Logo Rob Buckley – Freelance Journalist and Editor

Document security: Safe words

Document security: Safe words

Choosing the right content management system is crucial to keeping your digital files secure. But it's only the first step. Rob Buckley reports.

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages

Security-conscious organisations will often set up a separate virtual local area network (VLAN) that integrates with Active Directory for their print and scan infrastructure, to ensure that no one can access anything other than the ECM, according to Paul Birkett, sales operations manager at Xerox Office Services.

However, technical superiority can lead many organisations to think they have their security bases covered at this point. Simon Harvey, technical marketing director of OpenText, argues that forcing users to add metadata at this point can be perceived as ”a burden“ that some will try to avoid. This will compromise audit trails that rely on this metadata. The only ways around this problem are training, reducing input time or some kind of incentive.

Stewart Mellor, a consultant for document management specialist Digital Vision, says that many companies with a scanning department have several staff who share one user ID to log into the ECM. ”With an incoming paper document, you won't be sure who the person ultimately responsible for the document will be.“

Some organisations might outsource the scanner process to another company. This provides both integration and security problems in their own right. Will the third party need access to the ECM? How will the connection - and the documents - be secured? How will metadata be added?

Inbuilt security measures
Once within the ECM, security will usually be good. Many models store files within a standard NT file system; others as binary large objects within a database. Access to the files and database will be via login and password, with permissions on each document linked to particular users, groups or roles. Often the ECM will store an ID and password for each user; this will typically alias the user to another authentication system, such as Active Directory.

This approach isn't foolproof, however. Digital Vision's Mellor says that companies will often change their Active Directory's domain names, only to find that users can't access documents any more. Equally, changing the user ID and password in the ECM will prevent the use of a single sign-on.

Physical security, through encryption of the server hard drive, is available as an option in most ECMs, although many rely on a third-party solution for encryption. OpenText's Harvey cautions against using encryption as a rule since it slows down access to files. Meanwhile, Ijzinga insists that the performance loss isn't great and is typically not something most organisations are concerned about in an ECM.

For extra protection, some ECMs will hide where they store files by altering filenames or locations, either natively or by using the content-addressed capabilities of something like EMC's Centera. This gives the document a new name based on its metadata. If someone changes the file, the name changes, making it obvious when alterations have been made. However, a suitably skilled system administrator can circumvent this in some cases by interrogating the system to find out the new name for the file.

Despite these potential holes, security tends to remain strong within the ECM itself. Yet, few organisations operate in a way that allows them to keep all their documents in the ECM at all times. Documents may have to be worked on outside the office and sent to people in other companies. As Stuart Okin, a consultant at Accenture, points out, simply printing a document will create a copy that no longer lies within the ECM. ”It's usually the simple stuff that causes the security problems. Some people will have implemented a great document management system. But they'll print stuff and leave it on their desk.“ Education and awareness are key, he says, with some fairly simple options going a long way. ”You can put a big sign over a printer with 'Who's standing behind you?' on it.“

Too many cooks ...
Okin also warns that as, collaboration between partners increases, new issues will arise. ”You can assume there's an all-embracing document management that will keep everything totally within your security domain. But quite frankly, they didn't even have that when building the Euro Fighter.“

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages

Interested in commissioning a similar article? Please contact me to discuss details. Alternatively, return to the main gallery or search for another article: