Materials & Downloads
Select from automated demonstrations, brochures
and whitepapers to learn more about our products
  |
FAQ
What makes Liquid Machines' solutions unique? Traditional security approaches focus on securing the environment, a specific location, or special file format. Liquid Machines Document Control protects sensitive data in its native format, enables the use of native applications, and can be integrated with existing workflows and business processes. By associating protections with the information itself, Liquid Machines reduces the complexity of securing sensitive information without inhibiting the collaborative environment. In addition to this unique approach to security, Liquid Machines also enables dynamic updates to access and usage permissions without redistributing protected files, and provides detailed audit information for compliance. [Top]
How does the software work? Liquid Machines encrypts information to provide persistent protection and policy enforcement, no matter where the information resides. Liquid Machines allows or prevents actions such as reading, altering, copying and printing information according to a user's privileges defined in the policy. Liquid Machines makes information protection a seamless part of existing work processes. For enterprises, automated policy protection of content can be integrated with systems that automatically create, handle, or archive information. For users, policy enforcement is automatic during the copy/paste, save as, or conversion process. Unlike other approaches to information security, Liquid Machines does not require users to modify or upgrade applications, change their work habits or move data. [Top]
How does Liquid Machines handle offline use of content? Liquid Machines supports offline access and usage control of protected content. Offline usage time is a configurable parameter (i.e. a day, 7 weeks, until August 1, etc.) that is controlled at the role level, which means that one set of users, such as traveling executives can access content offline for a specified amount of time while another set of users must be connected to the network. In addition to access and usage controls, all application-level events are logged and audited in the Liquid Machines policy server. Policy administrators can view reports that detail access and usage history of all data under Liquid Machines policy control. [Top]
How is this different than access control? Access control is applied either at the folder or document level by a file system or a document management system. It works well for users within the enterprise, but once information leaves the secured environment, it is no longer protected. For example, sensitive content that was once protected using access control can be emailed, at which point, it is potentially accessible to anyone. [Top]
How is this different than PKI? PKI applies a protective layer to the document, ensuring that it may travel outside the trusted environment and remain secure in transit. However, once the protection is removed (which is required to use the document), the control vanishes. Further, key management can be onerous for the enterprise and users. [Top]
How is this different than end point security and data leak prevention? End point security and DLP solutions rely on filters, monitored network traffic and other detection techniques that analyze unprotected content. In order to keep up with the ever expanding ways information can leave an organization’s control, these tools require continuous development. If content is not detected by the system for whatever reason, it is let through, unprotected for anyone to see. Conversely, false-positives can have a negative impact on productivity and user acceptance. Enterprise rights management protects the information itself, ensuring that regardless of where it goes, even outside your network, it remains secure. [Top]
How is this different than "digital rights management" (DRM)? Digital rights management technologies are often used to protect consumer content such as music and movies. Thus, these technologies often require a user to perform extra steps, such as manual encryption, or limit the ability for users to perform normal actions such as editing the document in its native application. These limitations are considered unviable for everyday usage because they require the user to adjust the way they work to accommodate the software, rather than the other way around. [Top]
How is this different than Microsoft Rights Management Services (RMS)? Liquid Machines is a Microsoft RMS partner that RMS-enables key business applications, speeding adoption for enterprise customers. Liquid Machines extends and enhances and RMS environment with features such as streamlined administration, support for multiple policy servers, auditing of user actions, automated encryption and decryption tools, and inter-application propagation of policy protection during copy/paste, drag/drop, distillation and save as processes. [Top]
Is Liquid Machines compatible with full disk encryption products? If I have full disk encryption, do I need ERM? Full disk encryption helps protect organizations from a common data breach – the stolen laptop. However, under normal usage, that hard drive is accessed everyday, at which point all the information is unprotected and free to travel anywhere the user chooses to send it. Liquid Machines ERM can work with your full disk encryption tools to ensure that the information stored on those machines remains protected and accessible only by authorized users. ERM also provides control over how long information can be accessed offline, how it may be used, and provides the ability to modify or revoke rights to information after it has been distributed. [Top]
What applications can I use? What about home-grown applications? Liquid Machines can add supported applications through custom services. Policy Management and Content Protection API's along with command-line tools can also be used to integrate policy and content protection functions with automated business processes. [Top]
What file formats are supported? Liquid Machines can support more than 400 file formats. Most of our customers are protecting information that is used within Microsoft Word, Microsoft Excel, Microsoft PowerPoint, Microsoft Visio, Adobe Acrobat, Adobe Reader, SolidWorks 2008, PTC Pro/ENGINEER, and on platforms such as SharePoint, PTC Windchill, and BlackBerry Smartphones. [Top]
Is the clipboard (cut/copy/paste) enabled and intuitive? Liquid Machines is the only ERM vendor that enables the clipboard while protecting the data, and makes no changes to the methods the users employ to cut, copy, and paste. Liquid Machines persists policy control with the data when it is manipulated using the clipboard. If a user pastes protected content into an unprotected document, the unprotected document’s policy will change to match that of the clipboard source. [Top]
How does Liquid Machines revoke rights and keep local permissions in sync with those on the Policy Server? At each Windows login, during a periodic frequency configured on the server, or if the policy specifies “no offline” usage, the Liquid Machines agent performs a user-transparent poll to the policy server for policy and other updates. Liquid Machines also provides a client console utility, through which a user can manually poll for an update at anytime. Unlike some solutions that hard-code the policy in the document, Liquid Machines supports “dynamic policy updates” that allow for policy changes (i.e. add a new user to the policy, change rights to a specific role, or remove users and groups from a policy) without having to republish the documents. [Top]
Does Liquid Machines allow collaborative work on documents in progress, or can protection be applied only after completion? These two states are not exclusive, and Liquid Machines supports either model. The protection applied to the document does not depend on its current state (i.e. protection can be applied at “open new”, during authoring or at any point in the collaborative process, at save as, etc.). [Top]
How is policy administration handled? Do central IT administrators establish policies, or are they user-created? The Liquid Machines policy server is a web-based application designed to enable business users at any level or IT administrators with an easy to use and manage policy interface. Liquid Machines supports a delegated administration model, where business units can create policies and roles in support of their specific requirements. When used in conjunction with Microsoft RMS, the solution also supports end users defining custom permissions on documents on an ad-hoc basis. Liquid Machines, however, provides the enterprise with a choice if they want to turn on this level of functionality or not because empowering every employee to self-protect his/her documents can create a scale and security management problem for a large enterprise. [Top]
If common templates are created, can secondary or tertiary administrators make fine-grained changes? Yes, Liquid Machines provides delegated administration by policy, allowing a policy administrator to define a policy grouping and assign management ownership, while delegating secondary or tertiary administrators to make fine-grained policy changes. [Top]
What function does an identity-management system play? Liquid Machines integrates with Microsoft Active Directory (AD) and other LDAP systems automatically. This provides real-time policy creation and management, easily and transparently enabling users and groups from existing identity infrastructure for policy inclusion. Just as LDAP provides a central point of managing user access to central resources (i.e. back office systems, email, etc.), Liquid Machines policies are automatically updated when new users are added to or removed from the LDAP directory, enabling real-time access controls to corporate data. Users and groups in AD can be added to roles within a policy, allowing a granular rights management model to be deployed. [Top]
Can role and group mechanisms be used to address user scalability? Yes, Liquid Machines supports both roles and groups within its policies and, in fact, was the first vendor to deliver a roles-based rights management system [Top]
Can the ERM system complement an enterprise document-management/content-management (ECM) repository? Yes, Liquid Machines provides a framework for integration with ECM repositories through a published set of APIs. Liquid Machines integrates with the ECM systems to protect the content when it leaves the ECM repository (mapping directly to the ECM access controls and policy permissions). When content is checked in to the ECM repository, Liquid Machines decrypts the file, enabling the content to be processed by the ECM indexing and search engines. Additionally, Liquid Machines audit data can be merged into the ECM system for end-to-end compliance reporting. [Top]
How does the system integrate with e-mail and other messaging elements? Are spam or malware protections accommodated? Liquid Machines relies on Microsoft RMS to apply protection to email. When encrypting email communications is a business requirement, automated gateways from Liquid Machines make messages and their attachments available for anti-virus scanning, spam filtering or content monitoring tools to block malicious content or unauthorized distribution of information. The Email Control Gateway for Exchange and SMTP is the only solution that is flexible enough to decrypt RMS-protected messages for use by content scanning software and then re-encrypt them before delivering to their intended destinations. [Top]
Does Liquid Machines rely on the end user to apply a policy, or can the process be automated? Liquid Machines offers several ways to automate the process of protecting content. 1) The Liquid Machines Fileshare Gateway can be configured to protect files that are located in specified locations on the network. Different policies can be used to protect different locations or different file types within the same folder. Recursive protection ensures that contents contained in sub-folders are also protected. 2) Liquid Machines API’s can be used to integrate the policy protection and the policy creation process with existing workflows and automated systems. Examples include integration with content management systems, email archiving systems, or automated processes that generate large volumes of individual files. 3) Liquid Machines command line utilities enable system administrators to bulk encrypt or decrypt content which can be used to expedite the implementation process. [Top]
Does Liquid Machines provide the ability to partition multiple administrative tasks associated with managing policies and reporting? Liquid Machines’ administrative interface supports delegated administration at the policy level. Separate administrators can be defined for each policy on an LMDC server allowing them access only to the definition and maintenance such policy. A policy administrator also only has access to client logging data associated with those policies. A business process administrator does not have access to system level settings on the LMDC server. The overall policy administration is simplified by delegating management functions to individuals that are closer to a particular part of the business. This reduces overhead, dependency on IT support, and promotes compliance with segregation of duties requirements. [Top]
How is Liquid Machines licensed? Liquid Machines is a client server application licensed based on the number of named system users. For more information about how Liquid Machines can help you and your organization, email info - at - liquidmachines.com to receive a call from an account manager. [Top] |
