Author Archive: jcarione

Rights Management as a Service?

R-MaaS: Rights Management as a service?

I participated in a panel session this week at the Cloud Computing Summit in Washington D.C. sponsored by the 1105 Government Information Group. Over the course of the day, there was a healthy debate being waged about exactly when and how government agencies should deploy cloud applications. Some postulated that the cloud was merely a marketing term for hosted services that had been around for years, while others believed that significant technology advances such as virtualization make today’s cloud computing deployments something altogether different and more valuable. One area that lacked any debate was that the number one area of concern for both commercial and government customers regarding cloud deployments is security. Part of this debate focuses on whether or not applications that housed PII or other highly sensitive information should ever be deployed in a cloud infrastructure due to the assumed lack of control. This topic triggered some thoughts about another way security and the cloud are coming together quickly today: deploying Enterprise security software in the cloud as a managed service.

Perhaps we’ll coin the term R-MaaS for now, Rights Management As A Service. There are many layers of security that needs to be built into a cloud infrastructure, from physical security, to access controls, firewalls, and even encryption for archived data at rest. But this concept is using the power of the cloud to actually deploy security tools such as LiveCycle Rights Management, which provides persistent document protection regardless of whether the recipient is internal or ecternal to the organization, regardless of the document type (PDF, CAD, or Microsoft Office) and regardless of where the documents ultimately travel (at rest in storage or file systems, in motion over email or to the web, or in use on laptops or removable media devices). LiveCycle Rights Management as a Managed Service has already garnered a lot of interest as all of the features available on premise are also available in the cloud. This includes the ability to protect documents both inside and outside the firewall via free, widely available Adobe Reader for PDF, support for strong user authentication including VPN access for internal employees and a variety of PKI based authentication mechanisms for identity federation across organizations. As well as the ability to expire or dynamically revoke documents, link users automatically to the latest versions, or even provide anonymous access to particular documents as a way to track how documents are being consumed.

Some of these capabilities customers have been using since 2003, but now in 2010, we have added this new deployment option that not only brings rights management to the cloud, it’s actually rights management in the cloud. LiveCycle Managed Services is our new cloud deployment option for LiveCycle that allows customers to deploy software in a simple annual subscription pricing model that includes all hardware, software, maintenance, upgrades, and 24/7 monitoring of the system. We still work with a customer’s internal IT and security resources to help build out the appropriate security policies, but the mundane tasks of maintenance and upgrades are performed by Adobe. Besides all the benefits that come with a fully managed service, deployments times can be accelerated from weeks down to a couple of days or less. This allows you to get the application up and protecting documents quickly for the business without the costly delays associated with approvals, hardware and software procurement, and installation.

Now getting back to the original concerns at this week’s conference about relinquishing control of sensitive information to the cloud…. Where LiveCycle Rights Management deployed as a Managed Service circumvents these objections is through an elegant architecture that is absent the need to ever house sensitive documents in the cloud itself. In fact, only the document policies and associated keys are stored in the cloud, the documents remain in the organization’s datacenter, within their control. Keys are passed back and forth from the Rights Management server sitting in the cloud to allow user access based on the document policies. So what started as an interesting philosophical discussion about whether or not applications which transact sensitive information should leverage a cloud computing architecture, ends with the notion that some of these concerns can actually be mitigated by none other than, the cloud.

Announcing the McAfee Data Protection Suite for Rights Management

Today McAfee announced the availability of a new joint offering with Adobe called the McAfee Data Protection Suite for Rights Management. This joint solution combines the classification capabilities from McAfee’s Host Data Loss Prevention (DLP) product with persistent protection from LiveCycle Rights Management ES. The joint value proposition allows customers to discover and classify sensitive information on laptops or desktops and automatically and proactively protect it from a single, uniform policy. This will significantly reduce the cost, complexity, and risk associated with sensitive IP and compliance information located on endpoints throughout the enterprise.

This is the result of a global alliance partnership between Adobe and McAfee, previously announced September 28, 2009 aimed at offering more comprehensive security to our Enterprise customers.

Learn more about the new offering available now from McAfee here. Please contact your local McAfee or Adobe sales representative for more in depth information or to schedule a demo of the solution.

Join Adobe at the 2009 RSA Conference!

The 2009 edition of the RSA Conference is right around the corner, but it’s still not too late to join us. This year’s conference will be held at the Moscone Center in downtown San Francisco from April 20 through April 24th, 2009. Register here and learn about all the great sessions, speaking engagements, and events planned for the week.

We are excited to announce that this year we will be participating as a co-host in the Arcot Systems booth. Arcot is a leader in protecting and verifying digital identities. Financial institutions, pharmaceutical companies, and eShopping sites rely on the company’s software-only solutions to prevent online fraud and identity theft.

On the show floor, we will be offering demos for Adobe’s Electronic Signature offerings as well as LiveCycle Rights Management ES, so please stop by the Adobe pod within the Arcot booth! Also, please don’t forget to check out John Landwehr, Director of Security Solutions and Strategy, at Adobe, for a lively panel discussion on Cloud Computing.

We look forward to meeting you!

Arcot is part of Adobe’s Security Partner Community, a growing ecosystem of ISV and solutions partners that allow Adobe to offer best of breed security offerings for our customers.

Click here to visit the Arcot website.

Adobe Secured Customer Showcase: Castilla-La Mancha Community Council

Castilla-La Mancha, a Spanish community government is using Adobe LiveCycle to streamline and secure their complex document management and review process for the executive office and community council. Specifically, the organization uses Adobe Acrobat Pro and Adobe Reader software for the development and review of the documentation, and Adobe LiveCycle Rights Management ES software to apply the maximum level of security to control access to the documents.

The secure documents can be accessed online using a web browser via JCCM’s intranet or offline. Updated authorization is required for both methods of access, providing the system with complete traceability of its use, which in the case of printing consists of a watermark. Downloads are completely controlled, identifying each user, and preventing the document from being opened on a computer where it was not originally downloaded. An expiration date is also applied for each document’s use.

Click here for the full story.

Adobe Secured Customer Showcase: Young Conaway Stargatt & Taylor, LLP

Click here to read about how this technology-savvy law firm improves operations, safeguards sensitive content, and builds stronger cases using Adobe® Acrobat® 9 software.

Using Acrobat, Young Conaway’s staff can go beyond the preservation of confidentiality. They can redact sensitive case information quickly and apply passwords and digital signatures to documents for added security. “We need to control who accesses documents and give people the assurance that the materials they receive have not been altered,” explains DiBianca. “With Acrobat, we can put controls on PDF files to limit access to information and restrict copying of data from files.”

Adobe Secured Customer Showcase: Australian Government Department of Health and Ageing

Read about how Adobe LiveCycle RIghts Management ES is helping the Australian government secure forms in an automated process for collecting information from individuals participating in a National Bowel Cancer Screening Program.

“Today, doctors can download a form from the cancer screening website, complete the form on their computers and submit the completed form to the National Bowel Cancer Screening Program Register via a secure electronic process.”

Click here for the full story and additional ROI statistics.

Adobe Secured Customer Showcase: Antwerp Port Authority

The Antwerp Port Authority manages Europe’s second biggest port and is guided by the European Directive on Invoicing (EC / 115 / 201) to ensure member states implement electronic invoicing as part of the value added tax (VAT) legislation. The tax rule requires that each supplier guarantee the authenticity of origin and integrity of the content for invoices they create and ultimately archive for compliance.

To meet these requirements, Adobe LiveCycle ES has been deployed in conjunction with Globalsign certificates to ensure that PDF invoices are digitally certified to cryptographically bind the identity of the certifying party to the invoice itself. Users can then open the invoices using the free Adobe Reader and document authenticity and integrity automatically to detect whether the contents have been altered after certification.

By applying digital signatures, Antwerp Port Authority was able to quickly automate invoicing processes, thereby streamlining workflow, lowering costs, and meeting the mandatory European directives for compliance. The entire process is packaged into a seamless solution via the Adobe Certified Document Services (CDS) platform.

Read more about Antwerp Port Authority’s successful implementation of Digital Signatures here.

Register Now for a joint Adobe Security eSeminar with special guest Forrester Research

Event Details:

Please join Adobe and Forrester Research on February 10th at 2pm EST as we attempt to help you address the always difficult question “Is your company’s data safe?”.

To succeed in today’s global economy, companies face intense pressure to produce and deliver better products and services to the market faster and more efficiently. Accordingly, sensitive information needs to be exchanged efficiently and securely to partners and suppliers across industries and geographies with diverse regulatory requirements.

Join Adobe’s John Carione, and special guest Jonathan Penn, Analyst at Forrester Research, to learn how to be proactive and systematic in reducing the risk of Data Loss in your environment. Jonathan will discuss best practices in data security, trends in the industry, and examine the inherent strengths of today’s data protection solutions and how they relate to a customer’s underlying business drivers. John will then address how Adobe customers are using Rights Management technology to protect sensitive information assets as they flow inside the Enterprise and beyond. He will also discuss the need for persistent document enforcement as a vital extension to any Enterprise classification project.
Attendees will learn how to:

• Proactively protect and control sensitive information
• Deliver best practices around data protection
• Understand the importance of Rights Management in any Enterprise Security strategy

Speakers:
John Carione
Senior Product Marketing Manager, LiveCycle

Jonathan Penn
Analyst, Forrester Research

Event Schedule:
Tuesday, February 10, 2009 at 2PM EST (11AM PST)

Register Now here

Adobe Secured Customer Showcase: Dr. Robert Wood Dentistry

Read this recent story here in the Joplin Globe about how the Dr. Robert Wood Dentistry practice has transformed itself into a paperless office using Adobe Acrobat Electronic Signatures.

From the article, “Robin Wood can bring up a prescription, sign it electronically, send it directly to a pharmacy’s fax machine, then electronically attach it to the patient’s file. She receives an electronic confirmation via e-mail that the pharmacy received it. ”

Adobe Secured Customer Showcase: Argentina National Social Security Administration (ANSES)

Read about how the Argentina National Social Security Administration is using Adobe LiveCycle Rights Management ES along with forms based Digital Signatures to secure digital forms in its Systems and Telecommunications Management department. The Adobe security solution ensures confidentiality and integrity for sensitive operational data within the agency and external client information.

Managers use the solution to sign formal regulations in a forms workflow that is routed back to a supervisor for final signature and timestamping. Depending on the type of services being initiatiated within the form itself, Adobe LiveCycle Rights Management then applies the appropriate controls based on a particular security policy.

Read more about this customer here.