how secure is your software-01

 

First submitted by Rose Mananghaya on Thu, 04/10/2014 – 02:57

When selecting an electronic document management system that would handle your company’s most sensitive information, inspecting its security features is top priority. According to the Global State of Information Security Survey (GSISS) 2014 conducted by PricewaterhouseCoopers (PwC), an average of 3,471 security incidents were reported in 2013, resulting to companies increasing its security budgets by 51%.

To combat these security incidents, document management systems implement passive and active security. Passive security, which involves encryption, is a security measure to prevent unauthorized access to information. In document security management, passive security protects documents from external threats including hacking, as documents will have to be decrypted in order to be accessed.

Meanwhile, active security’s goal is to implement a level of access for certain users in retrieving files. Active security involves implementing user profiles and user scope, and username and password. Passive and active security form the traditional triangular security, common with most document management solutions.

However, these two security features lack certain protection from internal threats, which organizations don’t really prepare for. In fact, according to the 2013 US State of Cybercrime Survey co-sponsored by PwC, one-third of respondents don’t have a plan in dealing with internal security incidents. The GSISS 2014 further states that an estimated 31% of security incidents were caused by current employees while 27% were caused by former employees.

To address this, our document imaging system, Enadoc, integrated additional document security features to the traditional active and passive security. These include Dynamic Redaction, Dynamic Watermarking, Document Scope, and Security Levels. We coined these additional features plus the traditional document security management features as Hexagonal Security.

These features address challenges within current IT environments that use modern technologies. For example, how do you deal with employees who can possibly leak data by capturing a photo of the document onscreen using their smartphone? This has been happening in the modern workplace and according to Symantec Corporation’s Internet Security Threat Report 2013, 23% of data breaches were caused by employees who accidentally made confidential data public.

Enadoc has solutions specially designed for these instances. These are Dynamic Redaction and Dynamic Watermarking. Dynamic Redaction blacks out certain portions of documents according to its document security level. This means that the user won’t be able to see information not meant for him. Meanwhile, Dynamic Watermarking adds the date and your username on every document. This means that every time you take a screenshot or a photo on your smartphone, the date and your username will appear, making you accountable in case of a data breach.

In the traditional physical document security management setup, how would a company restrict certain documents from employees who should not have access to highly confidential data? The job falls entirely on the personnel assigned to managing the documents. Enadoc, on the other hand, has a security feature, Document Scope, which allows administrators to assign the access and action on documents, preventing unauthorized circulation. Some documents may be labelled “cannot print or e-mail” and some require a series of approval from certain users to be accessed. In addition, when an unauthorized action is being made, administrators will be immediately notified.

Furthermore, how can an organization classify each document type to be accessed by the right group of people? In the traditional document management setup, this will be handled by the personnel assigned, which is additional overhead and can pose security risks. Enadoc’s solution to this challenge is Security Levels, which are assigned to each document in the system. Typical document management systems only have class Level 1 to 6 but with Enadoc, we have increased document security level to 7.

Documents with security level 7 will not be accessed by anyone at any time unless access was granted to a specific person for a specific timeframe. These can be applied to highly confidential information, guaranteeing that these documents will not be accessed by unauthorized users.

Another concern in modern workplaces is data theft. According to the Symantec Corporation’s Internet Security Threat Report 2013, 23% of data breaches were caused by theft or loss of computer drive, while 8% were caused by insider theft. Theft or loss of data can be avoidable by storing data in the cloud. One of Enadoc’s subscription allows data to be stored in the cloud, which can eliminate instances of theft or loss of data stored in a computer drive.

All of the documents in Enadoc, regardless of storage, are protected with 256-bit Advanced Encryption Standard (AES). Decryption is needed to be able to access the documents, which is impossible as it takes about a week to crack a 40-bit encryption by brute force.

Enadoc designs its security based on practical situations and the challenges of a modern workplace. For more information about Enadoc’s features, visit the Resources page of our website.