Despite efforts such as firewalls, filters and blocks on server ports, imperfect technologies can expose sensitive enterprise databases leading to the high cost of finanacial fraud.
In an effort to protect information assets and to consolidate critical records, many businesses have focused on centralized security with information contained and distributed by a single server or core network. The caveat with this way of thinking is that it relies on an old idea toward how business is conducted. The new paradigm of business revolves around a global or distributed network in which multiple computers, databases and applications can be interfaced to facilitate information sharing with speed and performance. Regardless of your size, reaching out beyond organizational boundaries to engage clients, partners, suppliers or other organizations is a necessity to sustainable business in order to meet on-demand service.
To mirror how business truly is transacted, Web-based applications and information systems that handle document management should be distributed and integrated with frameworks that weigh risk and benefits in how information is distributed. Unlike the concept of document security which is founded on centralization, information security can be more effective by using a de-centralization approach and placing encryption and security protocols within the distribution channels and documents, not just the hardware.
In securing documents, information is often classified and excessively constricted. The gap between the security risk and the benefit of allowing information flow for critical intelligence and effective business commerce is becoming greater. What's at issue is that the status of sensitive information outside of an organization is only getting murkier. Which is why MindShare HDV believes in the concept of decentralized document management in which you can realistically deploy, manage and scale security without loosing usability.
When usability is at stake, risky behaviors take over because it is easier to e-mail the information as example, versus go through a complicated, restricted document system. When this happens document management takes a back seat to operational needs. With a decentralized information system, a Web-based portal as example, information security is transformed by concentrating on the distribution channels, embedded data protocols that are adaptable and on the documents.
- Implementation of responsiveness to operational necessity
- Risk based on the type of access transaction
- Scalable security controls in accordance to compliance or sensitivity of information. As example with credit card processing, several rules or judgements are applied to evaluate credit worthiness. The process is not based on "yes" or "no" evaluations. There are levels or degrees of security.
- Definition of data, policies and procedures for handling information; audit trails
- Determination of document status
- Encryption of data in transit and at rest (storage)
- Application-level firewalls; intrusion detection and prevention
- Embedded access controls and protocols for data exchange
- Web/ URL filtering
- Data loss prevention, content monitoring and transaction logs
© 2004-2010 MindShare HDV LLC. All rights reserved.