Case Study: ERM Deployment @ KTF Hyung Yong Kim IT Security Manager at KTF
Jan 13, 2016
Case Study: ERM Deployment@ KTF
Hyung Yong KimIT Security Manager at KTF
2
• About KTFAbout KTF
• BackgroundBackground
• ProcurementProcurement
• DeploymentDeployment
• Expectation and Expectation and
ConsiderationConsideration
Contents
3
1. About KTF
WCDMA Market Leader in Korea (6M Subscribers)WCDMA Market Leader in Korea (6M Subscribers)2008.052008.05
Creating a new future lifestyle, The world best ICET Company, KTF
First Korean Mobile Telecom to receive ISO 27001 CertificationFirst Korean Mobile Telecom to receive ISO 27001 Certification2007.102007.10
Launched a nationwide HSDPA service (First in the World)Launched a nationwide HSDPA service (First in the World)2007.032007.03
Strategic partnership with NTT DoCoMo for business collaboration and capital cooperationStrategic partnership with NTT DoCoMo for business collaboration and capital cooperation2005.122005.12
Winner of the “Grand Prix of Korean Customer Satisfaction AwardWinner of the “Grand Prix of Korean Customer Satisfaction Award2007.112007.11
Partnered with VIBO Telecom in Taiwan Partnered with VIBO Telecom in Taiwan 2004.082004.08
MOU with Microsoft, HP and Intel on joint development and global marketing of mobile internet productMOU with Microsoft, HP and Intel on joint development and global marketing of mobile internet product2003.062003.06
Broadcasted live games of World Cup soccer tournament via cell phoneBroadcasted live games of World Cup soccer tournament via cell phone2002.052002.05
Introduction of commercialized CDMA 2000 1x serviceIntroduction of commercialized CDMA 2000 1x service2001.052001.05
Guinness World Records (the most subscribers in the shortest time)Guinness World Records (the most subscribers in the shortest time)2000.042000.04
Founded as Korea Telecom FreetelFounded as Korea Telecom Freetel1997.011997.01
Vision & Strategic Theme
History
Management Philosophy
Ethic management6 SigmaGood Time managementDesign management
Create a far-reaching partnership with customers through the concept of a “Personal Life Hub” to be the world’s top ICET corporation
Create a far-reaching partnership with customers through the concept of a “Personal Life Hub” to be the world’s top ICET corporation
Lead market through innovationLead market through innovation
Creation of a new future lifestyleCreation of a new future lifestyle
Strive to become a global corporationStrive to become a global corporation
4
2. Background
Complying with regulatory compliance and Prevent loss of digital asset
RegulatoryComplianceRegulatoryCompliance Compliance by lawCompliance by law
• Access control system• Data encryption• New policy to empower security infrastructure
• Access control system• Data encryption• New policy to empower security infrastructure
SecurityLevel@ KTF
SecurityLevel@ KTF
• Access control system• Managing application
systems
• Access control system• Managing application
systems
GOOD
• Insufficiency of information security process• lack of document control• Insufficiency of information security process• lack of document control
BAD
Leakage ofconfidencial information
Leakage ofconfidencial information
• Lack of awareness in information security
• No procedure to verifying security policy
• Lack of awareness in information security
• No procedure to verifying security policy
• Continuous Information Leakage - New product promotion strategy - Competitive analysis - Customer information
• Continuous Information Leakage - New product promotion strategy - Competitive analysis - Customer information
Deployment of Enterprise Rights Management SolutionDeployment of Enterprise Rights Management Solution
5
3. Procurement
Requires Balance between Security and Usability
• Full support from the management• Process for PC ERM, Server ERM, Ad-hoc ERM• Full support from the management• Process for PC ERM, Server ERM, Ad-hoc ERM
Establish security policy
Establish security policy
• Security policy and process• Application integration• Security policy and process• Application integration
Set-up Task Force Team
(TFT)
Set-up Task Force Team
(TFT)
• All department with security policy department• communicating w/ partners department• All department with security policy department• communicating w/ partners departmentLineupLineup
RoleRole
• Public relationUse intranet and special bulletin board for security
• Education programOn-line video clip and user manual
• Support programOn-site support, Remote supportQ&A, Bulletin board, E-mail support
• Public relationUse intranet and special bulletin board for security
• Education programOn-line video clip and user manual
• Support programOn-site support, Remote supportQ&A, Bulletin board, E-mail support
Support Employeesfor Changes
Support Employeesfor Changes
6
4. Deployment
• All KTF Employees • Call center, Contact center, Outsourced Partner
& Management Companies
• All KTF Employees • Call center, Contact center, Outsourced Partner
& Management CompaniesNo exceptionNo exception
• No performance issue due to deployment• File encryption, and application systems integration• Different access privileges depending on users or groups• Full auditing of all ERM files• Quick deployment and user and admin friendly GUI
• No performance issue due to deployment• File encryption, and application systems integration• Different access privileges depending on users or groups• Full auditing of all ERM files• Quick deployment and user and admin friendly GUI
Challenges & Requirements
Challenges & Requirements
ERM System Architecture
구성도전사통합
Directory (AD) 문서보안서버
KM서버FreeNet서버
사용자 & 조직 정보
사용
자PC
KM 저장 파일전자결재첨부파일
문서
보안
Client
패키징 정보 & 사용Log 패키징 파일
권한정보
사용Log
정책파일
권한정보판정
보안메일서버
사용 Log
패키징 정보보안메일
동기화엔진
자동
암호
화
서버
암호
화
보안
메일
구축개요
MS Office와 훈민정음 문서를 대상으로 자동 암호화
문서에 대한 보안 등급별 사용 권한 설정
KM 등록 문서, 전자 결재 첨부 문서에 대한 암호화 구축
OWA를 이용한 메일 첨부 문서에 대한 보안 메일 자동 변환
문서 실명제(워터마킹) 부서별, 사용자별, 프린터별 예외 처리기능 구현
BPM과 연계한 PC 반출(출장) 프로세스 구축
FreeNet첨부문서
보안메일Client
문서실명제(예외처리추가)
ActiveDirectory
User/Group Information
SyncEngine
ERMServer
KMSIntranet Server
Usage log
ER
M a
gen
t
add exceptional caseERM encryption info & usag
e log ERM file ERM info
User PC
SecureE-mailServerSecure
ERM for PC
ERM for E-m
ail
ERMPolicyfile
Permission info
Attachment file in KMS
Attachment file in Intranet
ERM for App system
Permissioninfo
Usagelog E-mail ERM
Encrypter
7
4. Deployment: ERM for PrintPrint ERM insert print watermark anyone with the exception of permission.
2006.01 2006.08 2007.03
Department / Time
Document Class Info
User ID
2006.08
Print watermark Sample
Print Watermark ERM for PC
ERM forE-mail
ERM forApplication Systems
8
4. Deployment: ERM for PC
Automatic encryption take place when user save documents based on document class, user’s department, etc.
2006.01 2006.08 2007.03
MS
Offi
ce, P
DF, H
WP, G
ULSelecting
document class
Permission Setting
2006.08
Print Watermark ERM for PC
ERM forE-mail
ERM forApplication Systems
Enforcing ERM encryption when saved
9
4. Deployment: ERM for Application Systems
When documents are downloaded (or uploaded), encryption take place based on KMS (or other application systems) ACL permission.
2006.01 2006.08 2007.03
KMS
Knowledge Management
Intended/UnintendedData Loss
No access to documents(ERM agent, User authentication, Connection to permission server, Dedicated IP/PCID, etc.)
ACL Permission
2006.08
Print Watermark ERM for PC
ERM forE-mail
ERM forApplication Systems
10
4. Deployment: ERM for E-mail
Integrated with internal E-mail system allowing sender to encrypt files at any time
2006.01 2006.08 2007.03
Print Watermark ERM for PC
ERM forE-mail
• Easy and simple permission setting• Only allowing intended recipient to access encrypted file• Easy and simple permission setting• Only allowing intended recipient to access encrypted fileSecure E-mailSecure E-mail
Secure E-mail
ERM forApplication Systems
2006.08
11
5. Expectation and Consideration
• Win public confidence on personal information security
• Protect against loss of data from authorized user/group using automatic encryption (enforced)
• Win public confidence on personal information security
• Protect against loss of data from authorized user/group using automatic encryption (enforced)
Expectation
Expectation
• User doesn’t worry about what file to be encrypted and who to see
• Even protect against data loss from malicious code
• Protect again intended/unintended data loss
• User doesn’t worry about what file to be encrypted and who to see
• Even protect against data loss from malicious code
• Protect again intended/unintended data loss
UsabilityUsability
SecuritySecurity
ConsiderationConsideration
• Customizing GUI• Integrating w/ Application Systems (KMS,
Purchase system, POS system, e-mail system, etc.)
• User authentication (SSO)
• Customizing GUI• Integrating w/ Application Systems (KMS,
Purchase system, POS system, e-mail system, etc.)
• User authentication (SSO)
IntegrationIntegration
• PC performance concern• PC monitoring without approval• PC performance concern• PC monitoring without approvalUser viewUser view