Está en la página 1de 6

Secospace DSM

Secospace DSM
Secospace DSM

Product Overview
Data security is a key concern these days. Enterprises store DSM provides an authorization mechanism, through which
confidential data in electronic format, which is susceptible to authors can share confidential information while retaining full
theft in many ways. How can data confidentiality and integrity control. It enables information owners to record all actions
be ensured? In open network environments, it is especially related to the document, and decide who can access its
easy for confidential data to be disclosed by employees or information, and how and when the document can be used.
hacked. It may lead to unpredictable consequences, such as Wherever a document is forwarded, internally or externally,
the illegal access and distribution of sensitive customer data, access permission is always attached so the document owner
financial statements, and product specifications, which finally can maintain permission control. This protects information
cause damage to the corporation’s reputation and business. and prevents the costs associated with the loss of sensitive
Huawei Symantec Secospace Document Security Management information. The system’s high stability, reliability and scalability
(DSM) system is a power ful and easy-to-use software allow it to be easily integrated with current systems.
application for document permission management. The

Product Functions

DMC: DSM center

DS: DSM server
DC: DSM client


Document protection Access control

Author Reader
Document distribution

Major functions:
•• Prevention of disclosure of confidential information •• Powerful document permission control
Disclosure caused by hacker intrusion, employee behavior Limiting when, how, and by whom information can be
(downloading through the Internet, email attachments, or accessed guarantees secure and reliable information
FTP), and loss of a storage medium (CD, USB stick, or disk) sharing among departments, partners, and customers.
is prevented through transparent encryption technology Real-time permission control can dynamically change or
based on the file filtering driver. Even if data is copied or withdraw permissions.
stolen illegally, the hacker only receives the encrypted text. •• Strong user management
Secospace DSM

Synchronizing user accounts and groups with Microsoft •• Comprehensive log audit
Active Directory and Novell eDirectory works with cross- Tracking all actions and recording operation logs in strict
system document authorization and user roaming to compliance with security policies provide evidence of
secure documents anytime, anywhere. information disclosure.

Product Features
Strong encryption to secure documents request for permission, granting permission to the user is

•• The industry-leading 128-bit AES transparent encryption as easy as clicking the authorization link.

technology based on IFS is adopted, which speeds up

encryption and decryption and ensures high reliability and Perfect permission control
security. •• Read-only, modify, copy, and full control.
•• Keys are separated from content. Keys and permissions are •• Distribution — allows users to decide whether document
stored on the server; encrypted content is stored on the recipients can grant permissions to others.
client; furthermore, content is always encrypted. The server •• Print — allows printing of hard copies (supports dynamic
does not exchange contents with the client. The secure watermarking: setting watermark fields, including time,
connection set up through HTTPS transmits only IDs, keys user information, and IP address; defining watermark
and permissions, which maximizes system security. format).
•• The encryption and decryption processes are forcibly •• Offline usage — allows the safe use of document offline.
transparent to users. The processes are easy to use, without •• Permission validity period — allows users to use the
any key management. Users do not need to change usage document in the validity period. The document expires
habits. automatically after the validity period.
•• Periodic time control — allows users to access the

Dynamic access control to persistently document at a specified time.

protect documents •• Limit times of print/read-only — allows users to print and

•• Access permission is always attached to the information read the document for specified times.

wherever it is stored or transmitted. The persistent control

mechanism for document permissions is adopted. Group policy and policy template for unified
Document owners can dynamically change or withdraw management of document permissions
user permissions. Permission information is sent to the •• Global group policy: The system administrator can log in
DSM server in real time and permission configurations are to the management center to define the global group
effective immediately. policy, and set access permission for a group. Thus, unified
•• Only authorized users can access confidential documents. management on the global system is achieved.
Thus documents are always protected during storage and •• Local system group policy: The system administrator can
transmission. log in to the DSM server to define the local system group
•• Document recipients can apply for access permission policy, and set access permission for a group. Thus, unified
through email. When the document owner receives a management on the local system is achieved.
Secospace DSM

•• Client policy template: During authorization, a user can High reliability, scalability and performance
save current permission for a file as a template, which •• Highly reliable: supports dual-system hot backup of
facilitates repeated applications. databases. The server supports load balancing and key
backup and recovery.
Various document formats to fulfill different •• Highly scalable: provides API interfaces for third-party
requirements applications to encrypt documents, set and modify
•• MS Office 2003 (SP3 or later versions), 2007 permissions, and meet the requirements of enterprises for
•• Adobe Reader 7.0, 8.0, and 9.0 application encryption and authorization, such as Lotus

Integration with directory and authentication •• The DSM supports both centralized networking of a single

infrastructure system and also distributed networking among several

•• Synchronizing user accounts and groups with Microsoft sets of systems, providing easy implementation and

Active Directory and Novell eDirectory. deployment.

•• Cross-system authorization and user roaming ensures

document sharing anytime and anywhere. The secondary Visual user interfaces to reduce
server user is allowed to grant the document permission to administrative efforts
another server user or group in the same system. The user •• It is easy to use the client to encrypt documents and
can access the remote server and then access and encrypt authorize users, including encrypting a single document or
documents. directly encrypting a folder.
•• Users can also use the Web UI to encrypt documents and

Comprehensive log audit authorize users. If the user receives requests from other

•• Logging all actions including creating, reading, modifying, users, the user can log in to the Web UI to authorize or

and printing documents. deny permissions.

•• Logging all offline documents.

Product Specifications
The Secospace DSM system consists of a DSM server, a DSM management center, and a DSM client.

Component Description

Software: processes requests of terminal users, authorizes and authenticates document users, encrypts and
DSM server decrypts documents, and audits logs. Document permissions and keys are stored and managed in a unified

Software: the primary layer of the DSM. It is the server managing the entire system. It controls the access of
secondary servers.
DSM management center
The DSM management center provides the functions of synchronizing users, user management, alarm
management, server management, and policy management.

Software: encrypts client documents, controls document permissions, and offers offline reading and
DSM client
document recovery.
Secospace DSM

Typical Networking

DMC: DSM center DMC System administrator

DS: DSM server
DC: DSM client

Core network



Province A Province B
Secospace DSM

Secospace DSM

The information contained in this document is for reference purpose only, do not constitute the warranty of any kind, experss or implied. It is
subject to change or withdrawal according to specific customer requirements and conditions.
All the trademarks, pictures, and brands mentioned in this document are the property of Huawei Symantec Technologies Co., Ltd or their
respective holders.

Copyright ©2010 Huawei Symantec Technologies Co., Ltd. All rights reserved.

Version No.: M3-110019999-20100120-V-1.0