We Are In Lock Down
I once heard this statement at a lecture I was giving. The person stated, “We are locked down. IT has our information secured in our organization”. I have heard this over and over again that many organizations, place the responsibility for securing stored information on IT. Security is, and should be an aspect of information governance that every employee is trained in and held accountable to maintain.
Security, or protection of information assets is a big concern for many organizations and even more so when talking about cloud or SaaS applications. In a recent study by AIIM, respondents cite their top concerns with cloud or SasS applications as content being safe from prying eyes, and storage in a legally compliant way.1 This to me indicates information security concerns.
Which four of the following do you have most concerns about regarding content that you are currently creating/might create within cloud-based/SaaS collaboration systems?
Technology alone is not the problem
While it is valid to challenge the security element of technology, it is not the system, software, or hardware that misplaces, loses, or steals information, it is the human. People are responsible for these actions and the format does not matter. Even in a paper-based world, humans will still misplace, lose, or steal information so the fact the information is digital and stored digitally, whether cloud, SaaS, or on-premise, should not be the only focus. Discussions about information security should be holistic, encompassing technology, people, and process. Simply applying a technology treatment based on symptoms, and not the cause, will not be enough. Neither is placing the total responsibility for information security on IT.
In my view
While security and loss prevention may be or perhaps are part of the information management discussion and infrastructure, the focus is typically not a whole view and misses some of the key elements with the weakest link being that of the human element. I see the use of security, monitoring, and prevention technologies as vital to securing stored information so that it can be protected and managed properly but you must not stop there. Look at this as only the beginning of an ongoing program.
Put in place user training that addresses the need for security, types of security and technologies to be used. Teach them how to use these tools, and appropriate use of devices like portable hard drives, USB storage, tablets, smartphones and any other tool available to the user community that can access and store information. Pointing to technology is not the answer to this problem for technology implemented and maintained to manufacturer specifications will do what it is designed to do. It is the unknown entity, the human element that needs a tighter focus.
What say you?
Do you have a story to tell? What are your thoughts on this topic? Do you have a topic of interest you would like discussed in this forum? Let me know. If you are looking for some great research information from our industry, feel free to visit our research site and download some of our Industry Watch Reports today at www.aiim.org/research
Bob Larrivee, Director of Custom Research – AIIM
Email me: email@example.com
Follow me on Twitter – BobLarrivee
I will be speaking at the following events:
• #Share2014, June 18-20, 2014 in Johannesburg, SA
• #AIIMForumUK, June 25, 2014 in London UK
• #NIRMA2014, August 10-13, 2014 in Las Vegas, NV
Resources: 1AIIM Industry Watch titled: Content Collaboration and Processing in a Cloud and Mobile World#Security #InformationGovernance #Collaboration