Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNCLASSIFIED Matthew Bruce, Senior Solutions Consultant, Adobe Using Logic, Strategy, and DRM to Protect and Manage Content.

Published byAllison Simmons Modified over 7 years ago

Similar presentations

Presentation on theme: "UNCLASSIFIED Matthew Bruce, Senior Solutions Consultant, Adobe Using Logic, Strategy, and DRM to Protect and Manage Content."— Presentation transcript:

1 UNCLASSIFIED Matthew Bruce, Senior Solutions Consultant, Adobe Using Logic, Strategy, and DRM to Protect and Manage Content

2 UNCLASSIFIED Agenda  Introduction  Digital Rights Management: Authentication / Authorization / Auditing  Why does DRM exist? …a brief history.  How does DRM Work?  Insider Threats / Hackers / Data Leakage and Spillage  Snowden and Manning  OPM Data Breach  AshleyMadison.com  Misuse of Sensitive Materials  Applying DRM  Conclusion

3 UNCLASSIFIED Introduction: Matthew Bruce  Solutions Consultant at Adobe Systems  20+ Years in DoD:  Intelligence Community (NSA, DIA)  DoD (Pentagon, DISA)  Army.mil, BrainLine.org, IASE.Disa.mil  SIGINT Analyst / CryptaAnalyst, US Army

4 UNCLASSIFIED Why does DRM exist? …a brief history. Digital Millennium Copyright Act (DMCA) Music Industry Movie Industry Gaming Industry

5 UNCLASSIFIED ACL Digital Rights Management: Authentication / Authorization / Auditing CMS Shared Drive File System Data Repository Websites Email Media Storage Print Download Email Server Dedicated Networks Safes Mobile Screen Capture

6 UNCLASSIFIED Digital Rights Management: Authentication / Authorization / Auditing DRM: A set of technologies to protect and control content/data at rest and in motion. Document ID & Authenticated User  Read  Print  Modify  Validity Period  Accessibility  Revoke  Sign  Offline  Copy DRM Solution / System

7 UNCLASSIFIED Digital Rights Management: Authentication / Authorization / Auditing  Prove you are who you say you are:  PKI- CAC/PIV  LDAP/Active Directory  SSO  SAML  Kerberos  User Name Password  Invited User  Anonymous  Tie into Identity Manager

8 UNCLASSIFIED Digital Rights Management: Authentication / Authorization / Auditing  A DRM Server acts as a Policy Enforcement Point (PEP) and the Policy Decision Point (PDP)  Can pull from other services to determine authorization:  External Authorization Provider  Active Directory  Webservices  Database Lookup  A DRM server can act as the PEP and connect with an External Authorization Service Provider as the PDP Dynamically controlled by server One policy per document Can use external authorization provider Revocation: Policy level Document level Policy Uses: 1.Protection 2.Version Control 3.Tracking Only 4.Time-based Dynamically controlled by server One policy per document Can use external authorization provider Revocation: Policy level Document level Policy Uses: 1.Protection 2.Version Control 3.Tracking Only 4.Time-based

9 UNCLASSIFIED Digital Rights Management: Authentication / Authorization / Auditing

10 UNCLASSIFIED PKI User ID Employee # LDAP/AD Documents Downloads Emails Portals Devices NOUN (Notification Of Unusual Nuances) TimeUserEventPlace 07:001234TabletDC 08:001234TurnstileDC 08:151234LoginDC 08:301234Doc openOCONUS 08:311234Doc printOCONUS #events=50 Distance=far Credential=low assurance 3 As | Auditing: Correlation—Continuous Monitoring PEOPLE THINGS PLACES Rooms & Buildings IP address Subnets GeoIP

11 UNCLASSIFIED Insider Threats / Hackers / Data Leakage and Spillage Insider Threats: Snowden and Manning Both had access to sensitive content Both intentionally stole and distributed sensitive content Both had clearances Uncontrolled distribution of content is on-going… Repercussions are on-going…

12 UNCLASSIFIED Insider Threats / Hackers / Data Leakage and Spillage Hackers: OPM Data Breach Content not protected or encrypted Once content was stolen, no control over content Uncontrolled distribution of content is on-going… Repercussions are on-going…

13 UNCLASSIFIED Insider Threats / Hackers / Data Leakage and Spillage Hackers: AshleyMadison.com Content not protected or encrypted Once content was stolen, no control over content Uncontrolled distribution of content is on-going… Repercussions are on-going…

14 UNCLASSIFIED Insider Threats / Hackers / Data Leakage and Spillage General Misuse of Sensitive Content Content Leakage not intentional Misunderstood policy and common work-arounds Content not protected or encrypted Once content is stolen, no control over content Uncontrolled distribution of content is on-going… Repercussions are on-going…

15 UNCLASSIFIED Insider Threats / Hackers / Data Leakage and Spillage Network / System Security Content / Data at rest and in motion Security

16 UNCLASSIFIED Applying DRM: Evaluation Guide for Protection & Monitoring Recommended features to consider: Strong FIPS140 Suite B encryption (AES256) Cross-platform (Windows, Mac, iOS, Android) Multi-format (PDF, Office, CAD, custom) Ubiquitous Client Dynamic policy (change after publishing, including revocation) Continuous monitoring (advanced auditing) Automation ready (bulk automated encryption) Customization ready (client SDK, Server SPIs) Strong authentication sources (multi-domain LDAP, AD, SSO, PKI) Cloud-friendly (private and FedRAMP managed service)

17 UNCLASSIFIED Conclusion  Digital Rights Management: Authentication / Authorization / Auditing  Why does DRM exist? …a brief history.  How does DRM Work?  Insider Threats / Hackers / Data Leakage and Spillage  Snowden and Manning  OPM Data Breach  AshleyMadison.com  Misuse of Sensitive Materials  Applying DRM

Download ppt "UNCLASSIFIED Matthew Bruce, Senior Solutions Consultant, Adobe Using Logic, Strategy, and DRM to Protect and Manage Content."

Similar presentations

2011 NetIS Presentation The Complete ePublishing Platform Designed for the 21 st Century.

2011 NetIS Presentation The Complete ePublishing Platform Designed for the 21 st Century.
Symantec App Center 1 Silvester Drobnič

Symantec App Center 1 Silvester Drobnič
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant

The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant
Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Secure Lync mobile Authentication

Secure Lync mobile Authentication
Meraki Mobile Device Management

Meraki Mobile Device Management
2010/2011 NetIS™ Presentation The Complete ePublishing Platform Designed for the 21 st Century.

2010/2011 NetIS™ Presentation The Complete ePublishing Platform Designed for the 21 st Century.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Digital Rights Management © Knowledge Books & Software, 2012.

Digital Rights Management © Knowledge Books & Software, 2012.
Persistent Protection Using E-DRM Technology Jason Fasoo 06/18/2008.

Persistent Protection Using E-DRM Technology Jason Fasoo 06/18/2008.
Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)

Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Understanding Active Directory

Understanding Active Directory
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
1 © Copyright 2007 EMC Corporation. All rights reserved. EMC Documentum Information Rights Management EMC Content Management and Archiving.

1 © Copyright 2007 EMC Corporation. All rights reserved. EMC Documentum Information Rights Management EMC Content Management and Archiving.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Similar presentations

Ads by Google