The Bread and Butter of Data Security
Cyberspace Rules Revisited
For large corporations, best practice recommends installing software restricting access based on entity, department and document level as outlined below.
1. The entity rule: ensure the software can ‘group’ employees to allow easy access to information.
Organisations can use software to ensure the correct levels of access are allocated through the use of ‘groups’. The use of grouping provides ease of process management ensuring each employee is not provided access outside of their remit. The process of managing access protocols to a group of employees is far easier than managing each individual, and less prone to faults, ensuring continuity across the whole organisation. Additionally, the correct use of this system guarantees user level employees are easily defined by specific requirements, which assists the process of ensuring access is managed throughout the time of employment, and most importantly, once employment has ceased. This entity rule of tailoring group access creates data security peace of mind across the whole organisation.
2. The department rule: ensures that only the correct people from each department have visibility of information relevant to them.
Applying the entity rule to each department will ensure relevant employees have access and visibility to department information. A prime example of this rule is access within a human resources department, a department that exists in nearly every organisation and generally has some of the largest requirements for internal security. Systems allowing for restriction of access to areas of your network ensure this is correctly managed. As with the group-based system, this simplifies the process of managing access to each department’s information. For many systems, the added advantage of a zero visibility of items outside of an individual’s access assists in reducing the curiosity around information they can’t see. The use of the department rule provides compliance to each internal department’s unique requirements, regulations and policies.
3. The document rule: safeguards individual document control and incorporates an audit process to maintain secure data protection
The ability to utilise software to control access to documents provides confidence, but knowing you have the ability to control the ways in which an individual can interact with individual documents provides certainty. This allows for improved compliance, process management and data quality within your corporation. Individual document level access also provides an audit trail to identify the access and use of each document. Tracking user patterns at a document level provides visibility on user patterns and provides insight into process. The accuracy and ‘searchability’ of metadata against each document is critical to the ongoing use of any document management system. The document rule allows the organisation to track, manage and improve current information and access; providing confidence in the metadata captured against each document.
When adopting an ECM system, careful planning and the precise identification of each department’s requirements is critical to success. Once you have identified your organisation’s requirements you will then be able to accurately access which ECM system will work best for you and your organisation.