Information Rights Management

Redefining Information

Security

The Traditional View to

Information Security• Perimeter:

"Traditional" Network Security

• Core: Desktops, Servers, Machines, OSes, Applications

• Content: Content in all forms, whether at rest or in motion

Perimeter

Core

Content

Perimeter Thinking• Traditional Security is

about securing the edge, primarily from outsiders

• Standard policy is:OUTSIDE = UNTRUSTEDINSIDE = (COMPLETELY) TRUSTED

• Traditional Security is generic and does lowest common denominator levels of protection to secure the network, apps, desktops, but not content specifically

Trusted

“Modern-Traditional”

Security• Due to VPNs, WiFi, HTTP

(web) traffic freely passing corporate firewalls

• Perimeter shrinks down to the device/person, regardless of where you are, how you're connected, what you’re doing

• This provides a new level of CONTEXT to security, only allowing trust to exist in very specific instances, although still typically a generic defense - securing the machine itself, but not the content on it, or sending to/from it.

Semi-Trusted

Application-Level Security• Document/Content

Management provides access into repositories with document/user level controls - a mini perimeter

• Records Management provides lifecycle management for Archive and Destruction

• Content is free to go where it will once it is out of those systems

Information Rights Management

• Policy-based• Imposed at the

document/user/application level (context)

• Omni-present • Auto-auditing• Content

Authentication• User Authentication• Encryption

POLICY

“Traditional” Security Strategy

Which of the following definitions of Digital Information Access Control most closely aligns with your definition?

Control & Secure Collaborate & Innovate

IRM Security Strategy

Which of the following definitions of Digital Information Access Control most closely aligns with your definition?

Control& Secure

Collaborate& Innovate

Risk vs.Benefit

Why IRM?•Conflict of interest•Self-regulating secure access

•M&A•Bi-directional sharing files in a

controlled space•No extended sharing•Project timeline

Why IRM?•E-Discovery•The “Ultimate” Secure Collaboration

Platform•No extended sharing - In Context•Automated Clawbacks•Dynamic enabling/disabling•Automated & Complete End of Trial

Expiration•Policy-based / repeatable

Market RealityWithin the past 2 years, has content been accesses by an unauthorized individual either deliberately or accidentally?

Is Your Organization’s Content Security Strategy Driven More by a Desire to Lock Down Content or to Enable Secure Collaboration?

Market RealityWithin the past 2 years, has content been accesses by an unauthorized individual either deliberately or accidentally?

How Well is Content Security Understood in Your Organization?

0% 7.5% 15.0% 22.5% 30.0%

Well Aware and areExpressly Addressing It

Vaguely Familiar and Understandits Relationship to the BroaderTopic of Security

Not Sure How This is DifferentForm Security in General

No Clear How Understanding

Market RealityWithin the past 2 years, has content been accesses by an unauthorized individual either deliberately or accidentally?

What is Your Organization’s Current Involvement With Content Security?

Developing a Strategy

Assuming budget is available, identify the primary obstacles to implementing Digital Information Access Control?

Control& Secure

Collaborate& Innovate

Why Care?•Security is a major issue for CxOs•Future-proofing your business

requires addressing this as competitive advantage

•IRM is critical but requires positioning and education

•Strategic deployment and alignment with business provides competitive advantage, holistic benefit

•Carl Frappaolo•Cfrappaolo@aiim.org•617 933 2584

Q & A