Security

Security means that an organization’s content—its knowledge base—is protected against unauthorized access both from inside and outside the organization. The content infrastructure therefore needs to provide robust security for all content applications while content in the repository has to provide granular yet unobtrusive control over access privileges. The repository itself needs to be a trusted environment, providing a "safe vault" for all content stored in it.

Upon leaving the repository, data transfer between EMC Documentum Content Server and clients is encrypted. We protect data traffic between Content Server and clients as well as between Content Server and the directory server with Secure Sockets Layer (SSL) encryption.

Many EMC Documentum customers are among the most security-sensitive organizations in the world and work in industries such as government, financial services, and defense. Our customers have chosen the EMC Documentum enterprise content management platform because we provide them with one of the most secure content management environments.

EMC Documentum security features include encrypted communication between clients and Content Server as well as between Content Server and a directory server.

Identity management

For large enterprises wishing to centralize and consolidate their policy definition and identity management policies, the EMC Documentum platform can authenticate in real time against an external directory through industry-standard Lightweight Directory Access Protocol (LDAP).

Features of the integration include:

• Support for multiple LDAP servers.
• Encryption of LDAP communications with SSL.
• Support of various directories including Microsoft® Active Directory, Sun ONE Directory Server, and Oracle Internet Directory.

Authentication

All users accessing content in the EMC Documentum repository have to authenticate by inputting their user names and passwords. The EMC Documentum platform provides standard login functionality such as login thresholds to prevent "brute force attacks," session timeouts, and login audit logs.

By using Content Server, enterprises can extend authentication to support multifactor authentication, biometrics, Public Key Infrastructure (PKI), or Web single sign-on (SSO). Content Server leverages its authentication framework to participate in a Web SSO infrastructure.

By integrating with SSO you can:

• Eliminate the need for users to remember multiple user names and passwords.
• Decrease the likelihood of users writing down their passwords where they can easily be stolen.
• Reduce the volume of help desk calls requesting password resets.

Access control

EMC Documentum provides a granular set of access privileges for access control that organizations can apply to ensure security of all their content.

Customers can easily ensure that users have the appropriate level of access to any cabinet, folder, directory, document set, single document, or document part. With EMC Documentum Trusted Content Services, customers can assign privileges dynamically or use multidimensional access controls to more finely tune access.

Audit trails

Our platform’s auditing capabilities include another core competency: every activity and user interaction can be selectively tracked in an audit file. Standard interfaces expose this file and enable the use of off-the-shelf reporting tools such as Microsoft® Access or Crystal Reports. You can also audit the audit logs themselves, which are secure as well.

Additional security

Customers with additional security requirements can take advantage of Trusted Content Services, which includes the following capabilities:

• Repository encryption
• Electronic signatures
• Dynamic access control lists (ACLs)
• Multidimensional access controls
• Digital shredding

Outside the repository

To retain control over content beyond the Documentum repository, EMC Documentum information rights management (IRM) products permit access privileges to be set within the Documentum repository and still enforced once content leaves the repository.

Organizations can dynamically control and manage information by allowing content owners to decide who can view, copy, print, and forward documents and who cannot. Content owners can expire or revoke document access even after delivery outside of the corporate firewall.

Common criteria

In order to meet the strict security demands of government agencies, Content Server and Documentum Administrator are Common Criteria-certified. The validating body, National Information Assurance Partnership (NIAP), maintains a list of all information technology (IT) products that have successfully completed evaluation and validation under Common Criteria.

Whichever level of security best fits your organization’s needs, EMC Documentum can help ensure you achieve it.