You need to secure content for both compliance and e-discovery reasons. While there is overlap (and it will rarely, if ever, be all one goal or all the other) there are different rungs to get to the top of each ladder.
By Alan Weintraub
The increase of the amount of electronic information and the need to better
manage this information has left organizations with the challenge of developing
effective management strategies. These strategies are being driven by both
compliance regulations and the e-discovery needs. While it may seem that these
two requirements are complementary, they actually require two different types of
technology approaches to fully meet both requirements. Compliance regulations
are typically met using solutions that focus on the control and auditing of
information. E-discovery solutions are less concerned about the control of the
information and are primarily focused on the authenticity of the information. To
better understand the strategy that you should be focused on to meet your
company’s requirements for content security, use the Content Security Ladder to
climb to the right solution.
Authenticity Ladder
The
Authenticity ladder represents the climb to reach the point at which a piece of
content can be verified as to its authenticity at a given point in time. This is
critical to the e-discovery process. Lawyers that subpoena content to be used in
a legal case must be sure of the authenticity of the information, minimizing the
risk of repudiation.
Electronic Signature – An electronic signatures represents
the user’s intention to verify that the content contained in the document is
valid and true. The Federal ESIGN act defines an electronic signature as an
electronic sound, symbol, or process, attached to or logically associated with a
contract or other record and executed or adopted by a person with the intent to
sign the record.
Digital Signature – A digital signatures is similar to the
electronic signatures as they both represent the user’s intention to verify that
they content contained in the document is valid and true full. The difference
between an electronic signature and a digital signature is that the digital
signature not only tracks the credentials of the signing party, but also
encrypts the information for further protection. Validating the digitally signed
document will validate the signing party and the fact that the content was not
changed since signing.
Trusted Content – Trusted content is content that is
encrypted and embedded with a trusted timestamp that captures the “state at a
point of time” of any electronic information or transaction. Trusted timestamps
ensure that a party to a transaction cannot falsely deny involvement in the
transaction. The standard X.9.95 defines data-level security to ensure data
integrity against a reliable time source that is provable to any third party.
This content security technology is increasingly being used when presenting
content in a legal proceeding.
Control Ladder
The Control ladder represents the climb to
reach the point in which the user has persistent control of the content. This
can be likened to one of the new flexible dog leashes. These leashes will at
times allow the dog to feel like they are running free and then there will be
times that the owner will shorten the leash to maintain a tighter control over
the dog. This ladder provides various levels of control over the content.
Enterprise Content Management – Enterprise content
management solutions provide an integrated document and records management
capability. Enterprise content management functionality provides a secure
repository to manage all approved corporate information which can include the
drafts along with all associated communications.
Digital Rights Management - Digital rights management
provides persistent control and security of the content. The user is granted
only the privileges that the document sender allows (e.g., view, print, copy or
save). This capability can manage access to content during a defined process.
Digital Rights Management w/ Trusted Content - if encryption
can view as the starting point for the climb up the ladders, the end point or
the top of the ladders is the combination of digital rights management and
trusted content. This is the ultimate content security solution that combines
both authenticity and control.
When creating a content security strategy it is critical to assess which
ladder is the most important to your organization. While it is never an either
or situation, one of the ladders will be the major focus of the strategy while
the other will play a supporting role. Some organizations that are governed by
regulatory compliance regulations will focus on control to meet the regulatory
requirement to fully manage and audit all actions on their content. Other
organizations are more concerned about their legal exposure and thus will focus
more on the authenticity to insure that their content is valid and unaltered.
Understanding the focus of your company will lead you up the correct content
security ladder.
Alan Weintraub (alan.weintraub@perficient.com
or 484-467-5720) is a Principal, ECM Solutions for Perficient (www.perficient.com). Alan has
extensive experience in all phases of Enterprise Content Management solution
implementations. He has worked as a Research Director at Gartner, focusing on
the Content and Document Management markets and a consultant where he designed
and implemented document management systems. Prior to his consulting experience
Alan engaged in technology management for major pharmaceutical companies. He has
over twenty five years of experience in the information systems
profession.