Advantages of a Document Management System

It may be me, but for some reason recently I feel much less secure than just a year ago. It’s probably me, but the continual bombardment of headline news stories, online and TV messages, and the general state of the economy is making me shift in my chair (ah, the answer, get a new chair).

We have gotten a stream of stories about hackers infiltrating very well known, and to this point supposedly secure, companies and all sorts of data being accessed, from credit card information, profile information, to racy pictures (promise, not mine, sorry for the bad visual). Recently, the never-ending reporting on the hospital scares due to a lack of protocol and health workers not being adequately protected seems to piggy back on this same theme.

In the business world, standard communications, like text messaging, are now having to be secured by software due to intrusions and badly behaving employees. Because of the line of business we are in, we increasingly hear stories of corporate failures in data and document management systems security because employees are using consumer cloud based box systems to keep and distribute company information.

I am starting to shiver, seems like the World is getting really nasty and getting worse. (Oh for the days before hacking and spamming. I take that back, dial-up ate up several years of my life I will never get back.) This overriding feeling of lack of security has also invaded the IT departments, who have as part of their mission the security of the corporations’ intellectual property and confidential information. Yet their constituents (us employees) are continuing our quest to find, analyze, distribute, and communicate more data, documents, and drawings.

In a recent article, an individual was quoted as saying his “personal top three reasons for using a tablet at work are having accessibility to documents, productivity that comes with taking notes and creating tasks, and document manipulation.” The article then goes on to say “he will use Dropbox to upload the latest data, which means he doesn’t have to carry a set of drawings in the field.” What’s wrong with this picture?

From up on the hill, I would love to hear the conversation between IT and this employee. Probably goes something like this:

Bill (IT guy): Bob, you said you pulled down the drawing from Dropbox?

Bob (good guy, worker bee): Yeah, I put it on my iPad.

Bill: But the company doesn’t have a Dropbox account, we keep all our files in-house.

Bob: I know, I just put copies up on my Dropbox account.

Bill: Bob, you can’t do that, we don’t manage those accounts and you know those files aren’t encrypted or secured.

Bob: I didn’t know that, is that important?

Bill (starting to cramp up): Did you share any of these files with anyone else?

Bob: Yes, I sent a link to my account to Dave, one of the potential vendors.

Bill (doubled-over, nearing a panic attack): So the vendor has a link to your account on Dropbox and now has access to all our files, tell me you’re pulling my leg.

Bill now faints and Bob has to revive him.

The good news, boys and girls, is that securing files and making access tighter is not rocket science. There are several different approaches to addressing who has access, what they can do with the file, where it can go, and when it needs to be deleted from a device or general corporate storage.

I find it amusing people will lock down their Facebook pages to only specific individuals and then take corporate files and put them onto consumer cloud based box providers without restricting who and how files can be accessed. (Admittedly this is partly the corporation’s fault for not making everyone aware of what the file access and privacy policies are for the company.)

Now don’t take me the wrong way, I am not advocating locking down all corporate files, document distribution, sharing and collaboration is the next great sea change in business productivity. But in view of today’s open privacy acceptance and the increase in technological espionage the transition has to be done carefully and consistently. I view this the same as teaching your child to drive (we all remember either being the child or the parent). We wouldn’t let someone who is just starting to drive to take the car out alone or let them decide where to go or where to park the car. (It fascinated me that even after driving for some time, my children would park the car outside the garage though there was clearly an empty space specifically designated for parking the car they were driving…

Regardless of how IT’s role is changing over time (thank goodness it is changing), they are still the people responsible for ensuring our intellectual property (IP) is safe and monitored. Come on, give IT at least this much. Okay, agreed. So, if like our CRM system, IT decides it is in the best interest to use commercial off-the-shelf software or a cloud solution, IT must still BE IN CONTROL OF THESE SYSTEMS.

There are several different approaches to addressing who has access, what they can do with the file, where it can go, and when it needs to be deleted from a device or general corporate storage. These systems are typically called document management systems (DMS) or broader enterprise contents management (ECM) systems.

IT has the keys to the car and should be willing to let us drive the car, but has the responsibility of monitoring what we are doing and even servicing the “vehicle” so we can keep driving without any issues.

File and data security comes in at several levels, from loose to tight. At a recent conference a presenter provided a seven layer data security model. Though this may be overkill for most, it emphasizes that simple login security or no active security is no longer appropriate, even for your personal pictures. But this is the basic issue, consumer based box providers need to make it easy for you (and your friends and family) to get to the files, while commercial applications need to make it difficult (read secure) for people, including yourself, to get to files and move them around.

Corporations must make it more difficult (read secure) for all of us, and this means using approaches to protect their file and data while making it easier (read more accessible) to those who should have access. I envisage in the near future we will all feel even less secure about our data and files, but over time, things will get better due to the use of technology (e.g., use of chip cards has substantially reduced check fraud at the retail level).

Scott Brandt

CEO/President eQuorum