The need to share information has never been greater as cross-organizational business processes become deeper and more complex. The movement of digital information, both within a business and across its increasingly porous boundaries to external individuals and organizations, carries more and more risk as regulations are tightened around data protection and personal privacy.
QUOCIRCA INSIGHT REPORT November 2008 Contacts: Content security for the next decade Bob Tarzey Is your organisation ready to weather the storm? Quocirca Ltd Tel +44 7900 275517 The need to share information has never been greater as cross-organisational business bob.tarzey@quocirca.com processes become deeper and more complex. The movement of digital information, both within a business and across its increasingly porous boundaries to external individuals and Rob Bamforth organisations, carries more and more risk as regulations are tightened around data Quocirca Ltd Tel +44 7802 175796 protection and personal privacy. Those businesses that stay ahead of their competition in the rob.bamforth@quocirca.com next decade will be those that put the technology in place to allow them to share content widely, but safely. R EPORT NOTE: T his report has been ? Businesses have always shared information with their customers, partners and suppliers but w ritten by Quocirca to today this is mostly done electronically ad dress the growing There are many inherent dangers in the electronic sharing of information, especially since the co ncerns in businesses and dawn of the internet age. Initially the risk was that a business's intellectual property may be pu blic sector organisations compromised or its employees exploited or distracted. However, in the last few years the around content security. overriding concern has become external regulators, especially those tasked with ensuring the The report draws on privacy of individuals about who so much data is now collected and stored. Quocirca's knowledge of th e technology and ? In order to address these concerns businesses need to have a clear and concise policy about businesses and provides how data should be handled and what happens when a data breach occurs advice on the approach or ganisations should take The policy needs to be easy for all to understand and, where relevant, communicated to external to ensure they are organisations with whom sensitive data is shared. It needs to be a single coherent document, kept pr otected from current up to date and easily accessible. Employees must receive regular data protection update training. and future data protection All of this must be visible to regulators. regulations and other threats relating to poor ? Policy needs to connect people with content and make it clear who has the rights to access co ntent security. and create content and what they can subsequently do with it Most organisations already have a directory of users, and this should be central to the relationship D uring the preparation of of people to content security. Groups or individuals can be granted rights to access and create this report, Quocirca has content and policy will dictate what they can do with it and with whom they can share it. Some sp oken to a number of content may need to be restricted to specific locations in which it can be accessed through links en d-users, IT vendors and with physical security. se rvice companies co ncerned with content ? However well implemented a policy is, employees are fallible and the control over external se curity. We are grateful individuals is limited fo r their time and insights. This requires the use of technology to limit and control the actions of users. No single technology Finally, Quocirca would will provide all the protection necessary and organisations must ensure that whatever products they like to thank the sponsors use not only fit their policy, but also warn users if they are about to breach it. of this report; Clearswift, Symantec, Trend Micro, ? A range of technologies can help protect data in its four main states: stored on stationary W ebsense and AEP devices, stored on mobile devices, in transmission over networks and printed on paper Networks. Encryption should be used where prudent although it is not enough on its own; once content is decrypted users can do pretty much what they like with it. This means further measures including end point security, content filtering, web access technology and print management; they all form part of total content security. ? An overriding technology is needed to translate written policy into enforceable IT policy; the term d... [download for more]
