By Chris Davidson, Product Marketing Manager at M-Files.
In conjunction with the Association of Information and Image Management (AIIM), M-Files recently conducted a survey regarding information security. Before conducting the study, I envisioned the perfect metaphor for information security to be organisational stone fortress, a barricade—if you will, used to keep out unwanted attacks. And I still have this view for certain use-cases.
However, in researching context for the survey results, I discovered a more nuanced metaphor developed by Computer Weekly's John Riley–who likened security to an airport: "The new analogy (for information security) is an airport, where anyone can enter, but access to different areas is then strictly policed by a series of checks and controls."
Did you know that the US Federal Government has a standard practice of workshopping the metaphors developed to describe many of its efforts? Think "Operation Overlord" or "Desert Storm"—these names become a way for organisations to understand, communicate and rally around a project. I've also seen this approach used in the private sector as a unifying technique around large technology efforts such as enterprise content management implementations. It's very effective.
There Are Fewer Absolutes to Information Access
Regarding metaphors for information security, a fortress is certainly an apt one. In this information age of cyberattacks, it behoves organisations to protect their information assets with their own colossal fortification. In fact according to the aforementioned AIIM survey, 43% of companies have experienced some sort or security breach within the past year.
This stat is certainly frightening enough to lead many organisations to build walls of security with a fortress-like purpose – and ten years ago, this approach would have been appropriate.
The fundamental intent encased in the fortress metaphor is "information is an asset—that can only be shared within our walls." From an IT perspective, you are either outside of the firewall and not permitted to have access to organisational information—or you are inside and use an information management system like M-Files to maintain strict control over information access and security.
Conversely, sharing information and collaborating with clients, partners, remote offices, field employees and even the general public is a fundamental element of many businesses. For this use case, the fortress metaphor isn't flexible enough because secure access to information must be provided to those outside of the organisation.
The airport metaphor, on the other hand is better suited to meet the more fluid and flexible needs of today's workplace. For example the first layer of information access is the organisation's website. The public can download 'public' content and engage with forms or work with content sent via a link–and all of this content can be secured and managed by M-Files. The second layer of access might be via a native mobile app or web client for staff in the field. The third could be limited access to confidential documents for management and so on. In this scenario the organisation's information security is enabled by the metadata-driven access control and permissions of M-Files. M-Files 'knows' what the content is—so you can be confident the proper security is enforced.
As far as metaphors go, your approach to security should be based on your organisation's specific needs and requirements. Ultimately, M-Files equips you with the tools for either scenario.