No matter how secure digital information is inside a corporate network, it is typically open season once it travels outside a firewall. Even with advances in network security, most organizations have little control over digital documents that move beyond protected networks. Document recipients can copy, cut, paste, print and forward information at their discretion. As many executives have learned the hard way, labeling a document “confidential” does not protect the information in it.
The impact of leaked information—whether accidental or intentional—can be dire. Major corporate announcements can go from assets to liabilities if information is made available to the wrong people at the wrong time. Loss of confidential customer data can lead to wide-scale identity theft and legal trouble, damaging customers' finances and a corporation's reputation.
Securing and controlling information is top of mind for business executives. Fortunately, technology advances are providing companies with greater control over sensitive information, no matter where it is and who views it.
By using technology that controls information at the document level, organizations are transforming how they leverage and share confidential business content. Document-level security addresses the need to protect information using controls that move with a document. Upon creating a document, managers can specify recipients' rights of access and even revoke or revise access rights after documents are distributed. Typical controls include restricting who can print, copy or save documents; monitoring who accessed or tried to view materials; and maintaining a complete audit trail for documents, including histories of how they were used.
Document-level security is a natural extension of an organization's efforts to protect enterprise information and is an important part of an overall enterprise rights management (ERM) strategy. Traditional approaches to securing electronic document delivery often involve Secure Sockets Layer (SSL), virtual private networks (VPN) and e-mail encryption. However, these approaches only secure communications lines without providing persistent security within documents after they leave the secure network transport.
Document-level security goes an important step further by using a policy server to establish controls that persistently protect a document through its lifecycle, from creation, to distribution and collaboration, to archiving and destruction.
A Standards-Based Approach
Increasing demand from business executives and IT managers for document-level security is being met by a range of solution providers. Adobe Systems offers its LiveCycle solutions for securing and controlling documents. Microsoft has Windows Rights Management software, while smaller vendors like Liquid Machines have their own offerings.
For companies looking at document-level security, it is important to consider the size of operations to secure and adopt a solution that can scale to meet evolving business requirements. Organizations may want to use a hosted solution from a trusted provider, or for larger enterprise applications, opt to deploy a solution in-house. In either case, document-level security solutions should be built around scalable J2EE, Web-service architectures that help ensure easy integration with existing and planned systems such as application severs, databases, ECM systems, authentication systems and scanning devices.
With so many processes and documents in business today, security strategies need to handle documents created in a variety of software applications and used in different computing environments. Ideally, security policies can be applied to documents individually or as part of batch processes. The resulting policies also need to be dynamic, allowing organizations to revoke or apply new controls on demand.