Fasoo is a leading enterprise digital rights management (EDRM) company that was founded in 2000. It specializes in securing and tracking documents across various environments, including repositories, local devices, email distribution, and mobile platforms. Fasoo's solutions encrypt documents and control access through customizable policies. Key differentiators include Fasoo's longevity in the EDRM market, the breadth and flexibility of its solution, support for extensive applications and file types, and ability to scale across large enterprise deployments with millions of users.
2. Company
Overview
2
Founded in June, 2000
Specializes in Enterprise DRM (EDRM) solutions and services
Holds 270 employees, and more than 60% of employees has
security consulting or DRM engineering backgrounds
Deployed over 1,200 organizations for more than 2 million users
Most of customers have deployed the solutions in enterprise-wide
scale, and 20+ customers have the deployment of over 100,000
users worldwide
Launched DigitalQuick (secure cloud collaboration) in 2013
External Communication
3. Value Proposition
3
Protects valuable information such as trade secrets & classified
information beyond controlled boundaries (data-centric)
Ensures valuable digital assets are only viewed by the intended
audience and unauthorized copies of documents are not produced
and circulated
Reduces the risk of intellectual property loss while collaborating
with 3rd parties
Secure Inter-
Organizational
Communications
External Communication
Effective
Knowledge
Management
Regulatory
Compliance
4. New Challenges
4
Tightened regulation and compliance around PII and data integrity
Growing concerns of losing intellectual properties and trade
secrets
Increasing threats by insiders/authorized users
New data security demands in cloud, mobile and social computing
External Communication
5. Problems in
Conventional
Security
5
Conventional security solutions (Firewall, IPS, VPN, DLP) basically
establish a physical boundary whose inside is assumed safe
Difficult to set up an effective policy against unfaithful insiders and
smart hackers
In cloud and mobile computing environment, it is impossible to
define the physical boundary of safe inside
These limitations have been seen repeatedly through a series of
PII leak incidents
External Communication
6. Fasoo
Enterprise
DRM
6
Fasoo Enterprise DRM safeguards and prevents unauthorized use
of digital files and provides consistent and reliable protection of
the documents with effective file encryption, permission control
and audit trail technologies.
The solution offers customers persistent document security
through encryption technologies that limit document access and
rights.
It allows enterprises to prevent unintended information disclosure
or exposure, ensure a secure information sharing environment,
better manage workflows and simplify secure collaboration.
External Communication
7. As-Is
Steve in Sales
Sam in Sales
Sam creates and
shares price list with
Steve.
Steve reviews &
shares the final
version to Fred in
Finance.
Fred in Finance
Fred receives the list
from Seth via email,
and makes updates
(incl. PII) on his ledger.
Cam, Contractor
Cameron can
print any
document.
Ex-Employee
Ex-employees can access
any document (copied
while he was with
previous organization).
Business Traveler
Partner Employee
External users
could access
documents with
full access
Business
travelers could
access
documents with
full permission.
Security
Vulnerability
External Communication 7
8. To-Be
Steve in Sales
Sam in Sales
Sam creates and
shares price list with
Steve.
Steve reviews &
shares the final
version to Fred in
Finance.
Fred in Finance
Fred receives the list
from Seth via email,
and makes updates
(incl. PII) on his ledger.
Cam, Contractor
Business travelers could
access protected documents
via offline license, but have
limited permission.
Cameron prints protected
documents, and visible
watermark is placed on non-PII
documents. However, Cameron
cannot print documents w/ PII.
Ex-Employee
Ex-employees attempt to
access protected
document, but have no
access to protected
documents.
Business Traveler
Partner Employee
External users with appropriate credentials
could access FSE-enabled documents using
automated email authentication.
Gained abilities to Protected
secure, control and
track sensitive
documents no matter
where they are.
Security Admin
External Communication 8
9. General Flow of
Data and SW
Components
DRM Packager
DRM Client/Agent
Mobile App
DRM Server Mobile Gateway
External Communication 9
10. Characteristic
10
Fasoo secures information persistently regardless of location or
whether it is at rest, in transit or in use.
Products manage documents created locally at a PC, created and
stored inside a document repository, such as Microsoft
SharePoint, or created and distributed to ad-hoc external users,
using email, FTP, file sharing services, USB drives or other
distribution methods.
Documents are encrypted and access is controlled through a
policy (License) defined by administrators or document creators.
Since a DRM Client controls access to the rendering application,
access is only granted through a License.
Each time a user accesses a document, the DRM Client contacts
the DRM Server for a License.
This enables an administrator or document creator to change
access permissions dynamically and even revoke access to a
document once the document is created and distributed.
External Communication
11. FSD
---------------------
Protects/controls/tracks
documents have left the
protective confines of the
repository
---------------------
FSD Server
FSD Server-Packager
DRM Client
Item Description
Encryption • FSD Server-Packager (encryption module) integrates with web server of
repository to encrypt target documents automatically.
• While encrypting documents, the module is also injecting metadata (e.g.,
document’s library path, repository’s ID, FSD Server ID, etc. as DRM/IRM policy
identifiers).
• Even if the encrypted documents are being edited at desktops, its derivatives
also maintain the consistent DRM policy by the client.
Authentication • FSD Server communicates either repository, user directory (e.g., AD) or 3rd
party authentication tool to validate user credentials.
Policy • FSD Server communicates with repository by sending document ID (e.g.,
document’s library path, file ID, etc.) and user ID, then is mapping the user’s
repository permission (e.g., Read, Contribute, Full Control, etc.) with DRM
permission (e.g., View, Edit, Capture, Watermark, etc.)
• After permission mapping, FSD Server generates permission License file, then
sends back to the user (DRM Client) for document access.
Audit trail • DRM Client sends document usage logs (e.g., user ID, file ID, device, network
information) back to FSD Server periodically.
External Communication 11
12. FSD
---------------------
General Flow of Data
and SW Components
User 1 Repository User Directory
(AD)
FSD Server
User 2 (w/
credentials)
User 3 (w/o
credentials)
Has View/Edit,
but no Print/Capture
permissions
External Communication 12
13. FSD for
SharePoint
---------------------
Enabling IRM for Document
Library –Encrypting on the
fly (1)
Confidential 13
14. FSD for
SharePoint
---------------------
Enabling IRM for Document
Library –Encrypting on the
fly (2)
Confidential 14
15. FSD for
SharePoint
--------------------
Setting IRM Permission for
Document Library (1)
Confidential 15
16. FSD for
SharePoint
--------------------
Setting IRM Permission for
Document Library (2)
Confidential 16
17. FSD for
SharePoint
--------------------
Setting IRM Permission for
Document Library (3)
Confidential 17
18. FSD for
SharePoint
--------------------Allowing
administrators to grant
Print/Screen Capture/Office
Access to users/groups
Confidential 18
19. Customizable
Permission
Mapping
--------------------Allowing
administrators to map
existing SharePoint list
permissions
SP Permission Level DRM Permission Level (Detail DRM Permission)
Read, Restricted Read or View Only View (VIEW)
Design, Approve or Contribute Edit (VIEW, EDIT, SECURE_SAVE, SECURE_EXTRACT)
Full Control or Manage Hierarchy Full (VIEW, EDIT, SECURE_SAVE, SAVE,
SECURE_EXTRACT, EXTRACT)
n/a Print (PRINT, SECURE_PRINT)
n/a Screen Capture (PRINT_SCREEN)
SP Permission DRM Permission Level (Detail DRM Permission)
ViewListItem View (VIEW)
EditListItems, ManageList or AddandCustomizePages Edit (VIEW, EDIT, SECURE_SAVE, SECURE_EXTRACT)
ManagePermissions, ManageWeb or FullMask Full (VIEW, EDIT, SECURE_SAVE, SAVE,
SECURE_EXTRACT, EXTRACT)
n/a Print (PRINT, SECURE_PRINT)
n/a Screen Capture (PRINT_SCREEN)
Confidential 19
20. Direct File Access
in SharePoint
--------------------Opening a
protected document in the
protected library
*In case of PDF file, user will be
asked to download a copy
(protected) at local PC
Confidential 20
21. Direct File
Editing/Saving in
SharePoint
--------------------Saving a
protected document
directly to the same library
*In case of PowerPoint, direct
editing is restricted, and user must
download a copy (protected), and
upload the revised file.
Confidential 21
22. Persistent
Protection &
Dynamic
Permission
Control
---------------------
If a protected document
(lock icon) is saved at PC,
local copy maintains a
consistent policy of the
protected library/object
store folder.
External Communication 22
23. Secure Extract
---------------------
If a protected document is
edited at PC, its derivative
(e.g., PDF) maintains a
consistent policy of the
protected library/object
store folder.
External Communication 23
24. Secure Copy &
Paste
---------------------
Copy/cut & paste (drag &
drop) is only allowed
within/between protected
documents, and does not
allow users (w/ edit
capability) to extract
content from protected
document to unprotected
file.
External Communication 24
25. Screen Capture
Prevention (1)
---------------------
Screen capture can only be
allowed when user has
appropriate user
credentials.
External Communication 25
26. Screen Capture
Prevention (2)
---------------------
Screen capture can only be
allowed when user has
appropriate user
credentials.
External Communication 26
28. Fasoo
Enterprise
DRM (FED)
Suite
Desktop
Repository
External
Print
Display
Context-Aware
Pattern-Based
Mobile
External Communication 28
29. Key Differentiator
---------------------
Longevity,
Breadth of Solution
29
Longevity
‐ Fasoo is a leading DRM/IRM company in the global market. Since
2000, Fasoo has focused its efforts on protecting clients' critical
information from unauthorized users. Most other DRM/IRM focused
companies have been acquired or altered their focus.
Breadth of solution
‐ Based on the 14+ years of DRM/IRM focus, Fasoo has been able to
build an extremely broad solution set with the ability to handle the
enterprise requirements of data stored in repositories, created on
local devices and transmitted through Ad-hoc means. Fasoo
continues to develop products to meet the changing requirements
including adding Mobile Device Support (iOS, Android), Cloud
Sharing Support (like Dropbox) and soon to be released support for
Mac. No other products in the market can satisfy the enterprise
requirements like Fasoo.
External Communication
30. Key Differentiator
---------------------
Flexibility,
Scalability
30
Flexibility
‐ Fasoo understands that the market is extremely broad and while
current solutions can integrate with key market leading products like
SharePoint (repository) Outlook (email), organizations may have
proprietary needs. As a result, Fasoo has SDKs with APIs available in
Java, C and C++ for integration into any document repository.
Scalability
‐ Fasoo has proven to scale within some of the largest environments
in the world. Large portion of Fasoo customers have the
deployment of over 10,000 users enterprise-wide, and more than 20
customers have the deployment of over 100,000 users worldwide.
External Communication
31. Key Differentiator
---------------------
Extensive Application
Coverage,
Mobile Platforms
31
Extensive application coverage
‐ Fasoo supports an extremely broad base of rendering applications.
While most companies only support Microsoft Office and Adobe
PDF, Fasoo extends to nearly 50 applications and exponentially
more file types. Fasoo has the ability to extend the application
support upon client's request.
Mobile platforms
‐ Access to content is no longer restricted to the PC. With the mobile
device explosion, it is critical that DRM/IRM solutions enable at a
minimum the ability to view files on a iOS or Android device. As a
result in 2011, Fasoo released its proprietary iOS and Android App.
External Communication