Upload
deenu-yadav
View
216
Download
0
Embed Size (px)
Citation preview
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
1/34
Enterprise Rights Management
Enabler for Doing Business Today
Michael Coleman
Teamcenter Product Manager
May 2010
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
2/34
Page 2 May-10
Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
Enterprise Knowledge Management
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
3/34
Page 3 May-10
Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
Enterprise Knowledge Foundation
Enterprise Rights Management
Objective:
Describe Enterprise Rights
Management and its use in a
global product development
ecosystem
Outline:
What is Enterprise Rights
Management
Drivers and business
requirements of ERM PLM and ERM strategies
Partnership GigaTrust
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
4/34
Page 4 May-10
Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
Agenda
ERM at a glance
Drivers and business requirements of ERM
PLM and ERM strategy
Partnership - GigaTrust
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
5/34
Page 5 May-10
Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
We are confronted with changing security
requirements and threat scenarios
Previous: keep the bad guys out
Threat: Denial of service, viruses,
external attacks
Approach: Firewall, IPS/IDS, Anti-Malware
Solution: Protection of infrastructure
Now: assume they are already in
Threat: Theft intellectual property,
internal attacks
Approach: ERM, RBAC
Solution: Administration and protection of
information
Perimeter approach Information protection
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
6/34
Page 6 May-10
Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
Compliance
Secure usage
Secure transfer
Secure
storage& access
Information
Role Based Access Control
Policy Enforcement
Auditing / Logging
Least Privileges
VPN Encryption
Access Control Lists
Smart Cards
ERM includes all security aspects within the
information lifecycle
Standard methods / technologies:
Enterprise Rights Management:
Integration of many technologies
Protection of information itself
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
7/34Page 7 May-10
Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
Agenda
ERM at a glance
Drivers and business requirements of ERM
PLM and ERM strategy
Partnership - GigaTrust
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
8/34Page 8 May-10
Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
Drivers for Enterprise Rights Management
The development of new markets like China or India requires an extensive
exchange of critical information with external partners locally. Only an
adequate protection defends from imitation products.
Protection ofknow-how
E-Commerce of digital products is just profitable if the almost free
duplication and distribution of such goods is restricted.
Implementation ofnew business models
The digitalization of business processes are assumed to have a high
benefit. Due to compliance requirements many workflows can only be
digitized if appropriate security measures can guarantee the protection of
the distributed information.
Realization ofcom peti t ive advantages
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
9/34Page 9 May-10
Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
Digital Models
Most companies are adopting model-based product definition process
Objective is to ensure all pertinent design and manufacturing
information is contained in a three-dimensional digital product model and
related annotations
Information can be easily extracted into engineering deliverablessuch as inspection information, assembly instructions, and NC tool paths
Benefits of the digital product model include
increased design reuse
shorter product development cycles
faster time to market Digital Models (CAD and visualization files) contain valuable IP
In todays extended enterprise, the digital models are shared with
partners and suppliers worldwide, significantly increasing the risk of
misuse of IP
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
10/34Page 10 May-10Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
Business RequirementIntellectual Property Protection
From Our Customers:
Provide protection for Intellectual Property (in the form of JT, CAD,
Simulation or Specification files) in the Supplier / Partner
Collaboration process
Files are frequently transferred by email, download or transfer
media Growing pressure for support in global market (piracy, theft, )
Internal controls need to address - informal sharing and theft
From Siemens PLM:
Support for protection of Customers Intellectual Property in datadelivered to Siemens PLM
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
11/34Page 11 May-10
Copyright Siemens PLM Software Inc. 2010. All rights reserved.Siemens PLM Software
Agenda
ERM at a glance
Drivers and business requirements of ERM
PLM and ERM strategy
Partnership - GigaTrust
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
12/34Page 12 May-10
Copyright Siemens PLM Software Inc. 2010. All rights reserved.Siemens PLM Software
PLM Security Model
Control Intellectual Property
Who can access (user, group, team, role)?
What objects to access?
When does the individual gain access?
What action can be performed?
Manage at the system level
Project, Group, Folder
Manage at the object level
Access Control List for object
Support Inheritance
User
Data
Security applies to User, When he/she tries to Access Data.
Y
N
YN
Y
NY
N
Y
N
Y
Entitlement
Validation
- Message Access
- ACL
- Export Control
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
13/34Page 13 May-10
Copyright Siemens PLM Software Inc. 2010. All rights reserved.Siemens PLM Software
Current PLM Security / IP Protection
PLM
Web Server
Business Logic
Server
Database
Server
File
Server
RemoteClientsRemote
Clients
Local
Clients
Supplier 1
File
File
File
File
File
File
File
File
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
14/34Page 14 May-10
Copyright Siemens PLM Software Inc. 2010. All rights reserved.Siemens PLM Software
PLM Integration with ERM Solution
Leverage a commercial ERM solution
ERM is an enterprise purchase to include protection of e-mail, file
servers, and managed repositories
ERM Enable Applications
Integrate with ERM runtime client application to: Obtain permissions and decrypt the application file
Set permissions and encrypt the application file
ERM Runtime Client will interact with the rights management server
to obtain the appropriate permissions and encryption keys
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
15/34Page 15 May-10
Copyright Siemens PLM Software Inc. 2010. All rights reserved.Siemens PLM Software
Rights Management Components
File Encryption/Decryption
Manage Keys
Manage Policies and Rights
Audit Log
ERM Server
ApplicationFile
ERM Client
Application
File Encryption/Decryption
Obtain Rights
Audit User Actions
Plug-in
File
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
16/34Page 17 May-10
Copyright Siemens PLM Software Inc. 2010. All rights reserved.Siemens PLM Software
PLM Integration with ERM Solution
Leverage a commercial ERM solution ERM is an enterprise purchase to include protection of e-mail, file servers, and
managed repositories
ERM Enable Applications
Integrate with ERM runtime client application to:
Obtain permissions and decrypt the application file Set permissions and encrypt the application file
ERM Runtime Client will interact with the rights management server to obtain
the appropriate permissions and encryption keys
PLM integration to ERM Server
Background process to protect the application files encrypt andembed protections/rights All application file types supported by ERM vendor
Policy Management rights for user access Driven by PLM access control and rules
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
17/34
Page 18 May-10Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
File
Rights Management Components
File Encryption/Decryption
Manage Keys
Manage Policies and Rights
Audit Log
ERM Server
ApplicationFile
ERM Client
Application
File Encryption/Decryption
Obtain Rights
Audit User Actions
Plug-in
FileTeamcenter
Request File Encryption/Decryption
File
Specify Rights Access Audit Log
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
18/34
Page 19 May-10Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
PLM Security / IP Protection
PLM
Web Server
Business LogicServer
Database
Server
File
Server
RemoteClientsRemote
Clients
Local
Clients
Supplier 1
File
File
File
File
File
File
File
File
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
19/34
Page 20 May-10Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
PLM Integrated ERM
PLM
Rights Management on Files In Motion
In Use outside PLM
File
Client
Application
FileFMS
File
E-MailFile
File
At Rest
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
20/34
Page 21 May-10Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
Policy Management
Policy does not specify the user permissions
Rights Management provides permissions based on User
Credential, IP Identification, and Policy
User actions allowed
State of document - obsolesce / newer version
Watermark / Notification application can display
ClientRights
Management
Rights Management can interact with Teamcenter to get
permissions
Teamcenter
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
21/34
Page 22 May-10Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
Enterprise Rights ManagementKey Benefits
Provides persistent and dynamic access control to IP information
Precise control over file level data access rights such as file open,
copy, save, print, online and offline access
Action controls extensible to application features
Instantly updates access rights to shared files as needs change for fileversion control or changes in partner/employee relationships
IP information is secure everywhere, even outside physical firewalls
and secure content management systems
Robust design IP protection improves design and manufacturing
outsourcing processes
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
22/34
Copyright Siemens AG 2008. All rights reserved.
Siemens PLMERM Strategy
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
23/34
Page 24 May-10Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
Siemens PLM Software Phases to Support ERM
Phase 1 ERM Enable Applications
Open, Update, Copy/Paste, Print action controls
Protect files if write/update enabled
Phase 2 Teamcenter Protect Files for Supplier Collaboration
Protect files on export operationsUnprotect files on import operations
Phase 3 Teamcenter Rules driven protection of files
Dynamic rights driven by rules
Support external and internal access
Phase 4 Enhanced Application rights management
Additional applications action controls
Content level access controls
Technological
Foundation
JT can be protected
process
independently
Process support
PLM integration
(Teamcenter)
Sophisticated
processes and
use cases
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
24/34
Page 25 May-10Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
Challenges
Types of ControlsAccess Controls actions and content
Types of Controls static or dynamic
Content Level Access Controls
What content types to control access
PMI / GD&T
Properties / attributes
Components of an assembly
Part History
What granularity within a content type
Impact on authoring and tessellation/rendering
Multiple File Packages
CAD Models
Visualization
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
25/34
Page 26 May-10Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
Challenges
Federated Environments
Protections of information that is shared with suppliers/partners
Management of user authentication extended enterprise LDAP
Management of dynamic permissions user identification for rules
Scenario
OEM creates a rights protected file and sends the file tosupplier/partner. OEM trusts supplier to access the data, but
doesnt know the user.
Seamless Operation
Performance file encryption/decryption and client/server chattiness
User Impact accessing and protecting information
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
26/34
Page 27 May-10Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
Agenda
ERM at a glance
Drivers and business requirements of ERM
PLM and ERM strategy
Partnership - GigaTrust
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
27/34
Copyright Siemens AG 2008. All rights reserved.
GigaTrust Overview
Founded in 2000Security solutions that enhance and extendMicrosoft RMS
Protect data shared anywhere
Continuous protection from unauthorized use and loss
Won one of the largestRMS deployments, Veterans Admin
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
28/34
Page 29 May-10Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
The Solution
Enterprise Rights Management
Microsoft ApproachRights Management Services (RMS) native to Windows desktop
platform and Office applications alreadyon your desktop
GigaTrust Approach
Enhancenative RMS by delivering integratedsolution for the
things native RMS does not supporting: non-Office content andnon-Windows platforms PDF, CAD and BlackBerry devices
Microsoft + GigaTrust combine to bui ld a ful ly
in tegrated solut ion enhanc ing RMS to prov ide contro l
over the con tent and devices you use today and in the
future
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
29/34
Page 30 May-10Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
GigaTrust Enhancement of Microsoft RMS
GigaTrust Applications
Office 2000/XP/03/07, web server, non-Office
contentPDF & image files, customizable
viewer, RMS enable file shares, Blackberry
client, PLM/CAD
GigaTrust Identity Management Service
authenticate, provision, activate users across business
partner network and supply chain
Trusted
Authentication
Trusted
Application
Trusted User
Operating SystemMicrosoft Windows 2000/XP/Vista
Microsoft Apps
Office 2003/2007/S-Point
Microsoft AD
Intra-company
GigaTrust
Non-Windows
platform (RIM)
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
30/34
Page 31 May-10Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
GigaTrust Product Roadmap
Enabling Siemens PLM applications withMicrosoft Rights Management Services (RMS)
SPLM Application Security RightsPermission
File Type GA - Timing
JT2GO View and Print JT Shipping
Tc VisView (basic, pro,
mock-up)
View and Print JT, Shattered, PLMXML Q2 2010
Tc VisView (basic, pro,mock-up)
Above + Save (Views,Markups)
Above + Session + NX(CGM) open
Q3 2010
Tc VisView (basic, pro,
mock-up)
Above + Watermarks Above Q4 2010
NX See spec from NX team See spec from NX team Customer demand
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
31/34
Page 32 May-10Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
Enterprise RMS AdministrationManagement of RMS outside the enterprise
Connectors for Access and Content
Active Directory
LDAP
CA SiteMinder
GigaTrust Enterprise Plus
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
32/34
Page 33 May-10Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
GigaTrust Enterprise Plus
7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
33/34
Page 34 May-10Copyright Siemens PLM Software Inc. 2010. All rights reserved.
Siemens PLM Software
GigaTrust Contact Info
Darryl Worsham
www.gigatrust.com
mailto:[email protected]://www.gigatrust.com/http://www.gigatrust.com/mailto:[email protected]7/27/2019 Enterprise Rights Management as Enabler for Doing Business Today
34/34
Michael Coleman
Product Manager
Teamcenter
Siemens PLM Connection 2010
Nashville, TN
May 24-27