I was surprised recently to hear that a sensitive document detailing US nuclear sites somehow ended up being published on a publicly accessible website. So, while “these screw-ups happen”, it should raise some concerns amongst other ogranisations and businesses out there – if the US federal government could make such a mistake, it’s quite likely that it could happen to your business.
Obviously on a day-to-day basis in the normal course of business , there are many confidential documents that pass hands electronically. Furthermore, as a result of more rapid markets, our websites need to be (and usually are) updated on a more regular basis. According to customers I have spoken to, the web content management process is usually one whereby business users create content in word, which is thenĀ subsequently emailed to web developers who publish this into HTML for the website(s). There are some fundamentals problems here:
- There is no formal and auditable approval process
- Email Servers get clogged
- There is no mechanism to prevent sensitive documents reaching the web
Ideally, what one should have in place are technologies that provide content-centric security and workflow/approval processes for content that is to be published to the web. Content-centric security ensures that, no matter whose hands an electronic document ends up in, the document will have fine-grained security applied. I.e. it can’t be opened, printed, editted, etc unless the person has the appropriate security credentials. It also provides an audit trail on each content item or document.
Furthermore, a content management system (CMS) will enable business users to create web content in their native application (e.g. Word) and drag this into a folder, after which it will be subjected to a formal approval process (that can be audited), converted to HTML, and then published to the web.
In conclusion, as we have seen sensitive information can quite easily leak out or end up in the wrong hands. What we need to realise is that prevention is better than cure.
