Continuing to answer some of the questions left outstanding from our recent webinar on the Market IQ on Content Security ( freely downloadable at http://www.aiim.org/article-industrywatch.asp?ID=33810 ). View earlier Q&A postings via the tag aiimQ&A on my blog, as well as Carl's blog (TakingAIIM).
Any further questions or commentary to this, please feel free to comment here on the blog. If you have examples (good, bad, ugly) that apply to the topic, or contrary experiences/opinions, please share them - there is much to be discussed!
Q: What file formats can be set up so that they can be printed at the desktop but NOT saved to the desktop?
A: This can be a tricky and subtle realm. Now in theory, if you can print to a physical printer, you may be able to divert that print job (a "stream" of information, or if collected, a file), and save it to disk, one way or another.
But to your point, I suspect, this is the area of Content Security which is best described as Enterprise Rights Management (ERM - and yes many think of ERM as Electronic Records Management - related, but largely different), or as some solution providers term it, Information Rights Management (IRM).
ERM/IRM allows for complete control over the distribution and access rights applied to files, potentially of any kind. This includes e-mail messages, attachments to messages, word processing documents, spreadsheets, presentations, PDFs, text files, programming code, etc..
With such a system, you could be very creative, and create rules such as:
User A - may only print this document once, may only view it electronically 5 times, and after 3 months, the content expires, locking itself, or in extreme cases, destroying itself (i.e., "this message will self-destruct in 10 seconds").
As we pointed out in the webinar, and in other questions, no security technology is perfect, and neither are your employees or users/customers necessarily always honest and trustworthy. At some point, you need to decide are you being overly paranoid, not paranoid enough, and exactly what is the value vs. the inconvenience of the security measures you have put in place, and the cost overall to create and administer that security.
With digital cameras, screenshots of your computer, cell phones with cameras, or as Carl pointed out in the webinar, a pad of paper and a pencil, or for that matter, people with incredible memory can copy whatever can ultimately be displayed. So, it's impossible to be 100% secure - once you realize that, you realize that this is merely a game of who is more willing to expend the resources - the "hacker" or you, in protecting your content. All you can buy is time, and in inconveniencing those people and perhaps organizations who are "threats" to the security of your documents and systems.
To make sure that your protection capabilities are in line with the value of the content you're protecting, you'll need to embark in some information governance work, and strategy. See some of the other questions we've had on these topics for more details. Suffice it to say, to nearly every organization, information does not truly have value - else where does it appear on the financial reportings of the organization? Your buildings have value, the stock in your warehouse has value, some companies are recognizing the value of their brand (quite literally), but as to the information produced and consumed? Very rare to have a direct value assigned to it, or expectations that are directly quantified as to future value, or value of loss/leakage/theft of that information.
Comments