Online Document Management – Protecting Your Confidential Data
Some companies produce more documents than services or products. Business plans, contracts, RFPs and RFQs, financial data… it’s an endless list. Many are created and managed online via the corporate Intranet, but what happens when they need to be transferred or shared? Without an online document management system to protect the confidential data, how can managers be sure their information is safe?
Losing Control of Your Confidential Data
Whether big business or small, the marketplace has gone global; it’s so competitive, most businesses have to collaborate with, or outsource to, other companies for at least some of the processes. This means a large amount of your confidential data is going out the door– past the protective firewall and into the cloud.
At this point, managers face three big issues:
- With ISO certification, there needs to be strong document control procedures to keep it
- Complying with government mandates require document control, management and auditing
- Past the firewall, sensitive, confidential data is no longer safe.
Unless there’s secure online document management set in place, managers have lost control. There’s no way of ensuring or tracking who accessed certain documents. As well, it’s harder to track changes, establish/enforce retention policies, or speed through approval cycles.
Of course, there’s always the option of sending documents through postal mail, but there’s a reason it’s called “snail mail”. By failing to utilize the quicker, online resources now available, a business can easily fall behind the competition.
What is SECURE Online Document Management?
Online document management systems are a dime a dozen; it can be frustrating, finding one that covers everything. For example, Google Docs, MS SharePoint and Documentum are all document managers, but they require third-party add-ons, or risk information leaks. However, when it comes to keeping confidential data secure, you need a stronger solution. What does that mean exactly?
Here are a few questions to ask when looking for secure, online document management providers:
Does your management system allow role-based permissions?
“Role-based permissions” let you set viewing and access permissions based on the user’s role in the company. A “bottom level” employee probably won’t need access to as the same documents as a middle manager. That employee may only need to view some of the documents, rather than change, copy or share. In this case, a document can be locked against changes, deletion, copying or forwarding.
Can administrative control be limited?
Someone has to administer the system. Someone has to watch and make sure the system is running smoothly, the server is available and everything is in the green. However, do you really want this person peeking at your confidential data? Probably not. Being able to limit administrative viewing of sensitive information is an important feature to look for.
What type of user authentication is required to access the system?
Many systems require a single password and log in to access the documents. But passwords can be compromised, and often are. So, how is the password/sign in made more secure? With additional verification, such as a PIN sent by SMS, a smartcard or a certificate.
For example, you input your user name and password; the system then sends a randomized verification PIN to your phone. Consequently, anyone trying to sign in to your account must not only know your user name and password, but they also have to have your phone. This second step greatly lessens the chances of your account be compromised.
What security do you have in place for your data center?
The “cloud” is really nothing more than a cluster of servers, or a data center. Yet, it has to cover your needs for security. Therefore, the data center, just like your corporate Intranet, has to have its own security, including firewalls, virus protection and other protection. In fact, your provider should be able to guarantee compliance to security mandates with a high level of protection – which brings us to certification…
Is your data center ISO certified?
Yes, even document management providers need ISO certification (ISO/IEC 27001:2005). This certification assures that the provider’s data center meets the requirements for an Information Security Management System. In short, these requirements include things like ensuring cost effective management of security risks, as well as compliance with laws and regulations.
How in depth is the provided audit trail?
One of the most useful points of a document management system is the ability to provide audit trails; some systems do excellent jobs, while others barely touch the surface.
A strong, secure system not only allows you to set access controls, but also automatically monitors who has access, at what level. It monitors who viewed, sent or changed a document, and when. Finally, all of these events are captured in a tamper-proof, time-stamped audit trail with a digital fingerprint.
Online document management provides a three-fold solution: security, automatic auditing trails and access restrictions. You have complete control, and in today’s security conscious world, control is paramount.
At the end of the day, online document management ensures the integrity, and the safety, of your corporation’s confidential data. Set your fear aside, sing joyfully, and enjoy advanced, secure collaboration!
Stacy Gianakura writes for Brainloop, a company specializing in providing automatic security management to optimize the process of mergers acquisitions due diligence.