Frequently Asked Questions
Find here the answers to the questions most frequently asked by the organizations interested in knowing more about csSECURE and the solutions it provides to the business challenge of Enterprise Rights Management.
- Why is csSECURE a different approach to information security?
- Traditionally security efforts are directed at physical infrastructures, network infrastructures and software/hardware systems. Although these obtain relevant achievements in increasing the security level of the information stored and in transit at the enterprise, they fail to be foolproof and do little or nothing on the information being used. csSECURE on the other hand deploys the infrastructure to protect information, through Asymmetric RSA 1024 encryption, and manages access to it regardless of its state (at-rest, in-transit, in-use) or location (within or outside the enterprise boundaries), based on the identity of the user requesting access.
- On what concepts is csSECURE based on?
- csSECURE functionality is based on the crossing of two basic principles. First, the information produced by the enterprise workers is subject to be classified with one security level, from a set of security levels defined centrally according to the enterprise security policy. Second, every user is assigned a security credential aligned with his role in the enterprise (ex: CEO, Developer, etc.), and that credential determines what rights the user has over the information classified with each of the centrally defined security marks. By crossing these two concepts csSECURE prevents access to each specific piece of information from anyone that does not have the appropriate credentials to do so. Even if the information crosses the boundaries of the enterprise it will remain protected from unauthorized access.
- How does csSECURE work?
- csSECURE is tightly integrated with common end-user productivity applications and ensures the enforcement of security policies immediately after the information is created, by requesting a security classification at document’s first save or when the e-mail is sent. Cryptographic encryption is immediately applied to the information and the appropriate security classification is added. Detailed rights on the information are enforced according to the centrally defined security policy by inhibiting end-user applications functionalities like copy&paste, editing, printing, exporting, forwarding and replying. See Demonstrations.
- What is Enterprise Rights Management (ERM)?
- Enterprise Rights Management (ERM), also known as Enterprise Digital Rights Management (E-DRM), derives from the concepts of commercial digital rights management where content owners control the usage of the digital content such as music and videos. For instance DRM protected mp3 song purchased by a user from iTunes could only be played by the same user for certain period of time. Even if shared with a third party, third party which would not be able to play the mp3 song. ERM consists in the application of the same concept to the information produced and used within the enterprise context.
- What security Technologies does csSECURE use?
- csSECURE uses Symmetric AES 128 as the encryption algorithm and asymmetric RSA 1024 to protect the symmetric encryption. Also csSECURE communications are performed through HTTPS (using SSL), all data from the server to the clients is digitally signed and all client to server communications are encrypted. Optionally, client authentication can use HSM (smart-cards/token), through Microsoft IIS.
- Do I have to replicate in csSECURE all my users and groups?
- No. csSECURE integrates with Microsoft Active Directory to import and synchronize user definitions. Groups can be used to simplify role management.
- Do I have to also manage a PKI system?
- No. csSECURE integrates with Microsoft Rights Management Service to manage all required configurations from csSECURE directly. Also, every reply by Microsoft Rights Management Service is verified by csSECURE to crosscheck the coherency of the rights with the csSECURE configuration, being that all discrepancies are prevented and logged. This behaviour prevents system administrators from bypassing csSECURE by changing the configuration of Microsoft Rights Management Service.
- How does csSECURE facilitate security audits?
- csSECURE logs all usage events centrally. Even the operations the user performs offline are stored locally and then uploaded when connection is re-established. Log on usage is accessible by the administrator role of csSECURE, simplifying the security audit process by centralizing all the security actions. Additionally csSECURE logs centrally all the administration activities and provides access to this information only to the user with the auditor role. This allows the administrator’s actions to be audited, and enforces role segregation for an improved organizational security.
- What if I find that a document has been misused?
- csSECURE provides the functionality to manage a Black List with the documents that have had its usage rights revoked. In the scenario that a specific document is found to have been misused, as a result of an audit for instance, the csSECURE administrator can prevent any form of access to that document, and when the situation is clarified and solved, the access can be re-established.
- How can I license csSECURE?
- csSECURE is composed of modular server and client components. Components are packaged as presented in the Products section. csSECURE licensing follows three vectors: Intensity of Use, measured by the number of users in the enterprise; Functionality, measured by the packages the enterprise wishes to use; and Scalability, measured by the number of csSECURE servers the enterprise wants to deploy. Licensing and the associated price are therefore tailored to the needs of each enterprise, avoiding paying for something that is not actually necessary. For details contact the csSECURE Team.
