« Microsoft Shared File Drive Emulation (CIFS) vs. WebDAV | Main | ECM Answers for James McGovern »



We are presently contemplating the scenario, particularly with regards to documents, that authentication/authorisation is not strong enough for our needs. Seeing as the higher proportion of security threats are internal, we are probably quite adequately protected by most ECM's already. What we really need is a public/private key encryption system where levels of authorisation are embedded in the key. We also need this integrated with the document (or data container). For instance we need to allow view only access to a legal document, but another person can edit it. Finally an administrator cannot decrypt/read the file, however he can back it up. etc. etc. This would end problems such as HR keeping all their records on a server under a desk and allow proper DR efforts to be implemented by IT, to name but one obvious requirement. Any ideas on incorporating this. Are we not approaching security the wrong way these days (outside in vs inside out)??


The comments to this entry are closed.