Secospace DSM

Secospace DSM
Secospace DSM
Product Overview
Data security is a key concern these days. Enterprises store
confidential data in electronic format, which is susceptible to
theft in many ways. How can data confidentiality and integrity
be ensured? In open network environments, it is especially
easy for confidential data to be disclosed by employees or
hacked. It may lead to unpredictable consequences, such as
the illegal access and distribution of sensitive customer data,
financial statements, and product specifications, which finally
cause damage to the corporation’s reputation and business.
Huawei Symantec Secospace Document Security Management
(DSM) system is a power ful and easy-to-use software
application for document permission management. The
Product Functions
DMC
DS
Document protection
DC1
Author
Document distribution
Major functions:
•• Prevention of disclosure of confidential information
Disclosure caused by hacker intrusion, employee behavior
(downloading through the Internet, email attachments, or
FTP), and loss of a storage medium (CD, USB stick, or disk)
is prevented through transparent encryption technology
based on the file filtering driver. Even if data is copied or
stolen illegally, the hacker only receives the encrypted text.
DSM provides an authorization mechanism, through which
authors can share confidential information while retaining full
control. It enables information owners to record all actions
related to the document, and decide who can access its
information, and how and when the document can be used.
Wherever a document is forwarded, internally or externally,
access permission is always attached so the document owner
can maintain permission control. This protects information
and prevents the costs associated with the loss of sensitive
information. The system’s high stability, reliability and scalability
allow it to be easily integrated with current systems.
DMC: DSM center
DS: DSM server
DC: DSM client
Access control
DC2
Reader
•• Powerful document permission control
Limiting when, how, and by whom information can be
accessed guarantees secure and reliable information
sharing among departments, partners, and customers.
Real-time permission control can dynamically change or
withdraw permissions.
•• Strong user management
Secospace DSM
Synchronizing user accounts and groups with Microsoft
Active Directory and Novell eDirectory works with cross-
system document authorization and user roaming to
secure documents anytime, anywhere.
Product Features
Strong encryption to secure documents
•• The industry-leading 128-bit AES transparent encryption
technology based on IFS is adopted, which speeds up
encryption and decryption and ensures high reliability and
security.
•• Keys are separated from content. Keys and permissions are
stored on the server; encrypted content is stored on the
client; furthermore, content is always encrypted. The server
does not exchange contents with the client. The secure
connection set up through HTTPS transmits only IDs, keys
and permissions, which maximizes system security.
•• The encryption and decryption processes are forcibly
transparent to users. The processes are easy to use, without
any key management. Users do not need to change usage
habits.
Dynamic access control to persistently
protect documents
•• Access permission is always attached to the information
wherever it is stored or transmitted. The persistent control
mechanism for document permissions is adopted.
Document owners can dynamically change or withdraw
user permissions. Permission information is sent to the
DSM server in real time and permission configurations are
effective immediately.
•• Only authorized users can access confidential documents.
Thus documents are always protected during storage and
transmission.
•• Document recipients can apply for access permission
through email. When the document owner receives a
•• Comprehensive log audit
Tracking all actions and recording operation logs in strict
compliance with security policies provide evidence of
information disclosure.
request for permission, granting permission to the user is
as easy as clicking the authorization link.
Perfect permission control
•• Read-only, modify, copy, and full control.
•• Distribution — allows users to decide whether document
recipients can grant permissions to others.
•• Print — allows printing of hard copies (supports dynamic
watermarking: setting watermark fields, including time,
user information, and IP address; defining watermark
format).
•• Offline usage — allows the safe use of document offline.
•• Permission validity period — allows users to use the
document in the validity period. The document expires
automatically after the validity period.
•• Periodic time control — allows users to access the
document at a specified time.
•• Limit times of print/read-only — allows users to print and
read the document for specified times.
Group policy and policy template for unified
management of document permissions
•• Global group policy: The system administrator can log in
to the management center to define the global group
policy, and set access permission for a group. Thus, unified
management on the global system is achieved.
•• Local system group policy: The system administrator can
log in to the DSM server to define the local system group
policy, and set access permission for a group. Thus, unified
management on the local system is achieved.
Secospace DSM

•• Client policy template: During authorization, a user can
save current permission for a file as a template, which
facilitates repeated applications.
Various document formats to fulfill different
requirements
•• MS Office 2003 (SP3 or later versions), 2007
•• Adobe Reader 7.0, 8.0, and 9.0
High reliability, scalability and performance
•• Highly reliable: supports dual-system hot backup of
databases. The server supports load balancing and key
backup and recovery.
•• Highly scalable: provides API interfaces for third-party
applications to encrypt documents, set and modify
permissions, and meet the requirements of enterprises for
application encryption and authorization, such as Lotus
Notes.

Integration with directory and authentication •• The DSM supports both centralized networking of a single

infrastructure system and also distributed networking among several

•• Synchronizing user accounts and groups with Microsoft sets of systems, providing easy implementation and

Active Directory and Novell eDirectory. deployment.

•• Cross-system authorization and user roaming ensures

document sharing anytime and anywhere. The secondary
server user is allowed to grant the document permission to
another server user or group in the same system. The user
can access the remote server and then access and encrypt
documents.
Visual user interfaces to reduce
administrative efforts
•• It is easy to use the client to encrypt documents and
authorize users, including encrypting a single document or
directly encrypting a folder.
•• Users can also use the Web UI to encrypt documents and

Comprehensive log audit authorize users. If the user receives requests from other

•• Logging all actions including creating, reading, modifying, users, the user can log in to the Web UI to authorize or

and printing documents. deny permissions.

•• Logging all offline documents.

Product Specifications
The Secospace DSM system consists of a DSM server, a DSM management center, and a DSM client.

Component Description

Software: processes requests of terminal users, authorizes and authenticates document users, encrypts and
DSM server decrypts documents, and audits logs. Document permissions and keys are stored and managed in a unified
manner.

Software: the primary layer of the DSM. It is the server managing the entire system. It controls the access of
secondary servers.
DSM management center
The DSM management center provides the functions of synchronizing users, user management, alarm
management, server management, and policy management.

Software: encrypts client documents, controls document permissions, and offers offline reading and
DSM client
document recovery.
Secospace DSM

Typical Networking

DMC: DSM center DMC System administrator

DS: DSM server
DC: DSM client

Core network

DS1 DS2

DC DC

Province A Province B
Secospace DSM

Secospace DSM

The information contained in this document is for reference purpose only, do not constitute the warranty of any kind, experss or implied. It is
subject to change or withdrawal according to specific customer requirements and conditions.
All the trademarks, pictures, and brands mentioned in this document are the property of Huawei Symantec Technologies Co., Ltd or their
respective holders.

Copyright ©2010 Huawei Symantec Technologies Co., Ltd. All rights reserved.

Version No.: M3-110019999-20100120-V-1.0