Securely Sharing Business Information
The game has changed. Information is the world’s new currency. How an organization manages its information assets is today a competitive differentiation, same as how it manages its physical assets, its human assets and its financial assets.
Today, many organizations are struggling to find the sweet spot that balances conflicting priorities of satisfying end-user access demands to business content and keeping the confidential business content secure.
Several file share and sync vendors claim that their offerings address the needs related with true security for storing the business content and also deliver consumer like functionalities to easily share it.
Also, global commercial cloud services for file share and sync, starting in the corporate and small-to-medium business (SMB) paid-subscription market and trying today to address enterprise customers are addressing this market by asking the clients to use their cloud storage service to securely store and share the company’s files, especially documents without any headache related with managing the software platform and with the key message that their files will be easily accessible on multiple devices including mobile devices, easily shareable with third parties.
Sounds great, but there are also some aspects to be considered
1. Metadata matters
Sharing files is one click away. But how effective and how secure is to offer access to files and folders? Is the filename good enough to define the content in the file? Is the filename enough to define what user or group of users should have access to the content in the file?
To effectively and securely manage business content sharing, you need to consider metadata. The successful implementation of any business content access and sharing strategy requires implementation of a metadata schema.
Building an enterprise business document repository without a metadata plan is as throwing a paper document in an unmarked box. And defining who will access the business content or sharing confidential business documents in the traditional way offered by file share and sync vendors without a metadata plan is like distributing documents with the eyes closed.
For enterprise customers the main flaw in the commercial cloud model for file share and sync is that the service, not the customer, holds the encryption keys to customer files. Although Dropbox and other providers tout their application of strong AES-256 encryption for customer files, the services hold the keys, and even permit selected employees to access and decrypt customer files – “We’re not quite secure, but we’re better than nothing or than as-is situation”. One way or another, when an organization moves its files outside its firewall and entrusts them to a third-party service, that organization sacrifices some security. Companies make this sacrifice in order to provide convenient sharing and enable collaboration among employees thinking that this cannot be avoided.
These companies are simply unaware that they can implement an even more efficient storing and sharing environment for the business content while keeping their business documents secured inside the organization firewalls.
3. Sharing. To Show Only or To Distribute
A better solution can be found in a different way of thinking about document sharing: an organization should have the ability to show documents without necessarily distributing them and losing control. This approach enables organizations to meet user demands for information accessibility while keeping business documents secure and in the organization’s exclusive control.
When document files are accessed from a file share and sync on premises deployment or from a cloud service, the actual document file is synced to the devices of the authorized users, often in a file format that requires a native application for viewing. Even if shared in “read-only” mode, the file can be saved under a new filename and confidential content from the business document can be selected, copied and pasted for use elsewhere.
Document viewing technology enables an organization to show a document without sharing it, all while keeping exclusive control of source files. From the end user perspective, in a document viewer, documents are opened in an application frame in which they can be read and also used with tools such as zoom, text search and annotation. From the technology perspective what’s actually happening is that the original document, securely stored on the organization’s server, is being very rapidly converted into a high-fidelity graphics file (such as the HTML5-standard SVG format) for transmission to the user’s browser. The original file never leaves the server, and never travels across the network or on the user’s hard drive.
There are several security advantages of a document viewer. First of all business documents and metadata remain in the organization’s exclusive control – the user never has possession of the actual document file (of course, when appropriate, organizations can enables users to download the source document). In the same manner, mobile document viewing requires only a mobile browser, not a third-party application and source documents and, also, metadata is never downloaded to mobile devices.
The good news – there are safer methods that make sharing even easier
To respond to all these challenges, Star Storage created SEAL – an enterprise information archiving and records management software product with strong sharing capabilities, which enables organizations to preserve and unleash the value of their information assets while providing a secured compliant environment. SEAL offers to its users a series of innovative capabilities, all the features being available from a powerful but simple and user friendly interface.
1. Strong metadata management, ready to use out-of-the-box
Business content is not only about files. It is about files (mainly documents) and associated metadata. Due to uniquely flexible data management features, SEAL can ingest, archive and manage any business content (files and metadata), with any classification, from day 1 after the out-of-the-box installation. No more fixed files and folders hierarchies.
2. Powerful metadata based security rules engine
Security setup is very flexible and permissions assignment (who can view, edit, delete, share and download) can be granted in a user friendly manner, based on document metadata. For this, SEAL provides security rules, which are a set of logical expressions, defined on documents metadata. The rules are evaluated whenever a new document is uploaded in the electronic archive or whenever document metadata is modified, in order of their priorities. Based on the result of the evaluation, a specific security policy is applied to that document (dynamic security). Hence, there is virtually no limitation in defining the security model, because the security restrictions are always generated by the category and nature of documents, which can be expressed as metadata.
3. Security level permission model
An additional security mechanism can be employed for sensitive content, especially when access is governed by different laws and regulations. This is a superseding “security level” model for easier implementation of hierarchical user authorizations (E.g.: normal / confidential / secret / top secret).
4. Encrypted content
SEAL ensures content encryption using AES, a highly secure and performant standard used through the world to encrypt sensitive data. For each SEAL customer an individual encryption key is generated and stored securely, so its data is kept safe regardless of supporting storage tier.
5. Time-boxed document collection sharing
Users can easily create and share document collections, while still keeping information control and respecting all security and compliance rules. Document collections feature offers the possibility to securely share content to internal users and even to users outside the organization without losing information control. The business content will stay all the time in the SEAL repository, the authorized users (internal or external) being able to view only the content, for a specific period of time, with all the audit capabilities in terms of monitoring document access and other operations. Every operation regarding documents (shared or otherwise) is saved into a permanent audit report.
6. Integrated viewer
Embedded document viewing technology enables the organization to show a business document or a document collection without sharing it (aka sending the content), all while keeping exclusive control of source files and associated metadata. The original file never leaves the SEAL repository and never travels across the network or lands on the user’s hard drive.