Ensuring Usability
Once you've given someone access and have established access polices, then what? There are granular questions to ponder: Who can edit the data? Or print it? And who can distill it into a different format? Those are normal workflow questions, so it's important to figure out how people use the data when trying to implement security and usage policies.
"You could make your organization extremely secure, but at the expense of the workflow," says Ed Gaudet, SVP of corporate development and marketing at Liquid Machines, a provider of enterprise rights management software.
Companies such as Goldman Sachs and Dow Chemical use Liquid Machines software to protect intellectual property by defining not only who can use the information but also how they can use it. The software is typically used to encrypt all corporate data and lets systems administrators create access and usage rights to protect against misuse. When unauthorized users access data they don't have rights to, they get a message telling them the file is protected.
Controlling information at the data level allows different policies to be set for individual users who travel with the data, even when it leaves the network. This level of control allows security policies to be based on the type of job a person has to do. That approach maps well with collaborative workflow, says Gaudet, because role-based controls can change as workflow changes. Whatever tools you use, effective data loss prevention requires you to classify your data, a step many organizations often skip, notes Kindervag. "Until companies classify their data correctly," he says, "all data loss prevention efforts will fail."
Ad Choices
Comments