p0temkin - Fotolia

Content-based security continues to plague companies

Cloud computing and mobile devices have undoubtedly changed the nature of content-based security. But have enterprise methods caught up?

As cloud computing, mobility and globalization have become further entrenched in organizations, content-based security risks have only proliferated, leaving companies to try and keep pace.

Content-based security issues can include assessing the various locations in which content can reside, given the cloud and mobility, and how best to secure that data. Organizations also must remain cognizant of avoiding creating undue data access hurdles.

Content compliance and data sovereignty have also become issues for companies as they seek to traverse the new landscape, in which a document may reside in a data center in a country whose content security laws differ from the country in which the company generating the content resides. Companies subject to regulatory compliance and data sovereignty requirements may need to consider how to best secure their content in new ways.

"There is absolutely a new world emerging," Shawn Shell, vice president at Hitachi Consulting, said. "While cloud isn't necessarily new, large companies -- especially in regulated industries -- are adopting data centers that they don't directly own and control. At the regulatory level, governments around the world are struggling a bit, trying to figure out things like jurisdiction and data sovereignty, which is a deep issue. And PCs are no longer the ruling device in this ecosystem. We have devices that are very mobile. They are being carried on a person from jurisdiction to jurisdiction."

The issue, Jonathan Bordoli, a solutions architect at Hitachi Consulting, noted, is that companies need to think about workers' complex identities within and outside the four walls of a company to ensure that they have the right access to the right data. Employees must be able to view the documents they need to do their jobs, but they shouldn't be privy to personally identifiable information if they aren't in a financial department or human resources.

"First and foremost, it's about someone's identity," Bordoli said. "They have an identity in an HR solution and one in a content management solution, and several outside the company in Google and Facebook. And so the first thing we need to think about is, 'What is Jonathan's identity, where is he known and how do we know him?' And the next thing is, given the myriad of identities, how do I map those identities to the content sources -- Salesforce, Oracle, a myriad of solutions, etc. We need to think of rules-based solutions that allow a mapping of an identity that I can take up through a token or a login, through to the information -- is that security, is it encrypted -- through to applying security rights as it's stored in a document system."

Bordoli also talked about the role that cloud computing and compliance play in relation to content-based security. "An opportunity that the cloud gives us is the chance to nominate where data should be stored. That's one way to manage the situation. Cloud gives us the opportunity to regionalize data," he explained.

Interestingly, Bordoli noted that cloud computing gives companies greater flexibility, whereas Shell discussed the increasing complexity introduced by the technology. "It's fascinating that two divergent opinions with two people sitting three feet apart can be the right answer to the same question," Shell said.

For more, check out the podcast above.

Next Steps

Globalization making data sovereignty a whole new ballgame

Office 365 archiving varies based on service

An expert offers insight into Office 365 data backup issues

Dig Deeper on Information governance best practices