We all have data, regardless of what we call it, Big, Deep, wide, long or medium, it is still data. Data that lives in its own solution world (SAP, Salesforce, ….), Data that lives in Files (DOC, PDF, MSG) and Data that lives in tables (SQL, Oracle, DB2, ...)
We create the data for work reasons, in hopes that it will assist us in being more efficient, effective and in hopes that it will reduce the amount of time needed to find and re-use it
Our traditional approach to finding information related to a specific subject has been to independently search each data repository then create a report or a document of the findings and their locations.
A Repository-Agnostic Architecture allows authorized users to find information in any and all connected repositories from a single search interface and present the findings in a unified result list.
Data and/or documents can remain in their own repository but Tag them for easier and more immediate access and control. Users can search and access the information from a Desktop, Browser, Tablet or Mobile device.
As Information Management Advisors, Enara has been advocating the need for such Architecture and we are now able to address some of the bigger picture concerns that faces some of our clients.
Not a month passes without a new story about breach of information in public or private sector organizations. While some are from the outside, some are from the inside and while some are severe, some are catastrophic.
Organizations are spending fortunes on preventive measures to ensure that the infrastructure is secure and defendable against hacks, Denial of Service and IP sniffing among other attack forms. To date, few big attacks were intended to cripple or bring to halt the operations of an organization; most of the attacks were to extract as much information as possible from an organization such as the Target attack and the famous Equifax one a month or so ago.
While organizations are doing their best to defend by applying hardware and software measures, most are forgetting or ignoring the most important thing, securing the information at hand from prying eyes. If the information, data or documents, is left in the clear on hard drives and shared network drives, that information becomes easy to steal, manipulate or destroy immediately if the outer security perimeters are breached. Let’s face it, an outer wall breach by itself might not be harmful, but a breach that can penetrate all the way to the treasures of an organization, Information, could be, and most likely will be, seismic.
By deploying additional protection measures internally, organization will have a second formidable line of defence against a breach and be in a better position to guard and safe keep the black gold of our century, Information.
Intelligent Information Management (IIM) solutions are designed to Store and Manage information and allow access and reporting on that information for authorized users. The main word in the last sentence was “authorized”.
Roles Access and Access Control:
By using Roles as a first line of security, authorizing access based on Role, Access Control Lists (ACL) can be used to restrict Role access to information, think of it as “Needs to know basis”. ACL’s can even be applied to specific Metadata (Tags) elements to further restrict access to very sensitive information, such as Social Insurance Numbers or Credit Card numbers.
Documents and Files, including Emails:
Documents and files that are traditionally stored in network drives would be stored in certain location(s) accessible only by an internal connection from the IIM solution and through proper authentication against the ACL’s applied. Furthermore, the storage location would be encrypted, AES-256, so that even if someone manages to gain access to it through the network, they would not be able to view, open, modify or destroy. The documents or files can have additional ACL’s applied to them on top of the ACL’s that are applied to the Role and/or metadata.
An IIM solution would also encrypt the communication packets between the client workstations and the IIM server itself so that information en-route is not transmitted in the clear and thus is not readable if sniffed.
Audit Trails are an important part of any IIM solution, knowing who is doing what, when and the ability to generate immediate reports or scheduled ones that are also automatically routed to selected personnel within the organization is an added level of insight.
Many organizations tend to use Active Directory (AD) credentials and synchronization to allow access to some solutions. If an external entity obtains the AD credentials of a user, they will be able to access all internal areas that user has access to. An IIM solution allows synchronization with AD to ease the load on users, but today, it is advised that access to IIM be done with completely different passwords and preferably login accounts than those used by AD. Even if the AD access is compromised, the information within the IIM solution is still not accessible.
An IIM solution today is what an ERP solution was and still is to many organizations, it is the cornerstone of operations with information from yesterday and today that is needed to assist in decision making for tomorrow.
Although this article concentrated on the Security aspects of an IIM solution, Security is but only a piece in the world of such solutions, many additional pieces exist and can assist in the betterment of daily and future operations of any organization.
In today's world, Information is GOLD and Security is PARAMOUNT