運用版權管理服務實現文件控管稽核主講人:精誠公司恆逸教育訓練中心資深講師:張書源大綱•版權管理服務架構•版權管理服務的設定與部署•如何利用版權管理服務保護文件安全性TheU.S.DeptofJusticeestimatesthatintellectualpropertytheftcostenterprises$250billionin2004Lossofrevenue,marketcapitalization,andcompetitiveadvantageInformationLossisCostlyInformationloss–whetherviatheftoraccidentalleakage–iscostlyonseverallevelsLeakedexecutivee-mailscanbeembarrassingUnintendedforwardingofsensitiveinformationcanadverselyimpactthecompany’simageand/orcredibilityIncreasingregulation:SOX,HIPAA,GLBABringingacompanyintocompliancecanbecomplexandexpensiveNon-compliancecanleadtosignificantlegalfees,finesand/orsettlementsFinancialImage&CredibilityLegal&RegulatoryComplianceInformationleakageistop-of-mindwithBusinessDecisionMakers0%10%20%30%40%50%60%70%Lossofdigitalassets,restoredE-mailpiracyPasswordcompromiseLossofmobiledevicesUnintendedforwardingofe-mails20%22%22%35%36%63%“Aftervirusinfections,businessesreportunintendedforwardingofe-mailsandlossofmobiledevicesmorefrequentlythantheydoanyothersecuritybreach”JupiterResearchReport,2004VirusinfectionTraditionalsolutionsprotectinitialaccess…AccessControlListPerimeterTrustedNetworkAuthorizedUsersUnauthorizedUsersInformationLeakageUnauthorizedUsers…butnotongoingusageToday’spolicyexpression……lacksenforcementtoolsHowdoesRMSaddressthis?Supportsdevelopmentofrich,third-partysolutionsontopofRMSviatheRMSSoftwareDevelopmentKit(SDK)Providesflexibilitytointegratewithanenterprise’sexistinginternalapplicationsEncryptssensitivecontentProtectsinsideandoutsidethetrustednetworkProtectsduringandafterdeliveryAllowsorganizationstoestablishandapplycentrally-managedpoliciesAllowsorganizationstotracktheinformation’slifecycleSupportssmartcardauthenticationAugmentsExistingTechnologiestoProvidePersistentProtectionEnforcesOrganizationalPoliciesProvidesaplatformforvalue-addedsolutionsCommonUsageScenariosServer-sideScenariosRegulatorycompliance&IPprotectionSecurebusinessprocessautomationCentralcontrolofinformationprotectionClient-sideScenariosDo-not-forwarde-mailPersistentdocumentprotectionMixed-versionOfficeenvironmentsPlatformandManagementScenariosCentrallydefineandmanagepermissiontemplatesLogandauditwhohasaccessedrights-protectedinformationExtendRMSplatformtoapplyandenforcerightsprotectiononHTMLcontentviatheRightsManagementAdd-onforIE(RMA)UserswithoutOffice2003canviewrights-protectedfilesviaInternetExplorerDoesnotprovideauthoringcapabilityRightsManagementAdd-onforIE(RMA)ClientUsageScenariosReduceinternal/externalforwardingofconfidentialinformationKeepsensitivee-mailwhereitbelongsOutlook2003RequiresRMS+ControlaccesstosensitivecontentSetgranularpermissionsperuserDeterminelengthofaccessWord2003Excel2003PowerPoint2003CommunicateinaMixedVersionEnvironmentDo-Not-ForwardE-mailProtectSensitiveFilesImprovedconfidentialityGreatend-useradoptionduetointuitiveintegrationinOffice2003StrongplatformforextendedinformationprotectionsolutionsSensitiveexecutivee-mailsandinternalconfidentialdocumentsneededtobeprotectedforcompetitivereasonsTestedRMS/IRMforsixmonths,thenconductedpilotevaluationPositiveend-userfeedbackdroveafullrolloutofOffice2003plusRMSto19,000desktopsCaseStudy:SwisscomBenefitSituationSolution“TheintegrationofRMSwithOffice2003,combinedwiththeproduct’seaseofdeploymentandmanagement,makesiteasyforvirtuallyallofSwisscom’semployeestokeeptheircriticaldocumentsandinformationsafe–withouthavingtolearnacumbersomesetofnewtechnologies.”HeinzSchärMemberofManagementSwisscomITServicesAGServerUsageScenariosExtendsprotectiontomanagedcontentstoredbydocumentandrecordsmanagementsolutionsEnablesarchivalofRMS-protectede-mailsProtectedcontentcanbesecurelyindexedandsearchedEnablesworkflowenginestoextendinformationprotectiontobusinessprocessautomationAppliesrightsprotectioninacentralizedwayEnablescontentinspectiongatewaystoinspectRMS-protectedcontentandapplyRMS-protectioncentrallyEnablesISVstodevelopserver-basedsolutionsEnableRegulatoryCompliance&IPProtectionSecureBusinessProcessAutomationControlInformationProtectionCentrallyWindowsRMSWorkflowInformationAuthorTheRecipientRMSServerSQLServerActiveDirectory23452.Authordefinesasetofusagerightsandrulesfortheirfile;Applicationcreatesa“publishinglicense”andencryptsthefile3.Authordistributesfile4.Recipientclicksfiletoopen,theapplicationcallstotheRMSserverwhichvalidatestheuserandissuesa“uselicense”5.Applicationrendersfileandenforcesrights1.Authorreceivesanidentitycertificatethefirsttimetheyrights-protectinformation1HowdoesRMSwork?1.Usertriestopublishorconsumecontent2.ApplicationcallsintoRMSClienttocreateanewsession1.Usertriestopublishorconsumecontent1.Usertriestopublishorconsumecontent2.ApplicationcallsintoRMSClienttocreateanewsessionMachineActivation3.RMSClientstartsbootstrappingprocess…MachineActivationa.RMSClientgenerates1024-bitRSAkeypairb.PrivatekeysecuredbyCAPIc.Publickeystoredinsecurityprocessorcertificate(SPC)d.SPCsignedbyclienta.RMSClientgenerates1024-bitRSAkeypairb.PrivatekeysecuredbyCAPIc.Publickeystoredinsecurityprocessorcertificate(SPC)d.SPCsignedbyclientMachineActivationb.Privat