Encrypted Document Ownership: Whose File is it Anyway?
By Martin Abrahams on Nov 14, 2009
A frequently asked question is: "What happens when the person who encrypted a number of files leaves the organization?". The concern behind the question is that an organization might find itself locked out of its own information assets, with critical business processes being held up while administrators figure out how to regain control so that policy can be amended as required.
A related question is: "What happens when an author changes role?". Most IRM solutions reserve special privileges for the original authors of documents, such that they may retain access after moving away from a particular project or role, creating security and compliance issues. They may also continue to be called upon to modify policy for those documents long after they have moved out of the relevant position.
With most solutions, the reponse is not to worry because a superuser can always identify all of the documents owned by the outgoing user and transfer their ownership to someone else. Unfortunately, this means that IT override of access rights is a matter of routine, as staff turnover is an ongoing process. It also means that the new owner suddenly becomes responsible for, potentially, a large number of documents protected in a variety of ways by someone who can no longer be referred to for clarification.
|With Oracle IRM, the answer is much cleaner. In standard deployments, the solution places no particular significance on who authored a document - documents belong to their classifications rather than to the individuals or applications that created them. If an author leaves the organization or the project, their documents continue to be protected according to classification policy. The author himself may well lose access rights because his account has been deleted, or because his rights have been updated to reflect a change of responsibilities within the organization.|
And what of the admin burden for the incoming classification manager - suddenly responsible for managing rights to, potentially, thousands of documents? Well, one of the key benefits of the classification model is that the new manager can think in terms of policy for one classification rather than for thousands of distinct documents.
So, Oracle IRM does not suffer the administrative overhead that staff turnover creates for rival solutions. The overall policy set is small, it is managed by a small subset of users, and the responsibility is easily transferrable without IT intervention. There is no need for IT to be granted rights to override policies defined by the business.