To prevent data leakage, a company needs a multi-tiered approach that starts with basic perimeter security to prevent outside access. It’s also important to consider that many breaches occur from within a company. The best way to elude these leakage problems? Document management software. It is hands down one of the best deterrents to data loss.
Document management software imposes a set of access privileges over all data, and likewise enforces order over where it is stored. It’s primarily implemented to organize and facilitate easy search and retrieval, and luckily, improved security is a natural result of this. Although it is not positioned as security software, document management software is a security “must” for any environment that has a large number of documents to control.
One of the biggest problems that result in internal breaches, whether they are intentional or unintentional, is broad privileges or lack of access control. Document management software is enormously useful, but to make the most of it a company must also take advantage of its access controls. Giving end users access to more privileges than they need is a recipe for disaster, and it’s a common practice that results from a combination of lenient policies and employees that demand more access than necessary. For individual end-users, there is seldom any need for broad privileges like this; and even for super-users and top management, access should be allocated judiciously and evaluated on a regular basis with a review of who has privileges and whether it’s justified.
Most document management software will have a system for access control, proper use of which will prevent problems related to broad privileges. Documents, databases, or groups of documents can be controlled by regulating access and granting access on an individual or role-based model. Caution should be taken here to prevent unnecessary broad privileges and to enforce access control policies and procedures with standard best practices, such as complex passwords that are frequently renewed.
Check-in/check-out tools area an important component of access control and document lock-down, which requires that an individual “check out” a document by providing identity information.
Unintentional Information Leaking Out
Document management software allows for multiple revisions which are tracked, with revisions often including comments and notes from multiple participants. Those comments are usually proprietary, and unintentional leakage of those comments can cause a potential embarrassment to the company. Document management software should include facilities to prevent leakage of unauthorized drafts by including an approval routing process.
In addition to imposing an access control system, document management software also creates an audit trail—another essential part of security and a mainstay of compliance-related issues. Maintaining an audit trail will show who accessed each document and when and what the individual’s authorization level may have been at the time. The audit trail is invaluableand can also form the basis of detailed management reporting. In addition to providing reports for compliance purposes, it can also be used in forensics to determine the source of a breach.
Document security will also be contingent upon the retention period, and document management software can impose controls to ensure that a document’s lifecycle is rigorously enforced. One cause of security breach is easy access to outdated or archived documents that may have been moved to tertiary storage which may lack the more rigorous access controls of primary storage.