In the "new new" world of consumerization, cloud, and mobile, controlling information usage as it flows within and outside the enterprise requires new approaches. Traditional access control and governance frameworks break down when devices, applications and networks are "unmanaged". Information centric view of security, privacy, & compliance controls then becomes the only option. This session introduces IRM as a technology & how it can be used along with enterprise content management (ECM) systems to extend ECM security controls.
7. www.aiim.org/infochaos
Do
YOU
understand
the
business
challenge
of
the
next
10
years?
This
ebook
from
AIIM
President
John
Mancini
explains.
8. #AIIM14
Client
scenarios
§ 240,000
employee
European
bank
§ Extensive
usage
of
ECM
§ Worried
about
security
and
compliance
of
content
when
FileNet
use
is
extended
to
external
agencies
§ One
of
the
five
largest
telecom
companies
in
the
world
§ Centralized
use
of
ECM
across
operaCons
§ Worried
about
regulatory
compliance
around
customer
and
employee
data
§ One
of
the
five
largest
paints
and
coa/ngs
company
in
the
world
§ Usage
of
ECM
across
group
R&D
funcCons
§ Worried
about
“opening
up”
FileNet
for
mobile
access
due
to
security
reasons
9. #AIIM14
ECM
security
-‐
stand
alone
ECMUser
Edited
Copied
Printed
Shared
Un-protected File
Authorized
access
Unauthorized
use
10. #AIIM14
The
dream
…
WHO can use
People & groups within and outside of the organization can be
defined as rightful users of the information
WHAT can (s)he do
Individual actions like reading, editing, printing, distributing,
copy-pasting, screen grabbing etc. can be controlled
WHEN can (s)he use it
Information usage can be time based e.g. can only be used by
Mr. A till 28th Sept OR only for the 2 days
WHERE can (s)he use it from
Information can be linked to locations e.g. only 3rd floor
office by private/public IP addresses
12. #AIIM14
• WHO can use the information
People & groups within and outside of the organization can be defined as rightful
users of the information
• WHAT can each person do
Individual actions like reading, editing, printing, distributing, copy-pasting, screen
grabbing etc. can be controlled
• WHEN can he use it
Information usage can be time based e.g. can only be used by Mr. A till 28th Sept OR
only for the 2 days
• WHERE can he use it from
Information can be linked to locations e.g. only 3rd floor office by private/public IP
addresses
IRM allow enterprises to define, implement & audit information usage “policies”. A
“policy” defines :
Informa/on
Rights
Management
-‐
defined
13. #AIIM14
ECM
and
IRM
combined
User
Authorized
access
ECM +
Seclore FileSecure
Authorized
use
only
Edited
Copied
Printed
Viewed
Protected File
Distributed