posted 10 Mar 2008 in Volume 11 Issue 6
The last word
Secure your data - but share it around
Most implementations of content security and document management are lacking in the ability to balance harsh control versus open collaboration. Security is an important part of content management, but enablement for collaboration and business process is an equally valuable requirement.
Recent high profile cases involving the loss of sensitive data have no doubt driven corporate and public sector IT departments to enter new levels of lock-down and control, but in doing so, will they stifle collaboration and innovation?
Interestingly, when asked in more detail about the possible outcomes of a data loss, “identity theft of an employee or customer” was placed number two, after “operational disruption caused by missing data”. I suspect that few would have predicted the political fallout from the lost HMRC disks and the potential impact on support for the multi-billion pound National ID Card scheme.
One of the aspects highlighted from these losses is that ‘data-in-motion’ is much harder to secure than ‘data-at-rest’. Once removed from its relative safe house of application and network security layers, sensitive data needs a much more integral security system. Encryption is, of course, part of the answer, but also needed is a procedural arrangement that ensures such protection takes place, preferably a system that is managed by an automatic workflow system enforcing security measures on to data which is to be taken or published outside of the organisation.
Control or Share
Huge amounts continue to be spent on IT security, but all too frequently the questions are not asked as to who or what the data needs protecting from. In the AIIM survey, 70 per cent were concerned about “wilful intrusion from the outside” with only 42 per cent concerned with “accidental leaking from the inside”. The lowest level of concern, 33 per cent, was from “inappropriate sharing within the organisation” – although this rose to 58 per cent when we asked experienced records managers and compliance officers.
And it’s here we come to the rub. It’s easy to take a black-and-white view of data security. “Control and secure” comes the cry from IT and records managers. “Collaborate and innovate” say the business managers and policy makers. So we need to compromise somewhere along this continuum. The AIIM survey indicates in most organisations there is a balancing act between the two extremes. There is, however, a definite lean (33 per cent of respondents) towards the ‘lock-down’ view of security, versus the collaboration mindset (17 per cent).
This is perhaps a symptom of the fact that most current implementations of content security and document management are lacking in the ability to balance harsh control versus open collaboration.
As a further indicator of motives, we asked if the strategy would change if outside influences from regulatory or legal compliance requirements were to disappear. The majority of respondents, (62 per cent) stated that their strategy “would remain the same”.
To explore attitudes to enabling information for collaborative sharing, when we asked, “Which of the following is closest to your organisation’s perspective?” Thirty-eight per cent cited “to prohibit unauthorised use” – predominantly from external sources. Whereas a combined 47 per cent (perhaps seeing where the survey was leading!) are orientated towards “enable secure sharing and collaboration”.
In other AIIM surveys, we consistently find that providing an RoI (Return on Investment) is one of the major inhibitors to adoption of document management and enterprise content management (ECM) projects. Yet, when couched in terms of information security, there seems to be little necessity to provide it. Only 16 per cent cited it as a definite need, whereas most saw it as an unavoidable cost of doing business.
Tellingly, of those who did calculate an RoI, 75 per cent were unable to find an acceptable level of return, which of course is inevitable if you do not include a cost of failure factor indicating the potential outcome of a data loss. However, in view of the fact that it cost HMRC £2.25m just to send apology letters to the 25 million people whose data they lost, the costs of data loss or non-compliance proceedings can be substantial.
Alternatively, as we move along that continuum from control to collaboration, we would expect to see an improvement in efficiency and effectiveness of our staff. The challenge, of course, is how to put a price on that improvement.
Improvements in customer service, greater staff flexibility, tele-working and out-sourcing, less replication in document creation, and fewer operational errors are all potential benefits of sharing and electronically work-flowing documents. Steer clear of the ‘x amount of minutes required to find things’ argument, as it can stretch belief, but savings in time and travel for project coordination meetings, and speed up in project delivery can be both credible and substantial.
Security is an important part of content management, but enablement for collaboration and business process is an equally valuable requirement. We need to realise there is a balance to be made between locked-down security and easy availability if we are not to hamper our organisations with over-dominant restrictions.
Modern content management systems can move that balance point for different types of content with different associated risks, and can manage collaboration through shared documents, both within the organisation and with outside partners, customers and suppliers.
These documents will be stored in just the one place and with one version set, and they can be accessed through local applications or published for controlled access over the internet. These ‘documents-in-motion’ are not moving in the physical sense, and can then retain their original security levels, thereby reducing exposure to any physical loss or theft.
These topics will form part of the Roundtable sessions at the AIIM Roadshow ‘Solving Your Information Puzzle’ which will visit
To obtain a copy of the full 58-page market IQ report entitled ‘Content security – on the fulcrum of innovation and risk, e-mail the author at the address below.
Doug Miles is the UK Managing Director of AIIM Europe. AIIM is the Enterprise Content Management Association, and offers a range of education, training and marketing resources to ECM users and suppliers. For more information, please see www.aiim.org.uk. Doug can be contacted directly by e-mail, firstname.lastname@example.org