Request a demo

How Well Does Your ECM System Protect Sensitive Information?

When it comes to securing your company’s valuable documents and confidential information, it’s not enough to focus on thwarting intruders and cyber attacks. How Well Does Your ECM System Protect Sensitive Information?

Your own staff may unwittingly put your business information at risk by storing it in vulnerable cloud systems and on mobile devices, according to a recent whitepaper by AIIM. The solution for many organizations is to implement rights-based security through a digital document management or enterprise content management (ECM) system.

“It has long been realized that encrypting content at rest, and particularly content in motion, is the only way to secure sensitive and potentially damaging content,” according to the AIIM report. “But suppose that instead of building protective walls around places where sensitive documents are held, we embed security into the document itself?”

To understand how an ECM system secures your company’s business documents and data, it’s important to differentiate between securing access and data safety.

Protection From Unauthorized Access

Employees in a typical organization (and knowledge workers in particular) deal with complex processes and are subject to a variety of rules and regulations. To carry out their everyday tasks, they need authorization to use particular resources, such as document and IT functions. Rights management uses a set of restrictions to ensure that only authorized personnel have the right to do certain things — such as viewing or editing a document — while maintaining transparency for everyone.

Your ECM system should include a well-refined rights system for accessing documents across user, group and role levels. In a good system, you would use flexible filter functions to define access down to each individual document. It’s also possible to adjust certain actions – such as read, edit, markup, export, etc. – for even more detailed control. For particularly sensitive data, look for an ECM system that allows you to switch into a high-security mode in which documents are further encrypted, so that they cannot even be accessed by a system administrator.

Communication through the Internet, from browser client to the server as well as various document management components, is secured via HTTPS and SSL protocol.

Protection From Data Loss

Backing up your data is essential to protect your business in the event of a fire or flood that damages your office and on-premises servers. But it’s not enough to simply have a backup copy of all of the documents in your ECM system. If you don’t also have the databases and index criteria, you’re left with an undifferentiated mass of documents, and no way to find what you need.

Most ECM systems store documents and index criteria in the same database, which tends to adversely impact speed and performance, or they use proprietary systems that keep your company reliant on their product. A better approach is to use universal data formats instead of proprietary systems, and secure index criteria in databases that are separate from the actual documents. This allows your company to use basic backup solutions to back up both the documents and the databases.

Other data safety strategies to consider include duplicate index data and archive replication. In the rare event of a database error, duplicate index data makes it relatively easy to restore the database. With archive replication, a parallel archive is placed somewhere in the world and regularly synchronized with the main archive. This strategy offers enhanced security should an entire ECM system fail or suffer damage. Another option would be to transfer documents to external hard drives or DVDs as self-running archives that include the database and a search application.

In conclusion, access security ensures that only authorized users are able to access a given piece of information, while data safety protects against data and document loss, as in the event of a natural disaster. Both are essential for guarding your company’s information, and are often necessary to comply with government and industry regulations.

Does your ECM system contain hidden security risks and inefficiencies? Find out by downloading our free whitepaper, 7.5 Signs Your Document Management Needs An Overhaul

7.5 Signs Your Document Management Needs An Overhaul