Quocirca Reports | Quocirca Articles | Key Analysts | Questions & Answers
Content security for the next decade
The need to share information has never been greater as cross-organisational business processes become deeper and more complex. The movement of digital information, both within a business and across its increasingly porous boundaries to external individuals and organisations, carries more and more risk as regulations are tightened around data protection and personal privacy. Those businesses that stay ahead of their competition in the next decade will be those that put the technology in place to allow them to share content widely, but safely.
Key Findings

  • Businesses have always shared information with their customers, partners and suppliers but today this is mostly done electronically
    There are many inherent dangers in the electronic sharing of information, especially since the dawn of the internet age. Initially the risk was that a business's intellectual property may be compromised or its employees exploited or distracted. However, in the last few years the overriding concern has become external regulators, especially those tasked with ensuring the privacy of individuals about who so much data is now collected and stored.
  • In order to address these concerns businesses need to have a clear and concise policy about how data should be handled and what happens when a data breach occurs
    The policy needs to be easy for all to understand and, where relevant, communicated to external organisations with whom sensitive data is shared. It needs to be a single coherent document, kept up to date and easily accessible. Employees must receive regular data protection update training. All of this must be visible to regulators.
  • Policy needs to connect people with content and make it clear who has the rights to access and create content and what they can subsequently do with it
    Most organisations already have a directory of users, and this should be central to the relationship of people to content security. Groups or individuals can be granted rights to access and create content and policy will dictate what they can do with it and with whom they can share it. Some content may need to be restricted to specific locations in which it can be accessed through links with physical security.
  • However well implemented a policy is, employees are fallible and the control over external individuals is limited
    This requires the use of technology to limit and control the actions of users. No single technology will provide all the protection necessary and organisations must ensure that whatever products they use not only fit their policy, but also warn users if they are about to breach it.
  • A range of technologies can help protect data in its four main states: stored on stationary devices, stored on mobile devices, in transmission over networks and printed on paper
    Encryption should be used where prudent although it is not enough on its own; once content is decrypted users can do pretty much what they like with it. This means further measures including end point security, content filtering, web access technology and print management; they all form part of total content security.
  • An overriding technology is needed to translate written policy into enforceable IT policy; the term data loss prevention (DLP) has become widely use in the industry to describe this
    A DLP solution consists of a central policy engine that understands both users and content. All content moving within and to the outside of an organisation can be inspected and checked against policy, warning users of potential harmful content handling or blocking a particular use altogether.