IBM Enterprise Content Management (ECM) provides integrated modules to securely manage unstructured data from creation to disposition. It identifies sensitive content and intellectual property across vast amounts of dark data and takes action to remediate regulated content and reduce risk. ECM also automates retention and disposition of records through policies to securely delete non-essential data over time.

1. © 2015 IBM Corporation
Data Governance: How secure is your Unstructured Content?
Protecting your crown jewels with IBM ECM
Richard Saglimbene
IBM ECM Smarter Content Consultant
rsaglimb@us.ibm.com
April 30, 2015
1

2. © 2015 IBM Corporation
Disclaimer
Please Note:
IBM’s statements regarding its plans, directions, and intent are subject to change
or withdrawal without notice at IBM’s sole discretion.
Information regarding potential future products is intended to outline our general
product direction and it should not be relied on in making a purchasing decision.
The information mentioned regarding potential future products is not a commitment,
promise, or legal obligation to deliver any material, code or functionality. Information
about potential future products may not be incorporated into any contract. The
development, release, and timing of any future features or functionality described
for our products remains at our sole discretion.

3. © 2015 IBM Corporation
Sophisticated attackers break through safeguards every day
SQL
injection
Watering
hole
Physical
access
MalwareThird-party
software
DDoSSpear
phishing
XSS Undisclosed
Attack types
Note: Size of circle estimates relative impact of incident in terms of cost to business Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014
2011
Year of the breach
2012
40% increase
2013
500,000,000+ records breached
61% of organizations say
data theft and cybercrime
are their greatest threats
2012 IBM Global Reputational Risk & IT Study
$3.5M+ average cost
of a data breach
2014 Cost of Data Breach, Ponemon Institute

4. © 2015 IBM Corporation
Security leaders are more accountable than ever before
Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series
Loss of market
share and
reputation
Legal exposure
Audit failure
Fines and
criminal charges
Financial loss
Loss of data
confidentiality,
integrity and/or
availability
Violation of
employee privacy
Loss of
customer trust
Loss of brand
reputation
CEO CFO/COO CIO/CISO CHRO/CDO CMO
Your board and CEO demand a strategy

5. © 2015 IBM Corporation
Applications
WEB
APPLICATIONS
WEB 2.0
DATACENTERS PCs LAPTOPS
Infrastructure
CLOUDMOBILE NON-TRADITIONALMOBILE
Security challenges are a complex, four-dimensional puzzle…
People
EMPLOYEES ATTACKERS OUTSOURCERS SUPPLIERS
CONSULTANTS PARTNES CONSUMERS
Data STRUCTURED AT REST IN MOTION
…a holistic approach is needed
CONSUMERS
IN MOTION
MOBILE
APPLICATIONS
MOBILE
EMPLOYEES
UNSTRUCTURED
WEB 2.0
CLOUDPCs
OUTSOURCERS
STRUCTURED
SYSTEMS
APPLICATIONS

6. © 2015 IBM Corporation6
IBM is positioned
to help

7. © 2015 IBM Corporation
IBM
Security
Systems
IBM
Security
Services
IBM Security invests in best-of-breed technologies
2002 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
…and we are relentless innovators
• new or updated offerings in the last 12 months
• Major innovations in every IBM security domain
70+

8. © 2015 IBM Corporation
IBM Security capabilities to help reach security maturity
• Prevent transactions from
malware infected endpoints
• Login challenge questions
• Device ID rules
• Protocol analysis
• Anomaly detection
• Virtualization security
• App state awareness
• Endpoint / network
security management
• Perimeter security
• Host security
• Anti-virus
• Predictive analytics
• Flow analysis
• Big data workbench
• Threat modeling
• SIEM
• Vulnerability management
• Log management
ADVANCED
BASIC
• Hybrid scanning
and correlation
• Mobile app scanning
• Web application
protection
• Source code scanning
• Application scanning
• Identity governance
• Fine-grained entitlements
• Privileged user management
• User provisioning
• Access management
• Directory management
• Crown Jewel protection
• Data governance
• Data masking
• DB activity monitoring
• Data loss prevention
• Encryption / key
management
Advanced
Threat
Cloud
Mobile & Internet
of Things
Compliance

9. © 2015 IBM Corporation9
Protecting the Crown Jewels with
IBM Enterprise Content Management

10. © 2015 IBM Corporation
What is your plan of defense?
IBM ECM provides a 2nd line of defense
INTELLIGENCE is the new defense
IBM ECM supports deep analysis of your enterprise unstructured
data to better understand vulnerabilities
INTEGRATION is the new foundation
IBM ECM provides integrated modules to manage and secure
your unstructured data from creation to disposition
EXPERTISE is the new focus
IBM ECM is the global leader and trusted partner in delivering
solutions to manage and secure content
Which data
was
affected?
What happens when your 1st line of defense is breached?
How do you protect the crown jewels?

11. © 2015 IBM Corporation
Source: Gartner, ECM Market Share, June 2, 2014
IBM ECM leader in both growth and market share
Source: IDC, ECM Market Share, June, 2014
Source: Gartner, Magic Quadrant for Enterprise Content Management, 25 September 2014,
G00262932
Company Growth Share
IBM 6.9% 19.8%
Open Text 4.0% 15.6%
EMC 1.0% 8.2%
Microsoft 8.1% 6.6%
Oracle 0.9% 5.4%
HP (Autonomy) 6.8% 5.1%
Company Growth Share
Content Management
IBM 7.0% 15.9%
Open Text 1.9% 8.8%
Microsoft 9.9% 7.4%
EMC 0.2% 7.2%
Oracle -2.3% 4.7%
HP 3.8% 4.4%
Hyland Software 16.2% 4.0%
IBM ECM is THE Market Leader

12. © 2015 IBM Corporation
AP manager
paying invoices
Taxi driver
giving a receipt
Leasing sales manager
mining contracts
Marketing manager posting
on-line product videos
Salesman submitting
a sales order
Branch manager accepting
a mortgage application
eCommerce product manager
updating product photos
Government agency
processing benefits
Telecom billing manager
preparing customer bills
Hospital searching
medical records
Insurance adjustor
processing claims
Business Content and the Crown Jewels are Everywhere
12
Financial advisor discussing
portfolio options by phone

13. © 2015 IBM Corporation
Organizations are sitting on vast amounts of Risk and Waste
Typical organizations have large volumes of dark data
with little insight into the information and any data breach can release the
following:
Personally identifiable information (PII)
Highly confidential information (HCI)
Payment Card Industry (PCI) data
Intellectual Property (IP)
Emails
Audio and Video Assets
Typical organizations retain petabytes of ROT data
Redundant, obsolete and trivial
Redundant data—duplicates that are no longer of value
Data that has aged past its useful life
Data that has no ongoing business value
69%
Typical amount
of unstructured
data that has no
value1

14. © 2015 IBM Corporation
http://www.gartner.com/newsroom/id/2758717
Key Take-Aways….
1. Develop a data-centric security approach: Start Now
2. Identify gaps in the current implementation of your data
security policies and review the risks
3. Develop and manage an enterprise data security policy
that defines data residency requirements
4. Collaborate across trusted team members to develop
and manage an enterprise data security policy
A1
A2

15. Slide 14
A1 ADMINIBM, 3/10/2015
A2 ADMINIBM, 3/10/2015

16. © 2015 IBM Corporation
IBM Holistic Content Centric Security
Source: Dayhuff Group

17. © 2015 IBM Corporation
Content Intelligence for the Enterprise
A Critical First Step in Applying Best Practices to protect the Crown Jewels
Understand Enterprise Content and Data
– What kind of content is being stored?
– Who owns it?
– Where is it stored?
– What are the costs associated with it?
– Where is it being used?
• Why?
– The sheer volume of data makes traditional management methods ineffective
– Sensitive content and intellectual property can be stolen
– Data represents legal & GRC risk that could result in very large costs & fines
– Data with business value is not leveraged by LOB’s
– Storage acquisition costs continue to rise due the increase in Data, even though
much of it may be disposed of

18. © 2015 IBM Corporation
IN-PLACE Data Analysis with StoredIQ
Reducing Risk: It all starts with understanding your content

19. © 2015 IBM Corporation
Reducing Risk: Identify potential compliance issues
IN-PLACE Data Analysis with StoredIQ

20. © 2015 IBM Corporation
StoredIQ: Identify relevant content AND take action
Data about your content
Take action on content (move, copy, delete, etc.)
Use a combination of rules and machine learning to identify and classify content
Volume Relevance
Action
Filter3 – Classification
Filter2 – Full Text
Filter1- Metadata

21. © 2015 IBM Corporation
Identify, Analyze and Act on Unstructured Data
Managing Dark Content with StoredIQ
Secure High Business Value Content
IP, Pricing, Sales, Marketing, Contracts, Patent, Planning
Remediate Regulated Content
PII, PCI, HIPPA, HR, Financial Records, Customer
eDiscovery Identification and Collection
Early Data Assessment and Targeted Collection
Cleanup ROT Content
Redundant, Obsolete and Trivial Content

22. © 2015 IBM Corporation
StoredIQ Key benefits
Find the information that matters: Properly discover, classify
and manage information according to business value to reduce
risk and cost
Identify sensitive content and intellectual property: Find
misplaced client data, PCI, IP and privacy-regulated data
Migrate sensitive content to an IBM ECM Repository to
secure, protect and manage your assets
Get rid of old, obsolete data: Delete nonbusiness, aged and
obsolete data to reduce data volume and costs
Stratify information to accelerate:
– Cloud migration
– Investigations
– Post-acquisition and merger data integration

23. © 2015 IBM Corporation
Protecting content at rest with
IBM ECM Repositories
Store all critical and sensitive content in a managed repository
Encrypt all managed content at rest
Secure content with granular authentication and authorization
Deliver de-duplication of content and Smart compression
– Single copy of a document with support for versioning
– Also provides storage savings
Encrypted content over the network and internet
Storage Area Encryption
– Encryption enabled at storage area level
FIPS-140 compliant (AES-CTR algorithm)
Keys can be generated by the repository or externally generated and managed
Digital rights management support offered by partners … and more…covered in
upcoming slides!

24. © 2015 IBM Corporation
Protecting Content at Rest
Automate Retention and Disposition with IBM Enterprise Records
• Collect and classify records from disparate sources and
manage them in a records repository
• Apply retention schedules across disparate repositories
• Automatically apply time and event based retention
• Tightly integrates with IBM ECM Repositories
• Apply formalized legal holds
• Extensive Logging and Audit Functionality with
Reporting (who, what, when, why)
• Both Automatic and manual disposition of records that
are at end of retention period, of no business value and
not on legal hold
• Unified solution to define and manage disposition
workflows across electronic and physical records

25. © 2015 IBM Corporation
Example: PII and PCI Content
StoredIQ can address security concerns regarding sensitive data or data that is subject to a
compliance mandate through proper identification, forensic collection and audit reports.
• Built-in macros to identify PII
and PCI
• Create automated searches
• Produce reports detailing risk
exposure
• Migrate or copy content to a
secure repository
• Classify content
• Apply retention policies
• Set a retention policy of 7
years, but provide override
capability for events (e.g.
Litigation, Merger, etc.)
After 7 years and no pending events
(e.g. Legal Hold) or needed business
value, content is automatically deleted
from the secure repository
• Optional audit reports for
compliance mandates
• Supports hash values to
satisfy audits or inquiries

26. © 2015 IBM Corporation
Shadow images of confidential data can be left on unprotected systems
Most organizations do not have the ability to identify all of the Blind Spots
across their ecosystem!
Content in motion
Source: Dayhuff Group

27. © 2015 IBM Corporation

28. © 2015 IBM Corporation
Partner
Network
Internet
Corporate
VPN
How a Digital Rights Management solution works
Source: Dayhuff Group

29. © 2015 IBM Corporation
Benefits of Digital Rights Management
Integration with IBM Content Management
• Can inherit permissions from IBM ECM and/or manage permissions directly
• Supports a wide range of documents and files
Restrict document access
• Who: Individual users or groups
• How: view, edit, print, screen capture, VM, copy
• When: validity period, how many times
• Where: device, network address
Security travels with the documents anywhere
• Revoke sensitive documents by making them inaccessible on demand
Audit trail of document access and attempts
Supports mobile devices (Android, iOS)
Integration with DLP tools

30. © 2015 IBM Corporation
IBM ECM delivers efficient policy and schedule management with effective enforcement.
• Manage global taxonomy and
retention schedules for virtually all
information
• Syndicate and enforce retention
schedules on structured and
unstructured records and information
• Manage privacy and data protection
requirements globally and by
jurisdiction
• Coordinate your retention program
across business units, records liaisons
and legal more efficiently
• Collect, classify and sequester
records for ready, rapid retrieval
Managing content from creation to disposition
GOVERN-
MENT
OFFICER
RIM
LEGAL BUSINESS
IT
IT
IT
IT
Manage
legal
holds
Collect and
analyze
evidence
Manage
records and
comply with
the law
Declare
business
values and
needs
Govern in
place
Govern
structured
data
Lifecycle
governance data
source catalog
Govern
content and
messaging

31. © 2015 IBM Corporation
Visit our website
IBM Security Website
Watch our videos
IBM Security YouTube Channel
Read new blog posts
SecurityIntelligence.com
Follow us on Twitter
@ibmsecurity
IBM Security
Intelligence. Integration. Expertise.
133 countries where IBM delivers
managed security services
20 industry analyst reports rank
IBM Security as a LEADER
#1
enterprise security software
vendor in total revenue
10K clients protected including…
24 of the top 33 banks in Japan,
North America, and Australia
enterprise content management
Visit our website
IBM ECM Website
TOP 3

32. © 2015 IBM Corporation
Learn More at
ibm.biz/thatsECM
Thank You!