Document Management: Protecting Confidential Information

Protect confidential documents and information with a metadata-based permissions strategy

One of the most important considerations for any business is how to effectively secure and protect sensitive information. According to an AIIM survey, 60% of large organizations cite that the potential impact of leaking confidential information would be high, and for 13%, it would be disastrous — which further underscores the importance of ensuring that your organization’s sensitive documents are protected from unauthorized access.

Defining and enforcing policies and processes for who is authorized to access, edit and approve specific documents is of paramount importance for companies of all sizes and in all industries. And while policies related to access permissions can vary depending upon your business, many organizations today are leveraging metadata to create a smarter and more successful strategy for protecting confidential information assets.

The Challenges of Enforcing Access Privileges in Folder-Based Document Management Systems

Information in a traditional folder-based document management system typically inherits access permissions from the folder in which it resides. An additional approach supported by many document management systems is what is known as an Access Control List (ACL), which is basically a list of access permissions that can be assigned to a specific folder, which is then inherited by all the documents stored in that folder.

These folder-based approaches are inherently inflexible and restrictive because they rely on information to reside in a single location (a folder), which presents a dilemma since different versions of documents often reside in more than one folder. This intractable problem simply can’t be effectively solved with folder-based approaches.

Leveraging Metadata for Secure and Automated Access Control

Today’s most advanced document management software solutions offer new ways to derive access control settings from metadata, making the process of setting permissions for documents and other information both dynamic and automatic. Metadata-driven permissions and the associated audit trail and event log also help organizations prove that they actually follow the access control policies they have defined.

In a metadata-driven solution, access to content can be controlled by a combination of object-specific permissions and ACLs that are automatically determined by its metadata. The idea is that instead of inheriting access control settings from a containing folder, a document should have its final access permissions derived from its metadata, so a single document could be accessible to members of a project team, a certain group of managers, all of management and accounting, only to employees with a certain security clearance, or any combination of these. Further, permissions can automatically change based on a document’s workflow state, whether it is in draft form and being reviewed, or approved and ready to be published. And simply assigning or changing the document’s metadata can automatically adjust permissions as appropriate.

In a similar manner, you can specify the members of a project with metadata properties and configure the document management system to inherit permissions of the documents related to a project from the project object itself. In this way, you can dynamically change the permissions of all objects related to the project by adding or removing project members in the project object. You can also implement role-based permissions in such a way that project managers have full access to all project content, while project engineers only see the document types that are relevant to their work.

M-Files Delivers True Metadata-driven Permissions Management Capabilities

Access control is a vital component of document management, and M-Files provides a revolutionary way for our customers to manage access to confidential information.

Other ECM solutions tout metadata-driven permissions management capabilities, but these systems only include first generation metadata-based security controls that force administrators to define security level type of properties that affect permissions. With             M-Files, any metadata property (or attribute) can serve as the driver for defining who has access and/or editing privileges for a document or a class of documents (for example: project group has access to project documentation). Furthermore, multiple metadata properties can be combined to set the permissions (for example: project group has access to project documentation, except if the class is Budget).

The M-Files approach to permissions management takes the time and guesswork out since users just define what the content is, and the system sets the permissions accordingly based on its metadata properties. This leads to more effective and efficient access control, more successful security audits, as well as a more fluid and dynamic content management environment.