Document Management
The Truth About Data Security in Document Management Systems
The term ‘document management system’ generally refers to the suite of software used by enterprises to quickly store and easily retrieve documents from a virtual cache. However, the spate of security breaches over the past couple of years has thrown the focus over to data security. The use of high secure storage and transmission features is no longer considered a differentiator among the various document management systems available in the market. Today, it is considered among the basic essentials.
Cloud Storage
Contrary to popular perception, the spate of high profile security breaches over the past few years has only made cloud storage services more popular than before. Last year, the email login and password details of over 68 million Dropbox users went up for sale on the darknet. But instead of bringing down the number of users migrating to the cloud, news items like these help more enterprise users become aware of security protocols like SMS or USB security key based two-factor authentication mechanisms that can make their systems more secure.
The general consensus is that in-house hosted storage solutions are a lot easier for hackers to breach compared to cloud based systems. Also, since most of these services are managed, the deployment of security protocols like 2FA can be done with just a couple of clicks. An IDG study estimates that at least 43% of enterprises today are in the process of migrating to cloud based data storage systems in the next 12 to 36 months.
Virtual Data Rooms
A lot of data sharing and collaboration in the workplace happens with in-house team members. But a significant chunk of this collaboration also happens with third party users. The risks associated with document management are significantly higher when data is shared with external users. Businesses that are in the process of raising funds, or performing third party audits or due diligence, should seek a service that permits secure storage and sharing of critical and confidential corporate data.
Unlike traditional data rooms like Merrill Datasite or Intralinks, virtual data rooms are significantly cheaper but come with sophisticated security features like advanced encryption, multilevel authentication, watermarking, blind view and user-access controls that make document management and sharing secure and effective.
Security Features to Look For
By now, enterprise users have come to terms with the fact that data breaches over the cloud (or hosted services for that matter) may be likely at some point in time. The focus has now shifted from investing in resources that prevent data breaches (like anti-virus or spyware) to resources that prevent proliferation of critical data in the event of an attack. In other words, enterprise users seek solutions with features that prevent access to critical information, even when login passwords are available to an unauthorized user. Here are some examples of these features.
Multi-factor authentication
This has by far been the most popular strategy to fight situations where login/passwords get leaked. Multi-factor authentication using SMS, access IDs or biometrics ensure that login credentials alone are not enough for unauthorized third party users to access confidential data.
Watermarking
Detecting the source of a leak is as important as plugging the hole. Watermarking features on enterprise document management systems create a unique copy of every document that is viewed or downloaded from the central server. These watermarks may contain some or all of these pertinent details like the computer/IP address that the document was accessed from, the timestamp and most importantly, the user account from which the document was downloaded. This helps security analysts pinpoint the source of the leak efficiently, protecting the company from repeat attacks.
Access Controls
Sometimes, no amount of watermarking or MFA can actually prevent a document from getting into the hands of an unauthorized third party user. Access controls protect enterprises in this scenario. There are two types of access control management. The passive access control tools allow the document owner to restrict access of documents to a specific subset of users. This way, any breach of the server protects the encrypted documents from being exposed to a hacker. However, this technique may still come short if hackers gain entry to one of the authorized user accounts.
Active user access controls fix this problem by putting the onus of granting access to the document owner. In this scenario, any unauthorized user will be forced to request access from the document owner, who can choose to prevent access. This still presents a risk in the event of the document owner getting their account breached. However, the impact of such an event could be minimized by setting email or SMS notifications to the document owner, as well other project stakeholders who may take remedial action in the case of a breach.
Truth be told, no technology is one hundred percent secure. The battle with hackers is a cat and mouse game. Document management systems have been innovating on security and features as those mentioned above to ensure that enterprises are secure and protected from data breaches.
Photo courtesy of Pexels user Life of Pix.
- Consultant
Anand Srinivasan
Expert in Cloud and Network Consulting
