How to Target Security in Your ECM
Role-Based Access Can Simplify and Strengthen ECM Security
Congratulations—your organization has adopted a much-needed, corporate-wide mandate to implement an Enterprise Content Management (ECM) system. Your mission, which you are happy to undertake, is to deal with all the issues that you face everyday using a file share or shared drive—like version control, ease of sharing and finding files.
You also face another big and opposing challenge: security. Users often keep data in places other than the network file share because they are concerned the documents may be accessed by someone who shouldn’t see the contents. They are so worried that they even keep the documents on a local C: drive, or worse, a USB stick. So, when you build that new ECM, a key task is to build a taxonomy or folder structure that promotes all the collaborative aspects you desire, but that also includes the security functions that you need.
All organizations create documents that are private. Management generates projections on sales, resource headcounts, business plans for expansion and new products. Human Resources documents salaries and benefits. The list goes on. How do you build a structure that promotes security and provides the peace of mind users need to be assured that certain data is for their eyes only?
One of the most effective methods of setting security in your ECM is through “role-based access.” Roles are established and users are assigned to the role—manager, business unit lead, company level or title. Permissions for the folders are set for the appropriate role or combinations of roles.
For example, any employee who is assigned the roles of “marketing department” and “manager” can access folders that hold marketing plans, sales projections and other information relevant to the job. On the other hand, in order to access the folder that stores confidential new product ideas, a person also needs the role of “product development team.” You can create as many roles as you need to delineate clear lines of access and security.
This model eliminates the need to set permissions on individual files or to set multiple permissions on individual employees. As you build the target repository, you’ll create folders to house sensitive documents and decide which roles have access to them. Next, each employee is assigned a role that comes with certain levels of permissions.
Role-based access security accommodates personnel changes, too. If an employee is promoted with his department, and becomes eligible to join another access group, the addition is simple. No one need pick through the network to add that person, here and there, to folders they think they need. On the flip side, when people leave the company, they are simply removed from the access group, and all access is terminated.
Role-based access can increase the usability of your ECM and reduce risks of internal security breaches. At FileFacets, we help companies design and implement the right information governance (IG) solutions for their information sharing and security needs.