workflow/BPM E-mail Management Enterprise Rights Management/Digital Rights Management Identity Management/User Authentication Content Authentication Content Addressed Storage Trusted Time Stamps Data Loss/Leak Prevention Public Key Infrastructure (PKI) Digital Signatures Hierarchical Storage Management

Records Management

Document Management

Web Content Management

Workflow/BPM

E-mail Management

Enterprise Rights Management/Digital Rights Management

Identity Management/User Authentication

Content Authentication

Content Addressed Storage

Trusted Time Stamps

Data Loss/Leak Prevention

Public Key Infrastructure (PKI)

Digital Signatures

Hierarchical Storage Management

Developing a Strategy

Enterprise Content Security Strategy Aligned to/Foundation of Corporate Governance Lifecycle Policy Driven Less is More File Type Agnostic Automated to the Degree Practical

Aligned to/Foundation of Corporate Governance

Lifecycle

Policy Driven

Less is More

File Type Agnostic

Automated to the Degree Practical

Market Reality Source: AIIM Content Security Market IQ, 2007 Is Your Organization’s Content Security Strategy Driven More by a Desire to Lock Down Content or to Enable Secure Collaboration?

Market Reality How Well is Content Security Understood in Your Organization? Source: AIIM Content Security Market IQ, 2007 Well aware and are expressly addressing it. Vaguely familiar and understand its relationship to the broader topic of security. Not sure how this is different from security in general. No clear how understanding.

Market Reality Within the Last 2 Years Has Content Been Updated/Deleted by an Unauthorized Individual Either Deliberately or Accidentally? Source: AIIM Content Security Market IQ, 2007

Market Reality Within the Last 2 Years Has Content Been Inappropriately Accessed by an Unauthorized Individual Either Deliberately or Accidentally? Source: AIIM Content Security Market IQ, 2007

Is There an Appreciation for the Potential Cost Associated with the Risk of Unsecured Content in Your Organization? Market Reality Source: AIIM Content Security Market IQ, 2007

Is There an Appreciation for the Potential Cost Associated with the Risk of Unsecured Content in Your Organization?

Market Reality Who Owns The Content Security Initiative in Your Organization? Source: AIIM Content Security Market IQ, 2007

Market Reality What is Your Organization’s Current Involvement With Content Security? Source: AIIM Content Security Market IQ, 2007

Market Reality Do You Have a Specific Group Within Your Organization to Address Content Security? Source: AIIM Content Security Market IQ, 2007

Assuming Budget is Available, What are the Primary Obstacles to Implementing Content Security? Market Reality Source: AIIM Content Security Market IQ, 2007

Assuming Budget is Available, What are the Primary Obstacles to Implementing Content Security?

Why Care? Security is a major issue for CxOs Flexible, Comprehensive Enterprise Governance Knowledge Management, Innovation Management, Collaborative Teams, Enterprise 2.0 M&A, e-Discovery, Conflict of Interest, Minimizing Mistakes & Embarrassment Strategic deployment and alignment with business provides competitive advantage, holistic benefit Responsiveness Reduced Costs Increased Access Content Security is critical but requires positioning and education

Security is a major issue for CxOs

Flexible, Comprehensive Enterprise Governance

Knowledge Management, Innovation Management, Collaborative Teams, Enterprise 2.0

M&A, e-Discovery, Conflict of Interest, Minimizing Mistakes & Embarrassment

Strategic deployment and alignment with business provides competitive advantage, holistic benefit

Responsiveness

Reduced Costs

Increased Access

Content Security is critical but requires positioning and education

Market Education

Q & A Carl Frappaolo Vice President, Market Intelligence [email_address] Thank You