1© Copyright 2008 EMC Corporation. All rights reserved.

David MendelSr. Product Marketing ManagerEMC CorporationJune 2008

EMC Documentum Information Rights Management

2© Copyright 2008 EMC Corporation. All rights reserved.

Securing Content Across the Enterprise

Confirm System is Secure – Auditing

Securing the PeopleAuthentication

Identity ManagementAccess Control & Authorization

Securing the ContentEncryption (TCS)

Digital Shredding (TCS)Retention Management

Leaving the Repository – Information Rights Management (IRM)

Ensure System is Secure – Hardening and Validation

Documentum Security Overview

Inside the Repository

3© Copyright 2008 EMC Corporation. All rights reserved.

Persistent Protection of Content

You secure your content at rest…

You ensure only certain people can access the content…

But once an authorized user opens the content, they are free to do whatever they want with it!

This is where IRM is needed

4© Copyright 2008 EMC Corporation. All rights reserved.

IRM Is Equivalent To Having a Remote Control…

• IRM is equivalent to having a remote control over your information

• IRM allows instant response to events and changing security conditions:

─ Employee changes

─ Changing partner relationships and roles

─ New document versions

─ Loss of laptops and storage media

─ Instant expiration control

5© Copyright 2008 EMC Corporation. All rights reserved.

Business Drivers for Content Security

Protect intellectual property– Trade secrets– Competitive information– IP theft– Secured collaboration

Compliance– Regulations– Classified Information– Audits

Risk mitigation– Legal exposure– Data loss– Privacy breaches

5

6© Copyright 2008 EMC Corporation. All rights reserved.

Workflow Integrations

How does IRM work?

Content is always encrypted with the encryption keys & policy rights stored on a Policy Server.

Policies are dynamic – rights can be changed or revoked at any time regardless of where the document resides.

IRM Policy Server

Content Owner+

Policy+

Policy

Desktop Integration

Content Mgmt, eRoom

7© Copyright 2008 EMC Corporation. All rights reserved.

Document Generation

Data values drive business rules to generate document from template

DocumentAssemblyEngine

New Account Opening Use CaseIncorporating IRM with Content Management

• CRM• Policy Origination System• Loan Management System

Transaction Data

From LOB systems or eForm

Documentum repository

Generated documents managed and archived and rights policy automatically assigned

Name J.Doe

Age 27

Cust. No

Review / Edit

Documentum workflow used as routing engine

Multi-Channel Delivery

Document delivered via selected channel

CD-Rom

Email

Wireless

Portal

Policy Server

Store rights management policies and encryption keys

8© Copyright 2008 EMC Corporation. All rights reserved.

Features – Rights Enforcement by Policy

A document policy defines: Who can view

What PDF pages can be viewed

When it can be viewed

If copy or edit is allowed

If printing is allowed

If guest access is allowed

If offline viewing is allowed

Automatic expiration

Dynamic watermarks

9© Copyright 2008 EMC Corporation. All rights reserved.

Additional Functionality

Use of native business application– Uses plug-in within native business application, no 3rd party client.

Dynamic policies controls– Change or revoke privileges at any time, regardless of where document

physically resides

Continuous, granular audit trails– All policy controlled actions (and attempted actions) tracked, even off-line

mode

Leverage existing authentication infrastructure– Speeds deployment and minimizes impact to administration

Software Development Kit (SDK)– Extend IRM functionality to custom applications or new content types

10© Copyright 2008 EMC Corporation. All rights reserved.

Customer Case Study – VHA Novation Alliance

VHA - Company Background– Health care alliance formed in 1977– Nation-wide network of over 2,200 leading community-owned health care

organizations and their physicians– VHA network includes 27% of the nation's community hospitals

Novation – Company Background– Established in 1998 through consolidation of supply chain programs of VHA and

University HealthSystem Consortium (UHC)– Leading contracting services company in health care– Serves purchasing needs of over 2,500 members and affiliates of VHA and UHC and

over 12,000 Provista customers– Offers the most extensive range of advanced contracting services, such as contract

development & management, custom contracting and enhanced savings programs– VHA, UHC and Provista members and used Novation and alliance contracts to

purchase $33.1 billion in supplies and services in 2007.

11© Copyright 2008 EMC Corporation. All rights reserved.

Business Challenges Driving Need for IRM

Novation publishes marketing and contract information to member-facing, secure, web sites using Documentum WCM.

Actual signed contracts were confidential and not available on web sites.

Members could request to view a copy of an actual contract. Audience was usually CEO, CFO, Director, Materials Management or Director, Pharmacy.

Process prior to IRM:– Member makes request to view contract.– Novation sends hard-copy of contract to account executive via overnight delivery.– Account executive “walks in” copy of contract to meeting with member.– Contract is reviewed in presence of account executive.– Account executive leaves taking copy of contract with him.– Copy of contract is shredded by account executive.

THE BOTTOM-LINE:

Keeping contracts confidential was a labor intensive, costly process

12© Copyright 2008 EMC Corporation. All rights reserved.

What’s the Solution?

needed a more efficient and highly secure way to share contract information with alliance members.

wanted to leverage existing Documentum WCM to publish contracts to the web.

wanted the contracts in a “standard” read-only format.

needed security – only authorized users could access contracts.

was concerned that contracts downloaded by authorized users “might find their way” to unauthorized users, non-members, suppliers or competitors.

13© Copyright 2008 EMC Corporation. All rights reserved.

The Solution – Documentum IRM

Contracts scanned into PDF format

Members fill out online form to request access to documents.

Customer service grants/denies access after verification.

Members use same username/password to access website and documents.

Approved members have 24x7 access to contracts.

14© Copyright 2008 EMC Corporation. All rights reserved.

Initial Implementation Details

3,000 system-wide users

Policies automated through use of Policy Templates

Integrated with Active Directory for authentication/authorization

Set up user groups– View only privileges for authorized members– View only privileges for employees– Authoring privileges for contract administration– Printing privileges for legal

15© Copyright 2008 EMC Corporation. All rights reserved.

IRM Use Expanded after Initial Implementation

Securing confidential, internal documents– View only access to all employees– Published to corporate intranet– User must access document through corporate network or VPN.

Enhanced savings programs rebate documents secured for members– Uses same template as contract documents– Published to web site using Documentum WCM

Secured VHA Annual Financial Report– Access restricted to VHA CEOs and CFOs only.– New user group and AD group created to control access.

Secured Novation Management Dashboard– Access restricted to select employees.– New user group and AD group created to control access.

16© Copyright 2008 EMC Corporation. All rights reserved.

Key Benefits to using Documentum IRM

Flexible - Ability to have separate rights policies

Dynamic - Policies can be changed “on the fly.”

Ability to use multiple Active Directory forests to control access.

Instant expiration of outdated documents

Instant removal of former employees, members, etc.

Screen-prints, copy & paste are disabled

Auditing - Ability to track usage of documents and run reports

And… SECURE! SECURE! SECURE!

17© Copyright 2008 EMC Corporation. All rights reserved.

?