ArabianBusiness.com - Middle East Business News
Monday, 23 November 2009 04:59 UAE time

YOUR DIRECTORY /

| Share |

Paper trap

by This email address is being protected from spam bots, you need Javascript enabled to view it  on Sunday, 05 July 2009
HARRISON: Throwing more people at the problem just increases that level of complexity and cost needed to solve it.
HARRISON: Throwing more people at the problem just increases that level of complexity and cost needed to solve it.

Even limiting access permissions is not always a panacea, he adds: "If you are a fileserver administrator, you can give access to individuals, to groups. If you have the admin password for that server or for that domain, there's an awful lot of places, you can go through and find information where people don't expect you to do it.

"There was one example where we were looking at a fileshare location where all of the directors kept their expense reports - very sensitive information. We asked: Who had access to the information? The directors said: ‘The 12 of us and our assistants.' We showed them a report showing that there was actually something like 300 people who had read access to that particular folder. So often, people assume that the only people that can see information are the ones they've explicitly given access to - but there's a lot of implicit access as well that people aren't aware of," he states.

So it's clear that there are a number of areas where document management security can use improvement. But the good news is that most of the technology already exists. Audai Altaie, senior product manager at Canon Middle East has some ideas.

Story continues below
advertisement

"Encryption in the form of passwords on documents can be all the way down the word level and that's what you should look for when purchasing a system. You should have a history of documents that can track the changes from the first to the last page, while your wireless should be encrypted also so that nobody can hack into your network if it's a wireless one," he proposes.

"One of the Lebanese banks purchased our scanners for one purpose only - fingerprint security. Another vertical is defence, especially here in the UAE and Saudi. Our solutions have a hard drive eraser which permanently erases the document, which drew the interest of the Ministry of defence."

Perpetrators of data leakage often include disgruntled employees, for whom document management systems have actually made life easier.

Altaie says there are protections against this kind of behavior: "One of them is detecting if a lot of data is getting transferred at the same time, alerting the IT manager that somebody is spooling a lot of data very fast and then he can question the employee."

EMC's Zenner believes the trend of employee theft is more widespread than most people realise: "Gartner made a statement that they said 84% of high-cost security incidents are the result of the insiders sending confidential material outside the company. Now, how can I prevent that as a company? With our Documentum system today, it allows you to plant certain security measures, not on repositories or data stores but on the physical document which prevent people from copying, saving or taking data to a external disk and sending it via e-mail."

But firms should not rely solely on the power of technology. Xerox's Smith says there are limits to what the technology can do: "There are clearly advances in biometric access, whether that's fingerprints or the retinal scans that are built into systems nowadays, but that ultimately protects only the entry point."

Canon's Altaie concurs: "You can have a password on a password - levels of passwords. He can log in as a user but when he needs to view a specific document, he has to have the password. But if the password is leaked, no company in the world can do anything about it."

Data leakages can and do happen, but a regional culture of secrecy prevents them being made public - leading to a general notion that firms are secure.

Symantec's Harrison lends weight to this theory: "It's not like the US where there's now a duty of disclosure for any kind of data breach. They are probably three to five years ahead of Europe in terms of legislation forcing people to do it [disclosure]. In the Middle East, it's a stage even further behind that. From a cultural perspective, nobody wants to go through and disclose something embarrassing when they don't have to," he continues.

So it's the same story with document management as it is with most security implementations. While the technology exists to protect data, most firms still place the technology and convenience aspects of having their data in a central, searchable database ahead of the very real possibility of data leakage. In part, this is because few incidents have come to light.

Until the region becomes open about the reality of such incidents, it seems enterprises will have to place their trusts in the preventative measures of vendors and the vigilance of IT managers - a combination that will have to do, for now.

Top tips for more secure enterprise content management

 "There are four things to consider. First, get document management with a minimum of 128-bit encryption of all documents no matter where it is. Second, always back up your documents in multiple locations - never put all your eggs in one basket.

Thirdly, even when you log in to your internet access or web access for your document manager, always use your own PC, not someone else's, because they could hack your password. Fourth, use more security than a password, like fingerprint recognition or retinal scanning." - Audai Altaie, senior product manager at Canon Middle East

"Our recommendation is to start by understanding what you have, what format is it in. For example, if you decide you want to keep some data for ten years, how do you know that the current format it's in will be usable in ten years time? We recommend that when people put the data into an archive store, keep it as flexible as possible.

"It's all very well, having a copy of the data, but how do I access it? Do I have the servers, people and documented processes to keep running my business? Just because I've had a disaster doesn't excuse me from any legal liability to store the data and provide access to it when I need it." - Anthony Harrison, server and storage management expert at Symantec.


« previous page
Page 2 of 2

| Share |


READERS' COMMENTS

Disclaimer: The views expressed here by our readers are not necessarily shared by ArabianBusiness.com or its employees.

Click here to post a comment


Add your Comment
All posts are sent to the administrator for review and are published only after approval. ArabianBusiness.com reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic.
Arabian Business would like to point out that only comments relevant to the story will be published. Any containing personal insults or inappropriate language will not be approved.
Name *
Remember me on this computer
Email *
(Your email address will not be published)
City
Country
Subject *
Comment *
Notify me of further comments


Please click post only once - your comment will not be published immediately.


MORE FROM ARABIANBUSINESS.COM

TOP IN MIDDLE EAST TECHNOLOGY

  1. Talks on to bring iTunes, Amazon services to UAE
  2. Cyber attacks hit almost 60% of Mideast businesses
  3. Qtel set to sign deal to allow ATM bill payments
  4. Vodafone Qatar sees 100% coverage by end of 2009
  5. Rolls-Royce signs up for Qatar technology park

TOP MIDDLE EAST BUSINESS STORIES

  1. Emirates NBD has $350m Saudi exposure - chief
  2. Kuwait to allocate Iran port to boost trade
  3. Sunseeker ME announces regional expansion plans
  4. US leisure giant to open first Mideast hotel
  5. Qatar-Bahrain causeway work to being Q1 2010

ALSO IN MIDDLE EAST TECHNOLOGY

  1. Microsoft steps up UAE anti-piracy raids
  2. Yahoo! Maktoob aims to double users in two years
  3. Be our guest
  4. The big chill
  5. Paltel says deal with Kuwait's Zain is off

LATEST MIDDLE EAST BUSINESS FEATURES

  1. Travel & Hospitality: Back to Iraq
  2. Construction & Industry: New work order
  3. Sport: Corporate speak
  4. Culture & Society: Venezuelans tweet in traffic
  5. Travel & Hospitality: Fighting for a piece of the festive pie
From  Current Issue

SHARE PRICE CHECK

RELATED STORIES

Canon ME Fze LLC
| 50 stories
  1. Colour correction
    15 Sep '09 | Features
  2. Canon channel to play a role in e-waste push
    17 Aug '09 | News
EMC Corporation
| 97 stories
  1. Be our guest
    22 Nov '09 | Features
  2. Virtual reality
    16 Nov '09 | Features
  3. Full capacity
    13 Sep '09 | Features
Symantec
| 140 stories
  1. Virtual reality
    16 Nov '09 | Features
  2. Middle East organizations improving disaster recovery approach
    18 Aug '09 | News
  3. Taking Symantec beyond security
    13 Aug '09 | Interviews
Xerox Emirates LLC HQ
| 58 stories
  1. Evading efficiency
    25 Oct '09 | Features
  2. Colour correction
    15 Sep '09 | Features

RELATED LINKS

  1. Symantec»
  2. Xerox Emirates LLC HQ»
Related links open in a new window and are not endorsed by ArabianBusiness.com.

 EMAIL ALERTS

  1. Canon ME Fze LLC

  2. EMC Corporation

  3. Symantec

  4. Xerox Emirates LLC HQ

  5. Technology


CURRENCY CONVERTOR

Tell us your story

CURRENT ISSUE


 

READER COMMENTS

  1. Dubai population grows 1.9% in Q2 04
    22 Nov ' 09 at 21:41
    the figures on 'population' do not come from rental stats and who is living where, it comes from the number of visas issued that are...   More  »
  2. The Roubini Vs Rogers debate 04
    22 Nov ' 09 at 14:44
    Simon, I agree with everything you say. The paper gold games of Comex and the gold fractional reserve banking system of the LBMA are...   More  »
  3. RTA to lease last batch of retail outlets on Red Line 04
    22 Nov ' 09 at 15:33
    Dont really know how well these outlets do. No feedback.   More  »

Read all user comments >

Gitex 2009

MORE FROM ARABIANBUSINESS.COM

JOBS

SPECIAL REPORTS

SURVEYS & REPORTS

PROPERTY