Central ECM Document Centralization Proposal
description
Transcript of Central ECM Document Centralization Proposal
Central ECM for Document Central-ization
Selected Features Only!
NetID Co., Ltd.
30 Jan 2012
- 2 -
NetID is based on abundant experience…
Com-pany
NETID Co., Ltd.
Yoo, Sang-Leol
Software SolutionInternet Service
9092 Garden Five, MunJeong-Dong,SongPa-Gu, Seoul, Korea
TEL : 02-588-0708FAX: 02-588-1012
March 6, 2002
March 6, 2002 ~
Plus DiskCentral ECM
Name
CEO
Business
Address
Phone
Founded
Doc Management
Products
Least # of Clicks
Employees save files readily
Intuitive document categories
Improves productivity of corporation
100% Effective, New Device Adaptive…
- 3 -
Our Business Area includes …We are working on solution business, ASP business through construction a wide variety of partnership based on our core technologies like security file server, online PC backup, … And we had been putting in a great deal of efforts to develop overseas market since foundation.
Plus DiskAs a package
Central ECM As a solution
KDISK’s homedrive.co.kr KT SafeDisk Hostway PC Backup LG Dacom Webhard Korea.com Mdisk Nate FileTank SKNetworks UbiHard
LG ElectronicsPlus Disk for NAS
- 4 -
Why Document Centralization?
Data Leak Criminals
70%Current&former em-ployees, Partners
Nowadays, the most important property of corporation is electronic document rather than real estate and machinery. However, the market research firm Gartner published that 90 percent of corporate documents exists on employee PC and the remaining 10 per cent are stored on the server. The Small Business Admin-istration also published that more than 70% criminals of Information Disclosure are current & former em-ployees or partners.
Corporations
Electronic Docu-ments
real estate and machinery
Corporation Documents
90%Personal
Computer
Corporation
Documents
10%
- 5 -
Corporation Reactions
Corporate reactions and problems
2. DIsk Re-turned Delete
1. File Encrypted Save
The Problems
To resolve the problem, files are saved encrypted and the hard disk of retired is returned to company. How-ever, some wiped hard drive can prevent the Information Disclosure? File encryption method also hinder the performance of your PC or can protect only the specified version of the program data. So most of appli-cation data can’t be protected.
Disk Wiped and
Returned?
Encryption Per-formance and
Effectiveness?
- 6 -
Problems of traditional ECM products
#1. POSCO decided to save all documents to cen-tral server through innovative project. All PC gener-ated documents are stored in server except 100MB local space only. But it made employees complain that PC storage allowance is differentiated for each team. #2. LG display employees created all documents on central servers instead of PC. They built a col-laborative environment. However, the complex classification system and the registration process made their work uncomfortable and their productiv-ity was reduced. LG Display thought the first project failed in fact. They made a new classifica-tion system and registration process also reduced by 20% of the existing.
#3. After document centralization, SK Telecom em-ployees thought it is rather easy to save docu-ments in the server but ‘download to read or edit’ was awesome! They canceled the centralization policy. Now employee PC and server storage are synchronized in real time.“These 1st generation companies of document cen-tralization keeps the document centralization con-cept but the strategy became flexible and user-
friendly. ”
POSCO Research & Development (R & D) team em-ployees were provide gigabit PC capacity. The ca-pacity became different for each team.
LG determined that the 1st project were failed. The document categories and registration process were significantly reduced based on user participation.SK Telecom has also guaranteed autonomy. Now saving on PC is free but the capacity on central server is limited. They are monitoring the effective-ness. Currently individual 2GB and departmental 20GB are provided. "
Complex user interface and document classi-fication system makes employees complain!
NEWSPAPEROct 31, 2010 ElectronicTimes
- 7 -
Why Central ECM?
Central ECM
What is the best product for corporate documents centralization and prevention of information leakage? The answer is Central ECM. Central ECM is easy, secure and corporate friendly. Let's take a look?
- 8 -
AS-IS
TO-
BE
It blocks file save to local drives. The policy can be set for each applications so that company file assets in-cluding office documents, CAD files, design files and source code can be protected.
Central ECM Server
Remote Drive(X:)
File Save-Block
ed
Employee PC/Notebook
Employee PC/Notebook
Employee PC/Notebook
Employee PC/Notebook
Why Central ECM?
- 9 -
Why Central ECM?This product enables us to use personal and team storage in the central server as if they are local drives. You can edit documents and play video as you do in the C: drive and you may distribute install programs also.
Also, you can use the storage in iPhone and Android phones also.
760,50
760,50
760,50
760,50
760,50
760,50760,50760,50760,50760,50
1. CAD file editing2. Document edit-
ing3. Video Play
5. Smart Phone Ap-plications
4. Install Programs
- 10 -
Why Central ECM?
128-bit SSLOnline Banking
Central Server
Transferring files from PC to a central server uses 128-bit SSL. This is the same as that used by online banking technology. Works with files on a central server are logged into the database and all files are saved encrypted using the ARIA(a kind of AES) algorithm automatically.
AlgorithmARIA AES based
- 11 -
Why Central ECM?
Central ECM
CitrixVmware
Central ECM provides personal and team document drives in Citrix and Vmware virtual desktop environ-ment also. In particular, Citrix XenApp logged on user is allowed to read from local disk of the PC but write is prohibited.
- 12 -
Central ECM Traditional ECM
Compared with traditional ECM products
Key features are local drive-based document management and security features (SSL, ARIA, logs).
OCI Company, Samsung Card, Seoul City, … are using.
Opening and saving documents are similar to the local drive (eg. X: drive) way.
All applications in company can use the drive.
Response to a new version, such as MS Office does not need a separate actions.
After install, Environments are the same as be-fore and document is available in high-perfor-mance.
Simple administrative environment makes it easy to manage the documents.
Detailed document category management is provided through a professional document man-agement capabilities.
Posco, Samsung Electronics, LG Display, … are us-ing.
Open and Saving documents involve security and performance issues because they are using temporary files and hooking techniques in em-ployee PC.
it is impossible to apply Hooking for some appli-cations.
The new version of MS Office, and the corre-sponding need a separate budget. It can be a significant burden.
It’s inconvenient and slow.
Complex administrative environment.
“We purchased expensive SW but it’s not useful.”
IT manager of ‘N’company
- 13 -
Compared with SBC(Server Based Computing) We support local disk lock function so that employees can’t save their document on their PC. This is cost effective and provides best performance and security.
Items Server Based Computing Local Disk Locking
Concept Employees use virtual machines for document centralization & DLP
Employees use existing PC but file save is not allowed for local disks.
Product Citrix XenDesktop, VmWare, … Central ECM
Document save location
Central Storage Central Storage
User Desktop Provides 20 virtual desktops per one virtual desktop server.
Existing PC as is
User environ-ment changes
User should logon to remote virtual desktop server to begin their work.
Same environment but local disk save will not be allowed for some applica-tions.
Cost •Expensive VDI license•More windows and office licenses for virtual desktops•Cost for many VDI servers•Central Server and Storage
•Reasonable ECM SW license•Central Server and Storage
Apply for •Limited use for sales person, work –at-home, …•Low performance for CAD works
•Very flexible for any kind of works
CPU Use of server CPU Use of PC CPU
RAM Use of server RAM Use of PC RAM
PC Video Card Can’t be used Use of PC Video Card
- 14 -
Deployment of Central ECM for document centralization
There are entities like Security Manager, Service Manager, team folder manager and normal users in Central ECM. If Central ECM uses the organization chart of legacy system, it provides useful collaboration environ-ment.
Access Log Encryption IP auth, …
Policy
Security Manager
Team Docs
Service Admin
Service Manager
Drives
Team Members
New Devices PC Backup
PersonalTeam
IPhoneAndroid
PC backup&restore
Folder CreationAccess Control
Org chartEmployeeStatistics …
Organizationchart
ECM
Central ECM
Team Folder manager
- 15 -
Organization-based document classification system
Auto Mapping
Storage #1
Storage #2
Seoul IDC
Storage #3
Storage #4
New York IDC
Storage #5
Storage #6
Storage #7
Tokyo IDC
Organization User Interface
America
Africa
Europe
Asia
Australia
Overseas
Sales
X:\NetID
America
Africa
Europe
Asia
Australia
Storages
Overseas
Sales
Central ECM is designed to use the organization chart-based document categories. If you are using auto-mapping feature, organization chart is reflected to the user interface automatically. In addition, each de-partmental document repository can be distributed in multiple locations.
- 16 -
User interface support for mobile environments
Windows Explorer XP/Vista/2003/ 2008/7
Java Explorer MAC, Linux Web Browser
IE, Firefox, Chrome, Safari
Smart Phone IPhone,
Android
In the Future IPAD Android Tablet Google TV
The users are allowed access to documents from any legal places.
Various user interface support
- 17 -
Smartphone and Tablet
Already supported IPhone, Android supported now Document drives Local storage Open documents
From 2012.1.1 IPAD, Galaxy Tab10.1 Authentication based on device ID Local file encryption Functions for lost devices
Mobile device users are increasing in enterprise market also. Central ECM provides easy interface for these kinds of users.
Option
- 18 -
Document Version Management
• Microsoft Office supported• Hangul supported• Other documents may be sup-ported• We save existing documents au-tomatically• Users can restore their past doc-uments• Past documents will be deleted after some configurable period
Version Management Original Document
Past Document
1 Document Edit & Save
2 Save existing document
3 Document Restore Request
4 Restore Document
Microsoft Office programs delete existing document before saving updated document. We don’t delete the existing document but save it at a temporary location so that users can restore it later.
- 19 -
File-name
Size DateFile Exten-
sion
Filename Search
Metadata Search
• Search for all docu-ment drives
• Filename Search
• Metadata Search
• Full Text Search Cus-tomization for each cus-tomers
Search
Metadata search will provide It’s own document category View…
File-name
Size DateFile Exten-
sion
Sub-ject
Con-tent
TypeKey-word
Metadata Search
You may use the search function which windows explorer provides. But, the function will be slow and network traffic intensive. So we provide our own filename search and metadata search functions.
Option
- 20 -
HappyNY.avi
Forecast.ppt
Use of document linksYou can share your document through UNC(Universal Naming Convention) path if it is saved in team drives. But, if the counterpart does not have proper permission, file access will be rejected by Central ECM.
Y:\STT_Electronics
Strategy
USA
Marketing
Oversea
File://Y:\marketing\overseaFile://Y:\ marketing\oversea\usa\forecast.ppt
TomDavid
- 21 -
Stable system operation by various security features
IP Filtering IP Authentication
Encrypted Transfer(SSL) File Access Log Encrypted Saving(ARIA)
Account Locking Password Complexity Secure Login ACL setting logging
Two kinds of admins SQL Injection, Cross Site Script, File Integrity,…
All documents are saved encrypted using safe speedy encryption algorithm, ARIA(based on AES).
Files are transmitted using 128 bit SSL from PC to server to prevent tapping.
User authentication and read/write/delete/rename/copy /move of all documents on server are logged.
All deleted files are kept for a certain period that em-ployees can’t delete important files on their own.
Security features on documents
Security for network elements
Security features on the human element
Other Security Features
Access Log
- 22 -
PC document backup support
1. Repair 2. Replace
3.Backup and Restore 4. Inspection
PC backup Reporting File Management
• HDD will be out together with PC when the PC needs repair
• Scheduled backup• Incremental backup
• Backup files online• Confirm integrity of backup files• Finally erase original files
ReportsBackup Management
If employee’s PC should be repaired outside, important files should be erased from his disks. And if you want to keep your local disk files safe from unexpected accidents also, you may backup your files to our backup server.
Secure Backup Server
2.Usual backup
1.Prevent data leak from re-pairing PC
Option
- 23 -
DiskLock – Why local disk should be controlled?
A senior researcher in Burton Group(which is a IT-related leading research firm) recommended that ‘Do not save files in employee’s devices to protect company data’.
mail, messengerboards, FTP Hard Disk
Devices includingUSB
Capacity Comparison
Local DiskUSB
Average 2~ 16 GBAverage 100~500 GB
Under Control
Printer
Devices Printer
messenger
network ? ControlLocalDisk
Option
- 24 -
DiskLock – Why DiskLock?
Items DiskLock Y of X company B of A company
Concept Controls applications Controls file extensions Controls applications
File extension change
Controlled Not Controlled Not Controlled
Application name change
Controlled Not Controlled Not Controlled
Additional options File size, … Nothing Nothing
Disk Types Local/Network/USB/CD*DVD
Local Local
WhiteList support Supported Not Supported Not Supported
BlackList support Supported Supported Supported
Application list Automatically gathered Admin input manually Admin input manually
Policy setting unit Application Category File extensions Application Name
Policies are applied to
Company/Team/Personal Company/Team/Per-sonal
Company only
System folder input Supported Supported Not Supported
Disklock is based on file system driver technology of NetID. We do not use only application name nor file-name but we use internal application information that we control disk IO perfectly.
Option
- 25 -
DiskLock – Application oriented policiesYou can set policies per applications. Even if application name or file extensions are changed by employ-ees, the policies are applied. You can set policies to Central ECM drives also.
Local(C:) USB Disk(F:) CD/DVD(G:) Network Disk(H:) CentralECM(X:)
Application Oriented Policies
•Allow List
•Allow Read
•Reject Write
•Reject Delete
•Allow List
•Allow Read
•Allow Write
•Allow Delete
•Allow List
•Reject Read
•Reject Write
•Reject Delete
Policy Item Policy Item Policy Item
•We do not care application name changes
•Allow List
•Reject Read
•Reject Write
•Reject Delete
Policy Item
Option
•We do not care application name changes
- 26 -
DiskLock – Document Centralization ModelOnly central storage disk is available for important applications like MS Office, CAD, and Adobe, ... You can also prevent file attachment by web mail, messenger, FTP client, and mail clients.
Option
LocalDisk
OnlineTemp.Disk
C-ECMDisk
Doc.ExportFolder
C-ECMApplications
Local DiskApplications
Online Temp. DiskApplications
Document ExportApplications
(Can be disabled) (Can be disabled)
e.g) Outlook, … e.g) IE, MSN, Outlook, …e.g) Office, CAD, Adobe
Disk/Folder Description
Online Temporary Disk It is a virtual drive which actually is a part of local disk. All files will be encrypted.
Document Export Folder Webmail and messenger programs may attach files from this folder only. Team manager approved files for attachment will be saved here.
- 27 -
DiskLock – Data Leak Prevention ModelAll applications are grouped into 2~3 groups so that data leak is prevented. Each group can use it’s related disk only.
Option
Items Description
Advantage No virus infection, No data leak by hacking. Documents are pro-tected perfectly by Disklock policies.
Disadvan-tage
An application can use only it’s related disk.
Notice MS Word and MS Powerpoint should belong to same group so that data leak by Copy&Paste is prevented.
LocalDisk
OnlineTemp.Disk
C-ECMDisk
Doc.ExportFolder
C-ECMApplications
Local DiskApplications
Online Temp. DiskApplications
Document ExportApplications
(Can be disabled) (Can be disabled)
e.g) Outlook, … e.g) IE, MSN, Outlook, …e.g) Office, CAD, Adobe
- 28 -
DiskLock - Document Export to DiskIf you need to take out for presentation or meeting, you can use the embedded document export workflows. Only approved documents can be exported to local disk.
Central ECM Server
Security Poli-cies
Basic
Sales Team
Offline Network
…
Take Out
Employee
Document export Request1
Approver for each teams
Approve/Reject2
Only approved folders,filesCan be exported
3
Encrypted Save Locally4
Option
X:\DOC_EXPORT\
Exported documents are copied
- 29 -
Document export using email, messenger, boards, FTP, … is controlled based on DiskLock. If you use this function, only approved documents can be exported via email, messenger, boards, …
2
3
4
Online export5
Local Disk(C:)
CD/DVD(F:)
USB(G:)
Network(G:)
CentralECM(X:)
Document exports are rejected1
X X:\DOC_EXPORT\
DiskLock - Document Export to Application
Central ECM Server
Employee
Approver for each teams
Document export Request
Approve/Reject
Only approved folders,filesCan be exported
Exported documents are copied
Security Poli-cies
Basic
Sales Team
Offline Network
…
Take Out
Option
- 30 -
DiskLock - Offline Temporary DiskIf network is disconnected abruptly, you still can go on your work using temporary drive in your local PC. If network gets back online, the local documents will be uploaded automatically.
Employee
Employee
X:\Share
Y:\Team
Z:\Personal
Sales TeamPolicy
Offline Network Policy
X:\Share
Y:\Team
Z:\Personal
Sales Team Pol-icy
Offline Net-work Policy
T:\Temporary
Network Disconnected
Policy load : including offline network policy1
: Offline Network Policy applied automatically
Automatic upload if network gets back4
2
Central ECM Server
Security Poli-cies
Basic
Sales Team
Offline Network
…
Take Out
Encrypted Save LocallyOn T:\ drive
3
Option
- 31 -
Ways of applying a variety of document centralization
We cooperate with virtual desktops of Citrix, VMWare and Microsoft to provide the best document man-agement environment. Also, we cooperate with PC security solutions to manage enterprise contents.
1
4
3
Recycled bin
2
File system driver connects remote storage as if it’s a local disk.
Virtual Machines
DLP Solution
PC VM PC Security
Network Booting
Terminal Server
Rules
Document Centralization (ECM)
: Personal: Team: Shared
- 32 -
Central ECM case for ‘O’ Corporation‘O’ is a company who already use EMC Documentum. Documentum has good functions like document cat-egorization and search. Nut, to encourages their employees to save their documents to the Central, they chose Central ECM.
NO DATA
Exported Notebook
Block Media
Local drive(C:)
Remote Drive(X:)
PowerPoint
Word
Excel
Hangul
……
AutoCAD
Corporate PC Environment
Central ECM Server
EMC Documentum
- 33 -
Shared information uti-lization
Taking over process
The possibility of document leak
TCO
ExpectationsIf you deploy document centralization solution, we provide convenience and security to activate employees to use this system. In the aspect of TCO, you may eliminate team file servers to save management cost and centralized documents will become the valuable asset of your company.
Restricted to the reg-istered documents
No standard process
High because they are under personal control
Cost for each teams Not a company asset yet
Personal Computer Team file server
Registered documents Centralized documents
Occurs according to the standard process
Low because they are controlled centrally
Cost for only a central serviceValuable company asset
Centralized content management server
TO BEAS IS
Document saving location
- 34 -
Customers in Korea, Japan and ChinaNew concept solution, Central ECM’s customers are vary across manufacturing, construction, pharmaceuti-cals, services, finance, education, public, etc. Some customers are from Japanese and china.
Domestic
Oversea
A signal ofnew enterprise content management!
Value up byDocument
Centralization
www.net-id.co.kr
Sang Leol [email protected]