• Home
  • About Us
  • Contact Us
  • Privacy Policy
  • Special Offers
Business Intelligence Info
  • Business Intelligence
    • BI News and Info
    • Big Data
    • Mobile and Cloud
    • Self-Service BI
  • CRM
    • CRM News and Info
    • InfusionSoft
    • Microsoft Dynamics CRM
    • NetSuite
    • OnContact
    • Salesforce
    • Workbooks
  • Data Mining
    • Pentaho
    • Sisense
    • Tableau
    • TIBCO Spotfire
  • Data Warehousing
    • DWH News and Info
    • IBM DB2
    • Microsoft SQL Server
    • Oracle
    • Teradata
  • Predictive Analytics
    • FICO
    • KNIME
    • Mathematica
    • Matlab
    • Minitab
    • RapidMiner
    • Revolution
    • SAP
    • SAS/SPSS
  • Humor

Five tips for a foolproof content security policy

March 12, 2016   BI News and Info

A content security policy that is too strict will be destined to fail, as end users are sure to look for ways around…

Sign in for existing members

Step 2 of 2:

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

inlineReg Test4 safeHarborLogo Five tips for a foolproof content security policy

them — but inadequate document safeguards can be an even bigger problem.

With that, ensuring that documents, and the systems that store them, are secure takes a thoughtful approach to ensure that information is safe and that people can work efficiently. Leveraging automatic permission settings, allowing exceptions, maintaining proper authentication policies and protecting documents that leave the system are all important aspects of content security that every organization must take into account.

The following are five ways to ensure that your content security plan strikes the right balance:

1. Make security transparent.

IT admins need to be sure security is automatically applied when documents are created within the system. This is important because people rarely apply security consistently, if at all. What’s worse is when someone decides to not place a document in the system because they don’t have time to set the proper metadata or permissions. “I’ll take care of it later” is the greatest lie people tell themselves in information management.

There are several simple methods for creating security settings for documents. Permissions can be automatically assigned by:

  • The person who creates the document.
  • The type of document (e.g., budget or contract, among others).
  • The location in the repository where the document is stored.
  • Business rules defined in the system that take multiple factors into account.
  • A workflow that assigns permissions according to the actions taken within the process.

Once set up, these methods ensure that every document is assigned a minimal level of security. When multiple rules apply, a default hierarchy can be readily defined to allow one rule to override another.

For instance, a contract may be stored in a location that dictates strict access controls to prevent tampering, but allows anyone to read the final version of the document. A business process may exist to override that default when it places draft documents in a location that allows versioning, but prevents any unauthorized staff from accessing the contract until it has been fully executed.

2. Make content security easy.

Employees try to bypass built-in controls because they need to share documents with others. This occurs because of an overly strict content security policy or an inability for staff to modify permissions when there is a valid business reason.

The mistake that many organizations make is allowing management and IT to define the security rules.

Using the previous contract example, if a contracting officer needs an opinion on a contract clause before signing, he would need to share it. Ideally, he could grant permission at the same time. Less ideally, he would first grant permission and then share it. Worst is a complex process where eventually the contracting officer may determine he cannot share the document from within the system, so he makes a copy of it and sends it via email. How secure is that document now?

If it is too difficult for people to manage to the exceptions that the default security rules create, employees will work outside the system. That eliminates all the benefits that are derived from a content security policy in the first place.

3. Know who is who.

Convoluted password requirements or repetitive security hurdles push people to move their work outside corporate IT systems.

Two-factor authentication is a powerful security tool and is highly recommended for clouds and for virtual private network authentication. Allowing users the flexibility to set up multiple options for the second factor is the best way to make two-factor authentication work for everyone. For example, text messages are ideal for many, but when traveling internationally, staff may prefer to have the code emailed to them to avoid expensive international charges.

Once a system is secured, it is important to make sure that everyone has access to it, so documents can be shared with teams. Anyone who needs to collaborate on information needs to have access.

4. Information rights management.

What happens when a document leaves the organization? That is a question that information rights management (IRM) addresses. The concept is that each document is secured and can be viewed only if a person has been granted explicit permission. Historically, this has been done with a custom file type that required a viewer or plug-in to view. The system would query the original system to answer:

  • Is this person permitted to open the document?
  • How many times can this person view the document?
  • Is he allowed to print it?
  • Has the document expired?

The goal is to allow external recipients to view the content, while making sure access rights can be changed at any time. The key requirements for distribution are periodic connectivity and active decisions by the people sharing the document. There are important use cases for IRM, but it should be restricted to only the most sensitive documents that are shared externally for which the reasons for that security is clear.

5. Balanced document security.

The mistake that many organizations make is allowing management and IT to define the security rules. This results in information being so secure that employees want to bypass systems to work with content. Only the people who work with the documents every day know all the exceptions to the default security rules that legitimately happen.

The goal is to find the balance between protecting the organization’s information while allowing people to easily do their work. This is a delicate balance, but it’s one that can ensure a secure and productive environment for document collaboration with the help of a content security policy.

Let’s block ads! (Why?)


ECM, collaboration and search news and features

Content, Five, foolproof, policy, Security, Tips
  • Recent Posts

    • Kevin Hart Joins John Hamburg For New Netflix Comedy Film Titled ‘Me Time’
    • Who is Monitoring your Microsoft Dynamics 365 Apps?
    • how to draw a circle using disks, the radii of the disks are 1, while the radius of the circle is √2 + √6
    • Tips on using Advanced Find in Microsoft Dynamics 365
    • You don’t tell me where to sit.
  • Categories

  • Archives

    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • March 2020
    • February 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    • December 2016
    • November 2016
    • October 2016
    • September 2016
    • August 2016
    • July 2016
    • June 2016
    • May 2016
    • April 2016
    • March 2016
    • February 2016
    • January 2016
    • December 2015
    • November 2015
    • October 2015
    • September 2015
    • August 2015
    • July 2015
    • June 2015
    • May 2015
    • April 2015
    • March 2015
    • February 2015
    • January 2015
    • December 2014
    • November 2014
© 2021 Business Intelligence Info
Power BI Training | G Com Solutions Limited