Encrypted Document Ownership: Whose File is it Anyway?

A frequently asked question is: "What happens when the person who encrypted a number of files leaves the organization?". The concern behind the question is that an organization might find itself locked out of its own information assets, with critical business processes being held up while administrators figure out how to regain control so that policy can be amended as required.

A related question is: "What happens when an author changes role?". Most IRM solutions reserve special privileges for the original authors of documents, such that they may retain access after moving away from a particular project or role, creating security and compliance issues. They may also continue to be called upon to modify policy for those documents long after they have moved out of the relevant position.

With most solutions, the reponse is not to worry because a superuser can always identify all of the documents owned by the outgoing user and transfer their ownership to someone else. Unfortunately, this means that IT override of access rights is a matter of routine, as staff turnover is an ongoing process. It also means that the new owner suddenly becomes responsible for, potentially, a large number of documents protected in a variety of ways by someone who can no longer be referred to for clarification.

With Oracle IRM, the answer is much cleaner. In standard deployments, the solution places no particular significance on who authored a document - documents belong to their classifications rather than to the individuals or applications that created them. If an author leaves the organization or the project, their documents continue to be protected according to classification policy. The author himself may well lose access rights because his account has been deleted, or because his rights have been updated to reflect a change of responsibilities within the organization. a_man_throwing_papers.jpg
The focus shifts, therefore, to the classification or context managers. What happens when they move on? In most cases, the role of classification manager is shared by a small number of business users, so the depature of one has no impact. If not, the departing user simply transfers their responsibility to an appropriate successor. This is a simple task that does not involve IT intervention and does not involve revisiting each of the individual documents.

And what of the admin burden for the incoming classification manager - suddenly responsible for managing rights to, potentially, thousands of documents? Well, one of the key benefits of the classification model is that the new manager can think in terms of policy for one classification rather than for thousands of distinct documents.

So, Oracle IRM does not suffer the administrative overhead that staff turnover creates for rival solutions. The overall policy set is small, it is managed by a small subset of users, and the responsibility is easily transferrable without IT intervention. There is no need for IT to be granted rights to override policies defined by the business.

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Oracle IRM protects and tracks your sensitive information no matter where it goes. It combines business friendly encryption with role based usage rights and auditing.

11g quick guide

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today