I’ve realised over the last few weeks that we (software engineers in IT) seem to have made security for Documents and Folders (whether in a Document Management System – DMS or just on a file share) overly complicated. Add to this the fact that we’ve now added powerful search engines over the top and guess what? We’re finding things are not secured the way we expected!
So here’s my suggestion for a simple security model from a real world perspective. Let me have your thoughts in the comments. Who knows maybe a DMS vendor will take note and implement it?
What do we have in the real world?
- A document or many documents.
- Which can be stored in a folder, or maybe collated into a set of folders for a matter or project.
- Then these are stored in a filing cabinet/pedestal. Right?
In the real world where is the security applied? By default it’s only accessed by those in the company (secured by building or floor access). Then if there are confidential items the filing cabinet/pedestal is locked and access to the key given to those that need it.
So how about we implement this for an implementation for the the DMS?
- The DMS as a whole is your firm, accessed by your employees.
- Now make a choice at implementation of the DMS – Do you apply the key to the filing cabinet (i.e. a DMS library) or do you wan to apply the key to a matter (i.e. a collection of files)?
Then during use the simple question is for the level you chose
- Who do you want to see this? Is it everyone on the firm, a group, or a few individuals?
That’s it, I’d have no granular security below this. Bottom line would be if you need security below, then set up a new collection of files.
But hang on, what about those cases where you need to share a document or file? Say you need some advice internally on a document but you don’t want to open up the whole matter.
- So final addition would be to introduce a concept of lending, in the real world you’d borrow a file or document and then put it back in the file. Do the same, set up a time limited “guest pass” for any point at lower levels (i.e. a folder or a document). That way if you forget to revoke the system will correct itself.
That’s it. I challenge you to think of any scenarios it can’t handle?
Hmm, wonder if it’s fair to compare physical document storage with electronic systems, in these terms?
Surely the selling point of the electronic filing system is that you have more flexibility over how you can restrict reading/writing.
Eg – let’s say I’m an IT Director and I’ve a whole stack of documents I want to make available to the Partners/Directors but I don’t want them to be able to edit/overwrite them, they have access to the specific directory with read-only permissions.
There’s no equivalent to that in the case of physical filing, so there can be no scenario camparison in those cases.
Does that stand up?
I was using the physical world more as a visual reference than a model. I was really looking to simplify security in electronic filing. I’m all for flexibility but not at the expense of simplicity.
Could the IT director example work by applying the flexibility at my “who do you want to see this” step?
We provide most of these simplifications in Prosperoware Milan Matter Hub. We provide the concept of a matter team that can used to secure content in the DMS and across any other system that respects Active Directory.
The suggested scheme seems to defeat the purpose of a DMS, which is information sharing, not information restricting. To maintain the usefullness of the DMS, the default setting would need to be unrestricted. But having the option to restrict an entire matter is compelling for SMBs that find ethical wall software to be too expensive.
I agree with the “lend/borrow” suggestion. This feature is missing from the leading DMS systems (I haven’t seen any DMS that does provide this natively). Quite useful for allowing a shared secretary temporary access to your docs.
Default on a library should be all documents public. There are exceptions, but they are always edge-cases for a small group, and can be catered for with a special library or if you have a capability, special security on their matter folders (whatever works best in your chosen system).
I agree with Daryl’s comment, you have missed the scenario where you want to share the information with someone, by read-only. To put it bluntly, I don’t trust them to edit my document.
Betsy/Crispin, agree with the default being public. But are you seeing law firms become more risk averse and start to secure documents? I see more of trend to move to closed rather than open models, not that I agree with it.
Very True, so few firms realize this is even an issue. They don’t realize that every employee can see every doc on that share whether you want them to or not.
When I first started doing document management for people it was non existence, I had set this kind of thing up through active directory for a firm that had gone paperless but had concerns about security of certain folders and similar read write issues.
Some the the better DMSs’ have good features but I’ve been having allot of success with the file system watcher class in .NET 4.0.
MSDN Article
This allows not only to generate very lightweight access logs but to add events for record – addition | deletion | changing | etc …
Nice post. Time-based controls are a good idea and are supported by expensive “entitlement management” solutions.
Another approach, often used in military contexts, is to label information and then apply policies based on these labels. This ends up being a lot easier to administer than a lot of access control lists. Most records management systems (such as HP Trim) support this.