The Layered Approach to Security is Dead… Long Live Layered Security
Life isn’t the same as it used to be, the good old days of leaving your door unlocked are gone, never to return. Business isn’t the same either. IT has brought into the workplace, organisational and cultural challenges. One of the positive consequences of this is the ability to collaborate remotely. Successful collaboration can bring about substantial cost savings, removing the need for paper and decreasing travel costs. But with this positive aspect comes a worrying issue – can you to trust the collaborators to keep the information within the shared documents confidential?
In a digitised world you can’t just apply trust to your closest work colleagues, you have to extend that trust outwards into the wider internal organisation and as the digital workplace matures we have an additional new sphere to trust – the outside world.
Our electronic business is moving outwards and onwards.
Collaborating with others gives us competitive edge, it helps us network, it helps us earn respect and confidence from our partners, it is about teamwork, cooperation, partnerships and alliances, it is also about trust. Human beings want to collaborate, it is natural for us to work in teams; our pre-history is filled with cultures built on systems of collaboration.
Building a trust based collaborative system is the new challenge to the layered model of securing your enterprise. Because of the very nature of the way that documents flow through an organisation (and outside of it too) we are left with dynamic content that can be extracted, changed, leaked: the integrity lost forever and the information open to a competitor or worse – the press.
Because of the fluidic nature of electronic documents the challenge for security in the next few years is to take our normal document based work flow processes and, without substantially changing the way we operate, secure our content. This is not as easy as it sounds.
The considerations are complex because they seem contradictory. You need to protect the original intellectual property, as it’s created, so the protection needs to be applied within the native application, not a derived copy such as an Adobe Acrobat file.
Because working documents are often in a state of continual editing you need to allow authorised others to edit the document but still retain protection. This is a particularly tricky thing to do, allow editing but stop printing, stop copying the content (by clipboard, screen capture, etc) as well as making sure the document itself is secured and never decrypted on disk.
But you also must have the option to make a document view only once it has been completed, yet have the option to restart editing if needed at a later date – after all information changes.
You need to be able to allow this scenario of secured collaboration to work both within your organisation and outside of it so you can take advantage of your partnerships and alliances. This can only be done if the technology allows full compatibility (not just view only) with older operating systems, as well as the latest.
And of course you must also have the option of applying all of this automatically, without your users having to remember to protect your precious information, or to have to work with new applications, or learn new techniques.
There’s an awful lot of flexibility needed to make sure we can really take advantage of information technology and make it work with us and for us. We want to share our documents in an environment of trust with no changes to the way we work and ideally without even knowing that we are securing them.