Insights hero banner (short)

Insights

Bringing our best ideas and thinking to you.

  • Blog Post
  • Information Management
  • Information Management
  • Information and Analytics Consulting
  • Information Governance

Blog Post

July 28, 2017

Share this page:

Leverage metadata for content security

By John Desborough

Data breaches are constantly in the news. The increasing volume of data stolen can contain highly sensitive items such as trade secrets, employee and client data, financial information, etc. Organizations world-wide know they have to take steps to address these threats.

Intelligent use of metadata can really help in terms of information security.

Create dynamic permissions with metadata

Most organizations understand the necessity and importance of classifying information and defining access control policies. Access to folders can be easily managed with access control lists (ACLs) - however, this is quite inflexible and restrictive as it is based on the premise that all information assets reside in a single location.

Metadata- driven dynamic permissions setting in modern ECM systems enforce access controls via combinations of document attributes, such as the customer to which the document relates and the document type. In this way, a single document can be accessible to members of a project team, a group of developers, all management except, for example, HR, or any combination thereof. As well, permissions could also change based on the workflow state of the document.

Obtain better insight into audit activities by leveraging metadata

Audits happen all the time across organizations and from an information security point of view, leveraging metadata can help organizations to better track changes made to documents or objects. Comprehensive event log files track the creation, modification or deletion operations and using these logs, organizations can easily determine "who" performed an operation that resulted in non-conformance and take action to remedy the issue.

 

--

John Desborough is a Director, Consulting and Technology Solutions at MNP. He is an accomplished business solutions program manager and business transformation architect with 30+ years in the information and technology consulting domain. John has extensive background in information management and governance with both public and private sector clients on a global scale. Drop John a line to discuss this topic in more detail: [email protected]