Collaborative Rights Management

Collaborative Rights Management



Collaborative Rights Management enables secure collaboration for sensitive documents flowing through internal and external business ...

Collaborative Rights Management enables secure collaboration for sensitive documents flowing through internal and external business
processes, by automating document access and usage controls across enterprise applications and endpoints.



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Collaborative Rights Management Collaborative Rights Management Document Transcript

  • Collaborative Rights ManagementCollaborative Rights Management enables secure collaboration for sensitive documents flowing through internal and external businessprocesses, by automating document access and usage controls across enterprise applications and endpoints.The ChallengeFor companies operating in today’s global and competitiveenvironment, it is no longer an option not to share valuable cRM - A New Approachinformation. From collaborative design and supply chain processes,to outsourcing business functions, such as Human Resources and Apply Attributes not TemplatesInformation Technology, companies find themselves with an ever Apply rights automatically, using attributes,greater need-to-share. such as document content and classification. Enable first-time offline policy evaluation andThis need-to-share, however, comes with increased risks that eliminate reliance on manual processesare challenging the traditional notion of need-to-know security.Once shared, the information is no longer under the control ofthe company. Nevertheless, unauthorized access and use of such Evaluate Policies not Permissionsinformation constitutes a violation of the company’s regulatory Dynamically determine and evaluate multipleobligations, as well as loss of its competitive advantage. policies simultaneously, as opposed to evaluating static permissions. With cRM,Limitations of Traditional Rights Management companies need a fraction of the number of policies they would need with otherRights Management has long held promise to protect and control approachesdata on the move. However, traditional Rights Managementsolutions are not suitable for today’s collaborative scenarios. A corecomponent of traditional solutions is a rights protection template, Provide Authorization notwhich represents static permissions that govern access and use Authenticationof the document. These permissions have to be manually applied Supports any existing identity infrastructure,and reapplied by a designated group of trained users each time including directory services, SAML tokens,access requirements for the document change. At the rate at which and user claims, enabling seamless externalinformation is created today, relying on a small group of users alone to collaborationapply static permissions significantly slows down business operations.In addition to creating an inefficient manual process to apply rights, Protect at the Document Level nottraditional solutions are not suitable for today’s sensitive data, which Application Levelcan be subject to multiple business authorizations (e.g., compliance, Works across all document and applicationIP protection, privacy). In such cases, the number of rights protection types and does not force users to use anytemplates required to protect documents at enterprise volumes can particular application or proprietary viewersquickly reach millions, often prompting IT administrators to cite thatthey have more rights protection templates than sensitive documents.Finally, traditional rights management solutions typically relyon an authentication infrastructure, such as Active Directory.For collaboration, however, reliance on a single authenticationinfrastructure simply makes the solution unusable for externalcollaboration, as authentication infrastructures vary from onecompany to another.
  • Legend Legend Unprotected Unprotected Protected Protected Design Engineer NextLabs cRM 1 . Statu s : R e l e a s e Design Engineer United States United States e as 4. Upload ele :R 2. Upload us PLM te at pla St m PLM 1. Te se2. ... lea Re ... 5. Download ... 3. .. 3. Download Rights Administrator United States Manufacturer Manufacturer China China Figure 1a: Traditional Rights Management Workflow Figure 1b: cRM WorkflowA New Approach Once the Rights Administrator applies the appropriate template, he sends the now protected document back to the Design Engineer.NextLabs Collaborative Rights Management overcomes the After receiving the protected document, the Design Engineer is (Steprestrictions above with a unique approach to the problem. By 3) ready to release it in the Product Lifecycle Management (PLM)applying the eXtensible Access Control Markup Language (XACML) system (Step 4) for manufacturing collaboration. Finally, in Step 5,standard from Oasis, cRM simultaneously addresses the myriad of the Manufacturer downloads the document from the PLM system.information risk requirements faced by today’s companies, while However, the Manufacturer cannot yet get access to the document inworking effectively across today’s heterogeneous IT infrastructure. offline mode, as he first needs to be online to obtain the appropriateUnique aspects of the NextLabs approach include: template in order to get access. Once the Rights Management product downloads the template, he can now access the document in• Attribute not Templates restricted mode (e.g., printing, copying not allowed).• Policies not Permissions Figure 1b) depicts the execution of the same business process with• Authorization not Authentication NextLabs cRM. As the picture indicates, the workflow with cRM is much simpler. With cRM, appropriate rights protection is triggered• Document Level Protection not Application Level Protection automatically, based on attributes, as opposed to manually basedA Comparative Workflow on rights protection templates selected by Rights Administrators. Attribute application can be performed by end-users (e.g., a DesignIn order to explain what’s new with the NextLabs approach, it’s useful Engineer labeling the document status as release indicated in Step 1)to differentiate traditional and cRM approaches.The diagram above or performed automatically, based on the content contained withinillustrates some of the key differences between the traditional and the document. Unlike template selection, in applying attributes, thecRM approach. Figure 1a depicts a typical workflow with a traditional user does not need to know the identity of the various end-users andRights Management solution. An end-user (e.g., Design Engineer) their corresponding levels of access for future use; cRM determinesis trained that design drawings that are ready for release need to this information dynamically at the time of information access. As abe protected. Applying the appropriate protection is typically not result, there is no need for Rights Administrators to perform the taskdone by end-users, as they do not have the knowledge to select of template selection.the appropriate rights protection template. Instead, a specialgroup of trained users (Rights Administrators) need to apply the Once the attributes are applied, the Design Engineer simply uploadsrights. Thus, the Design Engineer in Step 1 sends the document to the document to PLM in Step 2, and afterwards it is downloaded bya Rights Administrator. Rights Administrators a) understand the the Manufacturer in Step 3. Unlike with traditional solutions, withorganizations’s information risk management policies and b) can cRM, the Manufacturer has first-time offline access, since there is noanticipate the identity of various end-users (external and internal) need to download a template. The rights of the Manufacturer on theand their corresponding levels of access for future document use document (e.g., right to print or copy) are determined and enforced(Step 2). dynamically by cRM.
  • Collaborative Rights Management Management Server ClientOverviewNextLabs’ Collaborative Rights Management (cRM) enables Endpointsecure collaboration for sensitive documents flowing through Content Serverinternal and external business processes, by automating NXL cRM Clientdocument access and usage controls across enterprise Control Center cRM Server Information Endpoint Policy Controllerapplications and endpoints. Control Entitlement Manager PlatformAutomated Rights Application Server Policy Controller doc EndpointcRM triggers rights protection automatically, based on user Microsoft RMSgestures and content attributes. Designated end users canautomatically trigger rights application by classifying data;rights can also be triggered automatically based on content Figure 2: cRM Product Componentscharacteristics, such as keywords, textual patterns, and specialsequences (e.g., National Identifiers, SSNs) Center, the leading XACML-based Information Control Platform.Access Control Across Identity Domains Once developed, cRM policies are pushed to Policy Controller, which is the policy evaluation engine. As users make requests tocRM determines applicable rights protection policies and access data on clients and server applications, Collaborative Rightscontrols document access dynamically based on context, Management Client (cRMC) and Collaborative Rights Managementcontent, and identity attributes, sourced from both internal and Server (cRMS) dynamically apply and enforce rights, based onexternal domains. Identity attributes from directory services, evaluations performed by the Policy Controller.SAML tokens, and user claims, can all be incorporated intocontrolling access. Collaborative Rights Management ClientUsage Control Across All Documents and Application Collaborative Rights Management Client (cRMC) is endpointsTypes software that provides document access and usage control across allcRM enforces granular usage rights across all applications and document types and applications.document types. Usage rights include common application Transparent Encryptionfunctions, such as Edit, Print, Copy, Copy Content, Send, andothers. It also deters users from capturing screen content using cRMC enables seamless user interaction with rights protectedexternal devices by applying security overlays (superimposing documents, which feel and behave like native (non rights protected)content on a document). documents. Rights protected documents are accessed using their native application and no proprietary editors are required.Audit Document Activity Collaborative Rights Management ServercRM monitors and records rights application and enforcementin real-time, to help provide a complete view of sensitive Collaborative Rights Management Server (cRMS) is an SDK thatdocument activity, across enterprise applications and can be used to integrate rights protection into enterprise applica-endpoints where cRM is deployed. tions. It is pre-integrated for NextLabs Entitlement Management products for SAP and SharePoint.Content Awareness Interoperable Rights ApplicationWith pre-integrated Data Loss Prevention (DLP) capabilities,cRM enables automatic rights application and enforcement, cRMS supports application across rights management technologies,based on keywords and textual patterns. including NextLabs, MS RMS, and Adobe Livecycle. Rights can be applied in both real-time (e.g., on document upload) and batchNextLabs File Format modes (e.g., by scanning document repositories).cRM supports all document types by wrapping them in a secure Classificationformat. Once wrapped, the data is encrypted and can only beaccessed by authorized users. cRMS persistently classifies across all document types. Classification can be applied based on document content and associated businesscRM Components data in enterprise applications (e.g., part classification in a PLM system, customer data in a CRM system).cRM policies are developed and managed within Control
  • NextLabs cRM Client Administrator Enterprise Application (ERP, PLM, ECM) NextLabs cRM Server Reporter LDAP / AD Policy Studio Server Policy Report Server Server CONTROL CENTER SW ITCH FIREWALL VPN Linux Offline Workstations User Mobile Microsoft Desktops Employee Partner PDA / Phone Network Figure 3: NextLabs Collaborative Rights Management System TopologyAbout NextLabsNextLabs®, Inc. is the leading provider of policy-driven information risk management (IRM) software for large enterprises. Our software offers acohesive solution for improving compliance and mitigating information risk by helping companies achieve safer and more secure internal andexternal collaboration, prevent data loss, and ensure proper authorization to applications and data.Our flagship data protection and entitlement management products, Enterprise Data Protection and Compliant Enterprise®, combine with theControl Center XACML-based policy management platform with integrated content aware and identity-driven enforcement technology to offerthe most comprehensive information risk management (IRM) solution. Our products preserve confidentiality, prevent data loss, and ensurecompliance across more channels and more points, within a single unified solution with the unmatched user acceptance and Total Cost of Own-ership (TCO).NextLabs’ partnerships with industry leaders such as IBM, SAP, Microsoft, HCL Axon, Adobe, HP, PTC, and Siemens bring to market industry-focused information risk management (IRM) solutions that combine industry best practices with turnkey applications, to meet customers’ gover-nance, risk, and compliance requirements. Visit NextLabs on the web at© 2006-2012 NextLabs, Inc. All Rights reserved. NextLabs, the NextLabs Logo, ACPL, Compliant Enterprise, the Compliant Enterprise Logo, and Enterprise DLP are trade-marks or registered trademarks of NextLabs, Inc. in the United States. All other trademarks or registered trademarks are the property of their respective owners. 8-08 2 Waters Park Drive, #250 n San Mateo, CA n 94403 USA n t: 650-577-9101 n f: 650-577-9102 n