Securing Documents, Enterprise-wide
What We Know
Document management tools are great for sharing information and letting multiple individual and teams edit and collaborate. But when it comes to security, most tools are either incredible complex to manage or have too little security.
So we end up having:
- Document folders scattered on file servers and cloud storage
- Restricted access wiki deployments
- Everyone-can-see intranets
- Messaging and chat apps
With so many teams, projects and departments, it’s easy to see why document related tooling spreads so quickly – everyone wants their own space and do things their own way.
Managing user permissions/access control on so many tools is not a easy task.
Start with Spaces
Spaces should be defined in 3 different ways:
- Personal spaces for just myself
- Team spaces for invited members only
- Public spaces which anyone can access
With this model, documents can move between different spaces with access rights defined at the space level. Example:
- You create a proposal document in your personal space
- When ready, you move it to the team space so that co-workers can review
- When ready, your team moves the proposal document into a public space for everyone to see
We’ve accomplished gradual document development whilst controlling increased participations.
What’s the alternative?
- You could work on the proposal and email around for a while before going ‘public’
- You could work in ‘public’ for everyone to see and ‘participate’
Personal, team and public spaces provide the perfect mix of storage and access control.
Refine with Categories
But what happens when you want to temporarily share specific documents with a different team or participant?
Ideally, you would want to group specific documents together and provide temporary ‘outside’ access.
Categories allow for multiple secure areas within a space, allowing for multiple teams to work together. You attach/detach both documents and participants to the category. Example:
- IT team have a space for all their interal project documents
- They are working on a new Disaster Recovery plan
- Finance need to review and approve the project and ask for access to relevant documents
- Project lead creates DR Plan category and associates relevant documents with the category
- Project lead grants both IT and Finance people access to the DR Plan category
- As project evolves both departments access and work on the document
- When project completes, project lead removes Finance members from the DR Plan
- Documents remain in the IT space associated with DR Plan category
Nothing gets emailed, leaked, moved, deleted, duplicated or otherwise interferred with.
What’s the alternative?
- Create folders and copy/move documents around whilst juggling daily access control requests
- Let Finance see every IT document and come what may
The combination of spaces and categories provides a unique means to manage every-changing document access control.