Information Rights Management
Coming of age
Presentation at InterOp 2009, Mumbai
Vishal Gupta
CEO, Seclore

Information exchange in the collaborative world
WhatInformationaninformation shared withEmployees lost by organisation
happens if is exchanged between & vendors of the join a competitor ?
Information is exchanged between employees a vendor is & employees & customers
What happens if employee with privileged access leaves to the vendor ?
VENDORS
CUSTOMERS
Enterprise
Firewalls
Competitors
TELEMARKETER
VPN
SSL
UTM
…

Underlying Issues
Share it = It becomes his (also)
Ownership and usage cannot be separated
Shared once = Shared forever
Impossible to “recall” information
Out of the enterprise = Free for all
Technology & processes are only applicable within

The Result
Information lands up in public websites !

Information lifecycle …
Create Store Transmit & collaborate Use Archive & Backup Delete
Desktops Shared Desktops
folders Removable
media
Laptops Content Backup
Management
Laptops
Remote Document
Mobile Email retention
desktops
devices
Instant Mobile Archive
Messaging
Online devices
Removable workspaces
media
Security
DLP Anti-virus Anti-… SSL UTM IDM DLP Vaults Digital shredders
Hard disk encryption Application security
Heterogeneous policies … Heterogeneous infrastructure

Options for securing unstructured
information
Option 1 : Control Distribution
...
Security Collaboration

Options for securing unstructured
information
Option 2 : Control Usage
...
Security Collaboration

Information Rights Management
Rights management technologies allow enterprises to define and implement
information usage “policies”. A “policy” defines :
• WHO can use the information
People & groups within and outside of the
organization can be defined as rightful users of
the information
• WHAT can each person do
Individual actions like reading, editing, printing,
distributing, copy-pasting, screen grabbing etc.
can be controlled
• WHEN can he use it
Information usage can be time based e.g. can
only be used by Mr. A till 28th Sept OR only for
the 2 days
• WHERE can he use it from
Information can be linked to locations e.g. only
3rd floor office by private/public IP addresses

Information Rights
Management
Policies are
• Persistent : Policies are implemented on information and all its
copies wherever they are transmitted or stored
• Dynamic : Policies can be changed without having access to or
redistributing the information
• Monitored : Policy changes can be monitored
User actions are
• Monitored : Individual actions ( authorized AND unauthorized ) like
viewing, editing, printing etc. are monitored and centrally
available in a reporting tool

Scenario: Research
reports & drawings
WHO WHAT WHEN WHERE
Read Edit Print Distribute
Sanjiv Yes Yes No No Till the time of Within office
employment network
Rahul Yes No No No 30th November Within office
2009 network
Rahul
a tion
ani z
org
Sanjiv

About
Seclore is a high growth information security product company focussed on
providing Security without compromising collaboration
Seclore’s flagship product Seclore FileSecure is used by More than 1
million users & some of the largest enterprises