Growth is driven by individual departments choosing different solutions for their specific problems, and is compounded as enterprise standards are changed through mergers and acquisitions. As a result, the amount of information at the disposal of employees raises serious issues for corporations. However, none of these issues is more critical than security, or more specifically, managing user access to the information in enterprise repositories.
While the Internet`s 24x7 availability and global reach enable a higher degree of automation and dramatically improved operating efficiencies, putting information online also potentially puts organisations in a vulnerable position by exposing valuable resources and applications to a greater number of users. Security problems such as unauthorised access to mission-critical information can lead to misappropriation of intellectual capital and loss of competitive advantage.
The more corporations exploit the power of the Internet, intranets and extranets to manage their intellectual capital, the greater the need for a comprehensive security infrastructure. But as infrastructure applications move towards integrating different data sources, each security implementation must be carefully supported to avoid unauthorised access to information.
Research firm IDC says single point of access to all enterprise content is one of the top three requirements listed by large companies. However, this access must be secure, and it must be controlled so that only authorised users have access to each document or data point.
Critical questions to ask
The more corporations exploit the power of the Internet, intranets and extranets to manage their intellectual capital, the greater the need for a comprehensive security infrastructure.
Garth Wittles, district manager, Verity
Virtually every vendor in the intellectual capital management (ICM) space claims to provide some form of "secure" content retrieval. The reality, however, is the range of capabilities in the marketplace varies considerably. Do not put blind trust in the claims of enterprise software vendors. Before you can determine which solution will provide the level of ICM security you require, you need to ask vendors these critical questions:
* What is the highest level of discretionary access you offer for information retrieval?
To protect sensitive content from unauthorised access, companies must deploy solutions that enforce existing security systems down to the document level. This protection must be extended to result lists and category views to ensure that no information is leaked by displaying document titles or summaries to individuals that don`t have authorisation to access documents. Without this protection, organisations often avoid indexing their most sensitive content - making quick and reliable access for those who need this information virtually impossible.
* How does your security platform accommodate the need for multiple levels of clearance and various levels of sensitive content?
Organisations must deploy flexible solutions that are as open or as restricted as required because users generally have access to multiple applications within a single interface - each with various levels of sensitive content. Companies typically need a range of secure content retrieval options - from full access to repository-level access through restricted viewing to full document-level security. No single option is appropriate for all users and all applications. Without this flexibility, sensitive content can be left unprotected, while documents with little or no sensitive information can be overly restricted - driving users away.
* Will your solution support the native security models of all of the repositories and proprietary applications in your organisation?
To leverage existing infrastructure and reduce administration overhead, companies must deploy solutions that respect and enforce the security mechanisms in multiple systems and third-party repositories. It shouldn`t be necessary to implement a new security system for your enterprise information.
* How easily does your information retrieval solution integrate with an access management application?
To leverage access management single sign-on applications, companies must deploy solutions with established integration paths to the respective application. The solution must be capable of observing the underlying security privileges defined by the access management application. If a user is not authenticated, the document listing will not be shown in the search results.
* How do you maintain strict security in a rapidly expanding information environment? Organisations must deploy solutions with a security architecture that can scale effortlessly - no matter how many more users or how many more documents are added.
Flexible solutions keep intellectual capital safe
A security architecture should not require you to implement a new security system for enterprise information. Rather, it should enforce native applications` security mechanisms, allowing you to leverage LDAP, Active Directory, NT Domain, Unix logins, proprietary applications, as well as third-party access management software. Security for intellectual capital should be configured at the level of the document repository, or at the level of individual documents presented to users as part of search results.
Just as important as making all information accessible is ensuring that all information remains secure. Whether you need your intellectual capital secured to meet privacy regulations or to prevent the loss of proprietary information, granular, flexible, scalable security adds value across every industry and line of business.
Verity is a co-sponsor of ITWeb`s software industry portal, which updates readers on new releases, product reviews, and breaking news and trends in SA and overseas markets. Columnists report back on strategic business issues, market moves and vendor announcements, while the Industry Solutions feature carries relevant case studies.
Share