Once an Enterprise Content Management system is implemented, it is important to be able to restrict or grant privileges based on an employee’s role in the company. Like we discussed previously, it is important to share and leverage knowledge with a company, but it is also vital to keep sensitive information from leaking.
Imagine you are an investment bank. Now think about a first-year desk jockey you just hired. As a firm, you want him to learn as much as possible, but when he performs an enterprise-wide search, should Lloyd Blankfein's emails show up? Probably not. And the opposite is true as well; it is important for managers, lawyers, C-levels, and compliance officers to be able to access data across the enterprise.
In this case, low-level or divisional employees need to be restricted in both horizontal and vertical access to data. Without a system to enforce privilege levels on a granular level, an ECM solution will be inherently useless. If there is a checkbox item to include whenever evaluating an ECM solution, this would be a vital one to include.
I'm not sure about everyone else, but ZL's Unified Archive allows you to use your Active Directory from Exchange, the store of information defining the organization virtually, to assign roles and privileges across the enterprise. ZL ensures that you control who can have access to the right data.
Image via WikipediaAs most people have already caught up on the WikiLeaks and Afghan War Diaries affair, I just wanted to quickly point out that this type of data loss can be avoided by using the correct records management software. To tighten the valve on probably the most prevalent and most easily accessible avenue of leakage, e-mail, should be a requirement from any solution. By using an enterprise-wide email and content management solution, companies (or governments) can be sure that offensive e-mails do not leave the company.
Pre-review functionality allows for policies to be set based on any characteristic of the mail, the number of metadata parameters as well as the contents of an e-mail or attachment. Properly deployed the system can block an e-mail from being sent out of the organization before any damage is done. As an example, if a policy stating that any e-mail or file discussing “Contract X” should not be allowed to leave the company firewall, a policy to this effect will ensure that any e-mail or attachment containing any information related to “Contract X” is blocked at the gateway. In essence, these e-mails are automatically “flagged” and the compliance officer or the administrator would be informed immediately that there was an attempt to send that content out. They would then also have the option to allow the e-mail to go through and be sent out, or confirm that it needs to stay blocked.
Such functionality (hopefully) should be deployed throughout the government, but for some reason I get the feeling that its not. If anyone has more information on how the government, especially defense organizations, does data loss prevention, I'm all ears.
