Why ECM is an invaluable weapon in the security war on rogue employees

Perimeter security alone is no longer enough

Largely driven by the rise of cloud computing, data security issues are now a definite concern when it comes to business executives. Conversations about firewalls, disaster recovery plans and resilient infrastructures have become commonplace for the C-suite, but what many organisations do not realise is that there is a bigger threat to their data security: the insider data breach.

From disgruntled ex-employees to a forgetful executive leaving a memory stick in a hotel room, research shows that there are now more concerns about protecting data from inside the firewall than from outside. So what can be done to ward against these impending challenges?

Securing the perimeter

Much of the conversation about data security, particularly with the rise of cloud computing, is focused on 'perimeter security'. This type of security involves making sure that intruders cannot get into any IT infrastructure and how to recover if such a breach does occur.

Hardware vendors do a fantastic job of delivering secure routers, firewalls and the like to cover these risks and, from a software perspective, antivirus and malware detection tools add a secondary level of protection against such intrusions. But all of these options consider the threat to be coming from outside of the organisational boundaries – what happens if the threat is already inside the building?

The real issue

Research from the Association for Information and Image Management (AIIM) highlights that only 34% of organisations see external hacking and malware/viruses as the most likely source of a security breach. The main concern is now coming from inside the business, with over half (53%) viewing unauthorised access by staff as the biggest issue. On a positive note, this stat suggests that perimeter security is working well. However, it also serves as a sobering notice that something needs to be done to manage internal security.

Excusing the inadvertent or accidental loss of data by staff (which AIIM claims is the major concern for just 5% of organisations), the issue is predominantly that employees can gain unauthorised access to enterprise content. Simply put, they are getting into something or someplace they should not be. The rise of using a network shared drive to store content may well be contributing toward this concern with users unaware that other staff members can access their files via this route.

So what can an organisation do to stop users from accessing things they should not?

Inside coverage

To complement perimeter security, a measured approach to managing internal information security is required. This is an area that enterprise content management (ECM) tools and techniques, increasingly known collectively as information governance, can help with. An ECM solution is designed to manage an organisation's information and business processing assets – storing, indexing and serving content to users, but it's also responsible for securing that same content.

Within an ECM solution, all content is governed by access controls – all documents, folders, views, or whatever mechanism is used to group content will have permission levels for each user, user group, and user role. This serves as the basic level of information governance and control. In simple terms, unless you have the key to the filing cabinet, you cannot get in.

However, sometimes users leave those virtual keys on their desk, by forgetting to log themselves out of their PC, for example – how can any system protect against that?

Modern ECM solutions include advanced capabilities that go beyond basic document permissions management. Using comprehensive audit trails and proactive reporting techniques, organisations can track things like irregular usage patterns, out-of-hours access, or anything that could constitute dubious activity.

For example, a user remotely downloading several documents at 11pm on a Friday night could be seen as a potential breach. By utilising automated workflow tools (another key feature of a good ECM solution), the system can lock that user account – immediately protecting the corporate assets without any human interaction at all. Of course, the user would be alerted to why they have been locked out, and could contact an administrator to unlock their account if a genuine reason exists.

This combination of simple audit trail technology and reporting capabilities enables a significant level of proactive analysis and security control, providing the organisation with a strong degree of confidence that their content is secure.

Total security?

Will any organisation ever be able to completely stop insider data breaches? Not in my opinion, but perimeter controls are never 100% guaranteed either. However, being able to spot issues and potential breaches as soon as possible, even while they are happening in some instances, is a major weapon in the security arsenal of any modern business.

Proactive inside security should be a topic of discussion for the C-suite today, before a problem exists, and not tomorrow when it could be too late. ECM solutions deliver a proven mechanism to achieve this much-needed internal control, enabling organisations to focus on getting the best out of their employees and content, not peering over their shoulders wondering if they are looking at something they should not.