Document security: Safe words
- Article 8 of 33
- SC Magazine, March 2007
Choosing the right content management system is crucial to keeping your digital files secure. But it's only the first step. Rob Buckley reports.
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages
To deal with this issue, organisations need to adopt measures for mobile security, such as encryption of laptop hard drives. They can use the capabilities of more sophisticated ECM systems to use some applications' own security features. Office documents can be password-protected and time-limited, for example, when the user checks the document out of the ECM.
Companies that worry about security and need a detailed audit trail once a document is outside the system might have to think about digital rights management (DRM) technology. ”The majority of documents are on desktops, laptops and mobile devices,“ says Martin Lambert, CTO of information rights management at Oracle-owned Stellent, one of the vendors in this space.
”For all you know, 5,000 people might have accessed the file.“ The company's DRM software encrypts documents and embeds URLs that point to a Stellent information rights management (IRM) server. Anyone who wants to view an encrypted document will then need to install the Stellent IRM desktop agent, which can decrypt the document if the user has sufficient privileges.
However, an enterprise-wide DRM deployment can cost hundreds of thousands of pounds, so it's by no means the solution for everyone.
Archiving is the final part of ILM and this has its own security concerns. There are many horror stories of organisations that needed to restore from back-up, only to find that their tapes had been lost by their storage company - or worse still, swapped with another client's. Encryption is normally the best way to prevent lost media, whether that's a tape, a WORM disk or a disk, proving to be a security problem. Again, organisations need to consider who has the encryption keys and where they should be stored.
Although it's tempting to think that a document management or ECM system is be the solution to any document security concerns, implementing one will raise its own issues that need just as careful consideration. No document management system will ever provide 100 per cent security, but reducing the associated risks is something that any IT or security manager can do with careful planning.
CASE STUDY - COOL DIAMONDS
Online jeweller Cool Diamonds takes security very seriously, and this is reflected in the company's approach to document management.
”We have a whole series of systems,“ explains CEO Michel Einhorn. To gain physical access to the data stored in the document management system requires several authentications. ”You need to pass two armoured doors. The first requires a card and a code, the second fingerprint authentication and another code. It's all armoured to withstand a rocket-propelled grenade.“
The only computer that has access to the document management system for both data entry and retrieval lies behind the doors. Six branch offices have access via a VPN, but the computers needed to access that are behind similar physical security measures.
The document management system itself contains data such as credit card information and client purchases, as well as scanned paper documents. The company commissioned a bespoke system. ”We didn't find anything that fitted the way we worked. So we designed the system around Linux, since I have zero confidence in Microsoft,“ says Einhorn. Under advice from a member of the Israeli army, particular attention was paid to ensuring access from outside the firewall was impossible.
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages