The right level of content security balances trust with verification. Finding that balance is the challenge, and the answer depends on your responsibilities and how you assess your organization's risks.
The first step in establishing a sufficiently secure CMS, or content management system, is to determine the acceptable trade-offs between the security of the information contained within the system and the usability -- or user-friendliness -- for people who rely on the content to get work done.
Authentication vs. authorization
Let's start with the basics. At its core, a CMS is a shared repository -- a virtual location where designated people and processes store and retrieve information, represented as digital files. These files are defined and maintained through a hierarchical folder-file system.
A CMS ensures content security in two ways:
- authenticating the people or processes requesting access to the repository and its files; and
- authorizing what people and processes can do with the files once they gain access.
Think of authentication as an identity check -- like displaying a driver's license to verify you are who you say you are. In our digital world, authentication begins with username and password combinations. It extends to include different kinds of two-factor and biometric verification challenges.
Think of authorization as granting permissions or access rights to do certain things, such as ensuring that writers can create and update news stories, editors can edit them and readers can simply view them. The trick is to make each step as transparent as possible. It would be tedious if people had to manually authenticate themselves and seek authorization before every action they wished to perform. That's where a CMS adds value.
Maintaining a secure CMS
To simplify operations while balancing trust with verification, a CMS defines the security environment. It then makes a series of implicit and explicit trade-offs, based on its assumptions about acceptable risks and usability. It automates the security checks in four ways:
Perimeter security. At minimum, a CMS establishes perimeter security to the repository. Once authenticated, people and processes have permission to access and modify items within the repository to the extent that they're authorized. A CMS also defines a set of roles -- such as writer, editor and reader -- and automatically assigns individuals to roles during authentication.
Authorized operations. A CMS manages authorized operations through a set of access control lists, determining whether individuals can read, edit, create or delete items within the repository. It maps roles determined by authentication to the operations to manage content-related actions.
Inheritance. Access control lists define hierarchical permissions with inheritance. For example, a person authorized to view a folder can automatically read all of the items within the folder, unless permissions for specific items are revoked. Permissions for authorized operations are also hierarchical; for example, a person with edit permission can also read a file but can't create a new one.
Item-level security. Perimeter security alone won't always suffice. For instance, a company may need to secure confidential design specifications and ensure that only named senior engineers can access or modify them. For these situations, consider item-level security. A CMS can also maintain additional security by encrypting individual files, or groups of files, stored within the repository. While public and private key encryption techniques are the most widely deployed, there's continuous innovation to handle ever-changing digital environments.
Best practices for a secure CMS
When weighing the trade-offs between security and usability, being too lax or too strict introduces problems. Onerous security gets in the way of normal work activities, while too much openness raises unnecessary security risks. Like locks on a door, security barriers should have a business purpose.
How do you get content security just right? There are three content security best practices based on risk assessment, identity authentication and permissions:
- Risk assessment. Begin with an information audit and risk assessment. Catalog the types of content items you're managing within your CMS. Assess how valuable they are to your organization and what risks you would encounter if one or more items were inadvertently released. For example, the user's guide for an existing product probably has a different business value than the design specification for a product prototype that you plan to introduce in a year.
Develop a list of the types of documents you manage and the line-of-business groups that own them. Describe, from a business perspective, the level of security each type requires. Create a content security table describing content types, owners, roles and permitted actions. That will help you determine how comprehensive your CMS should be to lock down and secure various content types.
- Sufficient authentication. Make sure authentication is sufficiently strong and transparent to accommodate the content security risks you have identified. Authentication begins at the enterprise level. Most organizations implement an enterprise directory with single sign-on capabilities where a single set of credentials enables access to multiple system resources, including a CMS.
Check to see whether the authentication process within your organization meets your needs. It should include an automatic password recovery capability. It also may include capabilities for two-factor authentication, biometric authentication and mobile device authentication.
Introduce an additional layer, or layers, of authentication challenges when you need to verify personal identity beyond the enterprise level. This additional step, which introduces barriers to access, should be driven by an essential business purpose. Design engineers, for example, may need to log into a secure CMS when they're planning to modify the specifications for a new product design, thus reinforcing a level of trust that only knowledgeable individuals are making updates within the shared repository.
- Adaptive authorization. Once individuals and processes authenticate themselves to the repository, they have permission to perform specific operations on the content. The CMS manages the access controls to individual files, initially in a hierarchical manner -- gaining access to a folder includes granting access to all the documents within the folder, unless access controls are specifically modified.
Both proprietary and open source CMS systems start by enforcing hierarchical permissions. Item-level access controls can enhance security at the cost of introducing additional barriers. Defining new roles within a secure CMS can provide added granularity for access controls.
Moreover, not all access controls and permissions are strictly hierarchical. Flexibility is essential. With omnichannel access from mobile devices and remote processes, access controls need to be more granular than a strict folder or file inheritance. A design engineer connecting to a CMS from a laptop, for example, may have permission to modify a product specification, but when connecting from a mobile device, may only have permission to view it.
Third-generation CMS systems usually include capabilities for line-of-business system administrators to customize the rules for access controls to adapt to business needs. An open source CMS, such as Drupal, is particularly valuable for delivering the flexibility for adaptive authorization, including defining new roles and actions. After all, developers can modify the core logic for granting permissions as need be.
Adaptive authorization is the cutting edge of content security. Rules-based systems are going to be superseded by machine learning environments in the years ahead. But business risks are continually changing. Thus, it's important to remember that content security is not a fixed thing. Be prepared to accommodate and respond to the ongoing challenges of the digital revolution.
How identity and access management protects unstructured content
What to avoid when planning an identity management strategy
Why organizations need authorization management systems