Access scenarios today are more complex than ever, thanks to the increased need for mobility, usability and flexibility. Think, for example, about all those millions of additional people who are now working from home offices. This makes it challenging to protect data stored in IT systems against unwanted access, and to prevent data theft by authorized system users while processing sensitive data.
The key to managing these challenges lies in finding a balance between pragmatic flexibility and context-adapted security measures.
Recently, a customer came to me with a question about security: What is the right approach in document management to protect sensitive content from unauthorized access in OpenText™ Content Server? Among the initial ideas we considered was using metadata like categories or classification. This would require a step-wise, expandable approach that, as much as possible, leaves the current implementation and configuration status untouched.
Let’s consider this approach in more detail:
The right approach, of course, depends on your individual requirements and overall implementation scenario. Achieving satisfactory results requires a holistic implementation perspective, experience and insight—this means considering interdependencies, the system ‘look and feel’ and the associated configuration options. In OpenText Content Server, things like categories and classifications involve different types of metadata.
For example, categories would work best when you’re using purely descriptive and editable labels for documents: attributes like public, confidential or secret, selected from a single-value drop-down list.
Classification, on the other hand, might be more suitable when using classification schemes, records management or file plans.
When considering expandability, however, think about the goals you want to achieve. Descriptors like confidential and secret indicate document classes that must be specially protected by system functionality for compliance reasons. You also want to think about access by user groups that are privileged in terms of system technology but are not part of the group of addressees—such as system administrators. Other matters to consider: Who is permitted to set up, assign or update this kind of metadata? And how should a content-oriented access hierarchy be mapped? Setting controls through solely descriptive metadata and supplementary object authorizations can quickly become confusing and difficult to maintain.
There’s good news, though, for those struggling with issues like this. OpenText Content Server offers useful features that help with these kinds of scenarios. In particular, Supplemental Marking and Dynamic Security Clearance let you control differential metadata-dependent and system-secured access to documents that need special protection. This offers many benefits:
- Only authorized users with the appropriate security clearance level can access highly confidential documents. This access control level is independent from the standard access control options to address a meta requirement.
- Users with system administration rights cannot automatically access highly confidential documents.
- Users can access an object only if they have markers assigned to the desired object and have default permission to view the document. Markers are organized hierarchically. And only a specific group of users—for example, compliance officers—can assign markers to users.
- Dynamic Security Clearance can also differentiate between devices and geolocations from which access is or isn’t allowed.
So if you’re looking for the best way to protect content from unauthorized access in OpenText Content Server, look no further than Supplemental Markings and Dynamic Security Clearance. They provide the security and flexibility needed for controlled access to highly sensitive documents.
To learn more about information architectures based on OpenText Content Server and the benefits of Supplemental Markings and Dynamic Security Clearance, please contact us or visit OpenText Professional Services.
Author: Martin Schwanke, Manager, Professional Services