Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
The Three Most Important Features of a
Document Management System
:

Security, Security, and Security

Document management...
A recent comparison stated
that more video is uploaded
to YouTube in one month
than the three major U.S.
networks created ...
The reality is,
however,
companies are
losing control over
all their key data
and need to
proactively reduce
the overall r...
users have access, and the type of access
allowed.
Regulate and monitor user-specific access to
files: Similarly, just bec...
element of the corporate diligence. Proactive
reporting by the contents management system
can help ensure files are secure...
not as straight forward. Access to each webaccessible application needs to be changed, and
certainly any corporate assets ...
employing network file shares works best (e.g.,
Windows Explorer or SharePoint). When users
want to distribute their files...
Upcoming SlideShare
Loading in …5
×

The three most important features of a document management system

376 views

Published on

Security is the most important aspect in selecting a document management system, especially if you are providing mobile access

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

The three most important features of a document management system

  1. 1. The Three Most Important Features of a Document Management System : Security, Security, and Security Document management systems provide many benefits to organizations, but perhaps the most important in today’s world of exploding data is the improvement in file security. IT departments are looking for better ways to safe keep important files, especially with increasing mobile access.
  2. 2. A recent comparison stated that more video is uploaded to YouTube in one month than the three major U.S. networks created in 60 years. DropBox is currently adding a billion files per day to its storage. Certainly, individuals have embraced video and audio files, and the need to store and access them. Similarly, corporations have had to store massive numbers of email files and website objects and code. To accommodate storage of all these digital files companies have moved from Optical Disks, to Storage Area Networks (SANs), to NetworkAttached-Storage (NAS), to File- and Object –Based Storage (FOBS). The availability of faster and cheaper storage for information has also promoted the growth in digital files. 1 Provided by eQuorum | Security is paramount in today’s world of information sharing and distribution and mobile device access; how to secure corporate files depends on how they are being used and by whom. The Digital Data and File Explosion Over the last few years we have seen an explosion of technologies such as mobile, social media, and big data. The data and files supporting these technologies have exploded as well, both in the number of units and variety of types. Companies now have to not only manage standard documents in formats like Word, PDF, and HTML, but files supporting CAD, databases, graphics (2D and 3D), scripts, audio, video, email, virtual machines, webpages, and other applications. We have also seen an avalanche of channels and devices for delivering this content, including PCs, mobile devices (small and big), 3D printers, voice based, and robots. The value of digital information is now driving enterprises, outpacing legacy computer systems as the primary producers of productivity. The pace of assimilation a company takes towards digital information will dictate their competitive position over the next 20 years. (A recent study identified that going digital reduces overall costs by 9 percent by replacing labor-intensive activities with software supported activites through full automation or through improved productivity of individual workers.) Digital must become a top agenda item for executives. File Sharing and Security There are many benefits from implementation of a robust document management system (or a contents management system, as we will identify it going forward). A key element is certainly the securitization of important corporate assets – your digital files (the organization’s intellectual property backbone).
  3. 3. The reality is, however, companies are losing control over all their key data and need to proactively reduce the overall risk that digital files are used or distributed by unauthorized users In today’s world of ever greater information distribution, the encouragement of collaboration using information, and the increased utilization of free file sharing services, the greater the risk some information will not be controlled and lead to downsides for the company. Security incidents can be as simple as the loss of a laptop or smartphone that maintains corporate files, to the employee who leaves taking confidential files, to the complex hacking of the IT infrastructure to gain access to files and systems. The reality is, however, companies are losing control over all their key data and need to proactively reduce the overall risk that digital files are used or distributed by unauthorized users or are modified or corrupted, either intentionally or accidentally. Security Levels There are many ways to secure your files, from infrastructure intrusion detection systems to robust document rights management software. There are also some fairly simple policies and applications that can be deployed to substantially improve file safekeeping:       Require a login to gain access to the file system Reduce access to files by their type Regulate and monitor user-specific access to files Maintain and monitor version controls for all files Maintain good audit trails of whom, what, and where for a file Encrypt and track files that get outside the corporate network. Require a login to gain access to the file system: It sounds self-evident, but any application or system using any corporate files 2 Provided by eQuorum | needs to have a secure login. When signing into most corporate networks using Active Directory (AD) users sign in once. However, this still does not ensure applications on the network are AD compliant. And certainly accessing systems through smartphones and tablets, which typically are not AD compliant, by logging onto the device is simply not good enough. The easiest way to ensure users login to get to files is to maintain an AD compliant contents management system that also requires a secure login from any mobile device. Reduce access to files by their type: Something you don’t get with Windows file shares is the ability to easily restrict file access by type of file. Some files just shouldn’t be accessible to anyone but their primary users. (You don’t allow compensation data for any employee to view, why are internal design and product information files open to broad groups of employees?) Every file maintained by the corporation should have restrictions on which
  4. 4. users have access, and the type of access allowed. Regulate and monitor user-specific access to files: Similarly, just because a user has access to a file doesn’t mean he should have “unfettered access.” All files should be restricted, by specific users or user groups, in:           Online versus offline viewing Downloading, either to a computer or mobile device Printing Cut/copy and paste Screen capture Emailing and emailing as an attachment Opening with a third party application Number and frequency of downloads Geofencing for mobile access Access to expired files (if applicable). Maintain and monitor version control for all files: One of the sneaky security potholes is the continual saving of files over their previous version. So although users may not intentionally be deleting key information, they are doing it accidentally. Worse is when employees make changes to documents they think are current but are not as they are saving to local copies instead of the public share. Mobile users with local cache do this all the time without knowing they are using old versions of files. Though many systems have weekly or daily backups, the files being backed up are only the ones on disk at the time of backup. Keeping previous versions ensures files are always current and changes can be restored, if necessary. This also prevents users from deleting files and losing lots of work. (Like this hasn’t happened to you at some time.) 3 Provided by eQuorum | Employee Consumerization Use of tablets and smartphones has exploded, and employees expect to be able to use these devices to connect and work with their daily applications, just as they would at their desk. Unfortunately, legacy systems are not prepared to interface to many of these devices, either because they don’t recognize the web browser or have screens designed for much larger viewing areas. Installing a mobile accessible content management system provides both immediate access to and security for legacy files and systems. Synching files across multiple servers also allows for access by multiple users at the same time, in different locations, across computers/devices while making sure all users are working with the most current files and everyone’s changes are captured. Maintain good audit trails of whom, what, and where for a file: Regardless of the security provided by the contents management system, the administrators still need to be prudent business managers and monitor the corporate assets. Good management systems record every event associated with every file, including opens and downloads. Reports of activity metrics often reveal unusual patterns of usage that help suggest insecure conditions. Knowing who is accessing the files and monitoring user behavior is an important
  5. 5. element of the corporate diligence. Proactive reporting by the contents management system can help ensure files are secure and the system is “locked down.” Encrypt and track files that get outside the corporate network: Currently filling one of the typical file security gaps is relatively easy, yet many organizations fail to institute the simple protocol of forcing all connections with servers to use SSL certification. Especially with mobile devices, forcing SSL connections guarantees privacy during the transport of the file from the server to the device. (eQuorum goes further and only sends file images, leaving actual files on the server.) To some extent, files will always be allowed to be downloaded to users. Once outside the corporate contents management system the files still need to remain secure. Encrypting downloaded or offline files (typically using AES 128/256 encryption) make sure these files are difficult, if not impossible to be viewed or printed. From time to time files are left open on users’ machines or tablets so additional covert measures are required to track those files that go astray. Earmarking files with covert code allows administrators to track files and see who is opening them and where. Using IP address ranges to establish virtual geofencing is a good way to identify wayward files. Corporate Network vs. Mobile Access Many companies have established formal policies and even some software to protect their network based files (those files on network drives or associated to applications running on corporate servers). Using LDAP 4 Provided by eQuorum | (Active Directory services for Microsoft), users are permissioned when they log onto their corporate network. This authentication usually defines what areas of the network the user is allowed into and what applications they have access to. Many organizations feel this is sufficient control to minimize risk of unauthorized users. More often than not, however, today’s IT either hasn’t implemented full LDAP or only uses authentication for user sign-in (i.e., once signed in you have unfettered access to any unsecured shares). Access to corporate applications via mobile devices, however, adds additional exposure for loss/pilferage of company files and information. First, LDAP systems don’t work with mobile devices, so users have to sign-in to each corporate application separately. Many devices offer to save these passwords, but unless the login is encrypted it remains available on the device, thus un-securing the applications. In addition, many mobile based applications, including email, are not secure, and with more and more employees using their own mobile devices this is allowing any downloaded or transmitted files to be poached; especially if the downloaded files are cached on the device. (For mobile applications that allow offline viewing of documents or emails, the device is storing [caching] the file, and invariably this file is not encrypted or locked.) Securing Corporate Assets Post-Departure: When an employee leaves the company, one of the first actions is to lock their computer and release their authentication in the network, preventing unwanted access. But if the access mode is a mobile device or home laptop (especially if owned by the employee) then it’s
  6. 6. not as straight forward. Access to each webaccessible application needs to be changed, and certainly any corporate assets maintained on the device are at risk. If the corporate files were managed by a securing contents management system then simply deauthorizing the user restricts all access to corporate assets. In addition, documents maintained offline can be locked and access reported back to the corporate administrator, if the device has appropriate securing software. Earmarking files can ensure users’ access is monitored and managed, even when offline from the corporate contents management system. Client-based Software vs. Web-Based Systems: Today, corporate IT has two options when it comes to securing corporate files, client-based software and web-based systems. Client-based software requires appropriate software modules be “pushed” or installed on the users’ devices, including their office computer, home laptop, tablets, and smartphones. The installed software provides a security blanket around the local applications (including email) and files. This gives the organization the capability to stop inappropriate actions at the device level. But it also requires keeping up with the multitude of device types and platforms. (One current provider touts they support 11 different platforms.) In addition, keeping the client software up-to-date requires substantial effort and discipline. Web-based systems, like eQuorum’s ImageSite, secure the files at the source, stopping inappropriate actions when they concern the files (the contents or data, after all, is really 5 Provided by eQuorum | what is important, not the fact that someone can simply gain access to a system). Moreover, updates to the system occur once, on the contents management system server, extending out to all accessing devices. (Much like SaaS software, where a single update affects all users simultaneously.) What Is The Best Way to Secure Your Files? Decide where the files should be kept: Many IT organizations feel uncomfortable allowing any files outside the corporate firewall, in the cloud or on outside file sharing services. (See To The Cloud Or Not To The Cloud white paper, by eQuorum, for insight on moving files to the Cloud.) If files are to be maintained within the four walls of the corporation then access by users outside the network becomes more complex. Traditional solutions like VPNs or desktop sharing software require reasonable IT oversight and are inconvenient for users. Without a secure connection into the corporate network, users present substantial exposure for data loss or corruption, both from accidental access and intentional hacking. If access to files is needed outside of the network, then making sure files are secure, accessible, and synchronized is important, demanding the use of a proactive content management system. Allowing the use of available cloud file sharing options is inexpensive and easy, but does not ensure the level of control and security needed for corporate documents and assets. Establish if employees need their own folder for documents: If employees only need a place to store their files without any significant security concerns or sharing requirements, then
  7. 7. employing network file shares works best (e.g., Windows Explorer or SharePoint). When users want to distribute their files, they either email the files as attachments or move a copy into a public share. But if access to these files is needed for vendors, contractors, or customers, possibly containing confidential corporate information, or is by mobile devices, then this approach is not suitable and more active securitization is needed. Determine how important mobile access is to corporate files: Though mobile access to corporate and personal files is becoming more prevalent, it is not yet mainstream, and many organizations are just now thinking about their mobile strategy. For those organizations, securing files is all about network access and control of laptops. Adding a content management system is an additional layer of security, especially one that allows tracking of file downloads and file opens outside of the network. For companies committed to expanding mobile access, it is critical that a highly secure content management system be put in place to regulate and monitor use by devices outside the corporate LAN. Summary The era of Big Data is here, and that includes the exponential growth in the number of files being created, maintained, and distributed. The corporate IT department is the last line of defense to ensure these files are secure and the most important asset a company has – its intellectual property – is safe and available. There are many means to secure files and file access, each meant to defeat the use and abuse by unauthorized users (and sometimes just stupidity by authorized users). Security of files differs based on if the files are only for access through computers residing on the corporate network (or through VPNs) or need to be retrieved by mobile devices. With the increase in BYOD (Bring Your Own Device), the level of complexity increases substantially due to the volume of devices and the number of different types of equipment. Determining the best way to secure corporate files also depends on where the files reside, if employee folders are maintained, and the degree to which mobile access is required. To differing extents, the use of formal content management software improves file safekeeping and eases the burden on IT. eQuorum is an engineering content management software provider offering cloud, on-premise, and hybrid solutions for companies with a large number of files, files types, or locations. Its solutions have been utilized over the last 15 years by some of the country’s best known manufacturing, engineering services, and utility companies, as well as major universities and government agencies. 6 Provided by eQuorum |

×