- 1 -

ClouDoc [The New name of Central ECM]

- 2 -

Contents

1. Overview and staus 2. Application Areas 3. Product Function 4. Customer Case Studies

1. Company Overview 2. Business Area

- 3 -

- 4 -

NETID Co., Ltd.

Yoo, Sang Leol

Software Business | Internet Business

L-9092 Life-Living, Garden5, 66 ChungMin-Ro Songpa-gu, Seoul, Korea

TEL : 02-588-0708 FAX : 02-588-1012

March 6, 2002

Since March, 2002 ~

Plus Disk ClouDoc

Company name

CEO

Bussiness Area

Address

Phone

Foundation data

Engagement in the

Same industry

Product

“ Let s make a conscientious software ”

NetID

We are working on Solution business through con-

struction a wide Variety of partnership based on

our core technologies like security File server,

Online PC backup,… And we had been putting in a

great Deal Of effort to develop oversea Market

since foundation.

- 5 -

NetID

Plus Disk As a package

ClouDoc As a solution

KDISK’s homedrive.co.kr

KT SafeDisk

Hostway PC Backup

LG Dacom Webhard

Korea.com Mdisk

Nate FileTank

SKNetworks UbiHard

LG Electronics Plus Disk for NAS

Core Technology : File System Driver, Disklock, Cloud Technology

- 6 -

ClouDoc Overview and Status

- 7 -

Cloud Storage (Document Centralization Program)

NetID s Cloud Storage Solution ‘

What s the Document centralization? ‘

The current trend where all documents are saved in the central server instead of individual PCs to prevent data leak for personal use

- 8 -

Need for Document Centralization

Corporate electronic documents that are more important than real estate or machinery

90% of corporate documents are saved in PCs, while only10% are saved in the server.

- GATNER, a market research company

More than 70% of data leak is committed by current and former employees and partners

- SMBA

Current & former

employees, Partners

Data Leak Criminals

Corporation

Documents

90%

70%

- 9 -

Corporation Reactions

2. Disk Returned

Delete

1. File Encrypted Save

The Problems

Disk Wiped and Returned

Encryption Performance and

Effectiveness

BUT!

Problem with existing anti data leak measures

- 10 -

Personal purpose of the (document) download

Employee s PC/ Notebook

Save and Download

Employee s PC/ Notebook

Remote Disk(X:)

ClouDoc Server

Management Document Centralization

AS-IS

TO-BE

Why ClouDoc?

‘

‘

Remote Disk >> Save and Downlaod

Local Disk >> Prohibit to Save and download

- 11 -

Background on Development-Problems of traditional ECM products

Skipping complex classification system and registration process!

Easy and quick implementation of interface!

- 12 -

Background on Development -Why ClouDoc?

Prohibited ‘Save’ in personal PCs and

external disks

Read and Write through ClouDoc

Optimized for the current user environment

Easy Security For

business

- 13 -

Saving in Local Disk is disabled even for notebook users,

and as a result corporate information cannot be leaked.

Complete application-based control (including Office documents,

CAD documents, design documents, source code etc) is enabled.

Background on Development - Why ClouDoc?

- 14 -

ClouDoc Application Areas

- 15 -

Application Areas - Security and Protection (Against leakage of corporate information)

Item Diagram Encryption Document Centralization

Diagrams Stored in PC Central document drive

Application Compatibility

Limited to applications Compatible with diagram

Encryption solution

Provides application compatibility without additional development,

basic maintenance costs

Maintenance

Basic maintenance costs + additional application module (or new version) costs

Basic maintenance cost

CASE STUDY: An officer of a company which has the system that encrypts drawings, deleted all drawings under his control when he left the company. This makes one wonder who the rightful owner of the documents saved in PCs is. Why and how can this happen? Let us compare two types of solutions as below:

As shown by the patent wars between Samsung and Apple, the electronic document is quickly growing in importance to the modern corporation, more so than buildings or equipment. Intangible property in the form of office documents, CAD diagrams and program source codes have become the most important property to protect. To protect CAD diagrams, companies have the options of ‘diagram encryption’ or ‘document solutions can be compared as follows.

Document centralization properties and protects the work output of employees. It can also be used as a means of Cooperative work with the sharing of information

- 16 -

The recent leakage by company K of a subscrib er list of 8 million users and company S’- financial services

customer information leakage were perpetrated by a corporate partner and employee, respectively.

Application Areas – Personal Information leakage prevent solution

Information leakage prevent solution

Outside hacking Prevention Insider leakage Prevention

DB Encryption, NAC, Intrusion Detection, Application Modification and Forgoing

Protection, Web Firewall

PC scan, System and DB Access Control, DLP, Secure USB Log analysis (Forensic),

DRM, Document Centralization

Detection of personal data within PC Encryption

Separation PC Scan

ClouDoc Document

Centralization Documents can be used after a request

for approval for data export is made

Data export disabled

Client data and personal data

Comparison of types of data leak by internal staff

- 17 -

The Ministry of Security & Public Administration of Korea has introduced 3 types of Cloud services in its ‘Guideline to the implementation of work environment for administrative authorities’

Application Areas– Cloud Storage (Public administration, Corporation)

About the Compare with 3-way Cloud storage is receiving good reviews in all fields,

for its enabling of smart work,

prevention of information leakages,

I/O re sponse speed,

support for business SW,

low startup costs,

systematic management of materials,

automatized management of the work environment,

and low carbon footprint.

- 18 -

ClouDoc Product Function

User UI / Document drive / PS Backup / Security / Disklock / Cloud storage

- 19 -

User UI – Interfaces for different roles/ functions

In the ClouDoc there are various users including central administrators such as the information protection manager and service manager, folder managers, which correspond to the leaders of each team, and members who are normal employees. Synced with the central human resources DB, ClouDoc provides an efficient cooperative work environ-ment.

- 20 -

User UI - User interface support for mobile environments

Windows Explorer

XP/Vista/2003/

2008/7 Java Explorer

MAC, Linux Web Browser

IE, Firefox, Chrome, Safari

Smart Phone

IPhone, Android

In the Future

IPAD

Android Tablet

Google TV

Option Module

- 21 -

Login screen

Application exclusive for iPhone and Android Phone is provided. You can open a file inside the

Document Drive in the Server so as to save in the Smart phone’s Local Storage. With Android Phone,

you can upload a document after editing. Device interoperation (such as album, photo, video etc) is

also supported.

User UI – Smartphone supported

View Server Document Drive Various setups

supported

Send Link Mail

Folder selection screen

Option Module

- 22 -

User UI - Tablet PC

Application exclusive for iPhone and Android Phone is provided. You can open a file inside the Document Drive in the Server so as to save in the Smart phone’s Local Storage. With Android Phone, you can upload a document after editing. Device interoperation (such as album, photo, video etc) is also supported.

Album/Photo/Video (Device Interoperation)

Device registration

View Server Document Drive

View Server Document Drive

Option Module

- 23 -

Document Drive – Direct Document Input/Output

You can edit various documents including CAD drawings, and playback video data just like you would with C: drive. You can also distribute installation programs.

- 24 -

Document Drive – MS Office Document Version Management

Programs such as Microsoft

Office first generate a new copy

of documents when editing,

then Delete the previous file.

These otherwise deleted files

are stored separately, and the

interface allows for their

restoration by users later on.

Version Management

- 25 -

Document Drive -Team Document Drive based collaboration

This product offers the Team Document Drive function. Depending on the permission granted to the

logged-in user, the level of accessibility to the Team Document Drive varies.

- 26 -

Document Drive - Metadata Search

File name search

Metadata search will provide It’s own document category View…

File name

Size Date File

Extension

Subject Content type keyword

Metadata Search

Because the rudimentary file search function in Windows Explorer can have a negative effect on system performance and response time, a proprietary file name search feature is included. And metadata search is also supported.

Customizable full text searches

Search

Provides searches of all documents in all document drives

File name

Size Date File

Extension

Option Module

- 27 -

Document Drive – Use of Document Links

HappyNY.avi

Forecast.ppt

Y:\ STT Electronics

Strategy

USA

Marketing

Oversea

Using UNC path (Universal Naming Convention)

Files and Folders inside the ClouDoc Team Document Drive

Permission

(○)

File://Y:\marketing\oversea File://Y:\ marketing\oversea\usa\forecast.ppt

[Filename_example:]

Permission

(X)

- 28 -

Document Drive – Document link (Linkmail / Copy Weblink)

2

4 2

1 Copy Document Link 1

Link Sender

Link Receiver

3 Document Copy

(storage thereafter) 2

Document Download

Document Download

Security Linkmail : email

Security Copy weblink : email, Board, messenser …

Linkmail : email

Copy weblink : email, Board, messenser …

Security Linkmail : email

Security Copy weblink : email, Board, messenser …

HappyNY.avi

Forecast.ppt

HappyNY.avi

Forecast.ppt

Approval Procedure

- 29 -

PC Backup – PC document backup support

Important work materials in PCs taken out of the office for repairs must be backed up and the PC

must be wiped. What would happen if your work files stored on your PC or laptop were to suddenly

disappear? The PC backup solution takes care of this problem.

• HDD will be out together with PC when the PC needs repair

•Scheduled backup • Incremental backup

• Backup files online • Confirm integrity of backup files • Finally erase original files

2.Usual backup

1. Prevent data leak from repairing PC

PC Backup Reporting File Management

Secure Backup Server

Repair / Replace

Inspection

Backup and Restore

Option Module

- 30 -

Algorithm

Security – Prevention of document leakage through encryption

Online Banking

Transferring files from PC to a central server uses 128-bit SSL. This is the same as that used by online banking

technology. Works with files on a central server are logged into the database and all files are saved encrypted

using the ARIA(a kind of AES) algorithm automatically.

Central Sever

= using the same technology

Authorization certificate

Log-in

- 31 -

Security - Stable system operation by various security features

All documents are saved encrypted using safe speedy encryption algorithm, ARIA (based on AES).

Files are transmitted using 128 bit SSL from PC to server to prevent tapping. User authentication and read/write/delete/re- name/copy/move of all documents on server are logged. All deleted files are kept for a certain period that employees can’t delete important files on their own.

Access Log

IP Filtering IP Authentication

Encrypted Transfer(SSL) File Access Log Encrypted Saving(ARIA

Account Locking

Password Complexity

Secure Login

ACL setting logging

Two kinds of admins SQL Injection, Cross Site Script, File Integrity,…

Security features on documents

Security for network elements

Security features on the human element

Other Security Features

- 32 -

Cloud storage – Public administration, Corporate

The cloud storage model promoted by Korea’s Ministry of Public Administration and Security

applies not just to government agencies as well as corporations. Disabling PC saves using the

DiskLock model of ClouDoc, the virtual desktop environment can be desktop virtualization or

application virtualization environments, cloud storage allow for the systematic document con-

trol these systems lack..

- 33 -

Cloud storage – Web Office

The document edit function is available, which is compatible with services like Google Docs, Microsoft Office365 and existing Office documents under Cloud environment. Interoperability with Web Office installed at your company is also available.

On PCs with office applications installed, document edits can be performed directly from the

Central ECM’s windows explorer drive. In PCs without the office applications, documents

can be edited using web office.

View/Modify/Create Office Documents from web browser

Option Module

- 34 -

Cloud storage – Virtual desktop compatibility

Individual and department document drives are provided by ClouDoc in virtual desktop environ-ments such as Citrix and Vmware..

Users logged into Citrix XenApp are

permitted to read the local PC disk

but are not permitted to write.

- 35 -

Items DiskLock Y of X company B of A company

Concept Controls applications Controls file extensions Controls applications

File extension change Controlled Not Controlled Not Controlled

Application name change Controlled Not Controlled Not Controlled

Additional options File size, … Nothing Nothing

Disk Types Local/Network/USB/CD*DVD Local Local

Application list Automatically gathered Admin input manually Admin input manually

Policy setting unit Application Category File extensions Application Name

Policies are applied to Company/Team/Personal Company/Team/Personal Company only

System folder input Supported Supported Not Supported

Disklock – Why Disklock?

Disklock is based on file system driver technology of NetID.

We do not use only application name nor filename but we use

internal application information that we control disk IO perfectly.

Option Module

- 36 -

Disklock – Types and Application of Additionally Available Disk

Thanks to the Disklock function, a number of disks as follows are provided to accommodate various

applications. The virtual disk drive provided for the Local Disk on PC is used to encrypt and save

documents and prevent the documents from being moved to other local locations.

Shared information

utilization

Taking over process

The possibility of

document leak

TCO

Restricted to the

registered documents

No standard process

High because they are

under personal control

Cost for each teams

Not a company asset yet

Personal Computer

Team file server

Registered documents

Centralized documents

Occurs according to

the standard process

Low because they are

controlled centrally

Cost for only a central service

Valuable company asset

Centralized content

management server

TO BE AS IS

Document

saving location

Option Module

- 37 -

DiskLock – File Drive

Online/Offline/Export Disk of DiskLock are encrypted file drives and you can read the Export Disk

only after authentication even in offline environments. File copy from file drives to local drives is

limited and files are protected even though you insert the disk into another PC because the files

are encrypted.

Local Drive, USB Drive,…

DiskLock Temp Disks (File Drives)

Lost

Lost Notebook

DiskLock Temp Disks (File Drives)

Without Offline logon

DiskLock 임시디스크

(파일드라이브)

Files are Encrypted DiskLock

Temp Disks (File Drives)

Export &

Insert D i s k

Option Module

- 38 -

Disklock - The need for local disk control

Necessity of control

A senior researcher at Burton Group, a leading IT researching organization, advised that

‘the best way to protect corporate data is to ban saving of such data into the employees’ terminal.

Option Module

- 39 -

Disklock – CAD Drawing security and protection

DiskLock is a world-class document save disabler developed by NetID based on file system driver technology. Because the lock is enforced using internal application information instead of the name of the application, the function is perfectly secure.

ClouDoc

Option Module

- 40 -

We may allow or reject copy&move between disk types. We don’t use separate similar explorer but use

windows explorer so that the policies are applied to user environments with minimal changes.

Central Document Drives

Network Drives

CD/DVD Drives

USB Drives

DiskLock Temp Drives

Local Drives

Option Module DiskLock – Limiting Copy/Move from Windows Explorer

- 41 -

Disklock - Carry-out of Document

The Document Export function enables a document to be released from the Central Document Drive when you need to take it outside for presentation or meeting. Document Export only applies to the requested file for release, and the copy of the requested file is saved in Server at the time of approval.

5.반출

온라인

오프라인

ClouDoc

ClouDoc

5. Carry out

Online

Offline

Option Module

- 42 -

Disklock – Offline Temporary Disk

0

When access to the Central Document Drive is disabled for network disconnection, a temporary drive is created so

that you may continue to perform tasks. For a document created in the temporary drive, the upload UI will appear

in the center of the screen automatically when the connection to the Central Document Drive becomes available.

Security Policy

Basic Policy

Sales’s teams policy

Network Disconnection Policy

…

Export Policy

Policy initialization including the ‘network

disconnection’ policy

1

Upload upon ‘online’ status. 4

ClouDoc Server

X:\ Shared

Y:\ Team

Z:\ Personal

Network disconnection automatically implementing the

‘network disconnection’ policy

2 Encrypted save in

Temporary Document Drive

Employee

PC X:\ shared

Y:\ Team

Z:\Personal

T:\Temporary

Employee

PC

3

Sales team’s policy Network Disconnection

Policy

Sales team’s policy Network

Disconnection Policy

Option Module

- 43 -

Document backup in Public cloud storage

Company A-To backup

first save Encryption

De-duplication

Disaster recovery enabled by double-triple replica

A A A A

A

B

B B

B

Amazone S3, Google Storage,

Rackspace / CloudeFiles, SKT Cloud,

OpenStack/Swif, tKT U Cloud

Documents of clients can directly be saved or backed up in Public Cloud Storage. In this way, clients’ documents are safely protected.

Company B-To save

Option Module

- 44 -

External Document Exchange Server

External agencies

The Office Central Server

DMZ ZONE

External Document Exchange Server

Request for approval

for sending out

• Sending Out internal document and requesting for approval • Copying of the sent out documents and history management

Linkmail

Guest ID Upload

Approval Document

Copy

Download

Upload Document

Copy

Since the Central Document Control Server is located inside a company, access thereto from outside is disabled. The External Document Exchange Server is located in the DMZ zone to enable safe exchange of documents with external organizations. .

: Document sent

: Document received

Introductory remarks

1

2

3

4

1

2

Option Module

- 45 -

ClouDoc Customer case Studies

- 46 -

Company‘O’, Launched ClouDoc

[Company ‘O’ that uses Documenterm of EMC]

Company ‘O’ that had been using our traditional ECM product Documenterm for document classification and search, now launched ClouDoc (formerly, Central ECM) in addition, to encourage its employees to save documents in the Central Document Drive.

ClouDoc Server

No DATA

Exported Notebook

Block Media

Local drive(C:)

Remote

Drive(X:)

PowerPoint

Word

Excel

아래한글

……AutoCAD

Corporate PC Environment

ClouDoc Documentum

- 47 -

Traditional ECM

Product Function

Detailed document category management is

provided through a professional document

management capabilities.

Product Features

Open and Saving documents involve security and performance issues because they are using temporary files and hooking techniques in employee PC.

it is impossible to apply Hooking for some applications.

The new version of MS Office, and the corresponding need a separate budget. It can be a significant burden.

It’s inconvenient and slow. / Complex administrative environment.

Customers

Posco, Samsung Electronics, LG Display, … are using.

Compared with traditional ECM products

“We purchased expensive SW

but it’s not useful.” IT manager of ‘N’company

ClouDoc

Product Function

Key features are local drive-based document

management and security features (SSL, ARIA, logs).

Product Features .

Opening and saving documents are similar to the local drive (eg. X: drive) way.

All applications in company can use the drive.

Response to a new version, such as MS Office does not need a separate actions.

After install, Environments are the same as before and document is available in high-performance.

Simple administrative environment makes it easy to manage the documents.

Customers

OCI Company, Samsung Card, Seoul City, … are using.

- 48 -

Items Server Based Computing Local Disk Locking

Concept Employees use virtual machines for document centralization & DLP

Employees use existing PC but file save is not allowed for local disks.

Product Citrix XenDesktop, VmWare, … Central ECM

Document save location

Central Storage Central Storage

User Desktop Provides 20 virtual desktops per one virtual desktop server.

Existing PC as is

User environment changes

User should logon to remote virtual desktop server to begin their work.

Same environment but local disk save will not be allowed for some applications.

Cost •Expensive VDI license •More windows and office licenses for virtual desktops •Cost for many VDI servers •Central Server and Storage

•Reasonable ECM SW license •Central Server and Storage

Apply for •Limited use for sales person, work –at-home, … •Low performance for CAD works

•Very flexible for any kind of works

CPU Use of server CPU Use of PC CPU

RAM Use of server RAM Use of PC RAM

PC Video Card Can’t be used Use of PC Video Card

Compared with SBC(Server Based Computing)

The method of banning the ‘document save’ in PC’s Local Disk offers cost saving and high efficiency compared to the SBC method, yet it offers better security.

- 49 -

Ways of applying a variety of document centralization

We cooperate with virtual desktops of Citrix, VMWare and Microsoft to provide the best document management

environment. Also, we cooperate with PC security solutions to manage enterprise contents.

The local file system of the remote storage connection to the drive in Windows Explorer.

Virtual Machines

DLP Solution

PC VM PC Security

Network Booting

Terminal Server

Rules

Document Centralization(ClouDoc)

Recycled bin

: Personal : Team : Shared

- 50 -

Effect of Implementation of ClouDoc

Document Centralization not only reduces the risk of data leak, but also improves the utilization of shared knowledge and smooth transition. From the overall cost aspect, the central management is more advantageous than management by team. By taking the ownership over the corporate documents, it can add new values to your company.

Shared information utilization

Taking over process

The possibility of

document leak

TCO

Restricted to the

registered documents

No standard process

High because they are

under personal control

Cost for each teams

Not a company asset yet

Personal Computer

Team file server

Registered documents

Centralized documents

Occurs according to

the standard process

Low because they are

controlled centrally

Cost for only a central service

Valuable company asset

Centralized content

management server

TO BE AS IS

Document saving location

- 51 -

Customers in Korea, Japan and China

ClouDoc is used by corporations you may already know. Document Management Features are used by KT, GS Construction, OCI, Tokyo Electron Korea,… etc. PC security features are used in POSCO, Samsung Semiconductor, LG LCD,… etc. We are reliable and corporation friendly.

유넥스 다임즈 청하기계 송원산업

금영

성산테크

2009 2010 2011 2012

OverSea