Secure collaboration requires document control

People collaborating on projects and documents need to share information. The challenge for CIOs is to provide a secure venue to facilitate the sharing of information.

Businesses use a wide range of security technologies, such as encryption, virtual private networks, and Secure Sockets Layer, to let workers use the Internet or a corporate network to send and share electronic documents, presentations, and financial spreadsheets while denying access to unauthorized users. Yet, for many, that level of security isn’t enough.

“We’ve used techniques like encryption and VPNs to safeguard the confidentiality of information contained in sensitive documents either e-mailed or electronically transferred in other ways,” said Robert Dellinger, an IS manager at a Midwestern manufacturing company. “But once a file is detached and decrypted, we lose control of who gets to see the information.”

For example, a business partner who receives some confidential information can easily forward the decrypted document or spreadsheet to anyone he or she chooses to.

That’s exactly why some enterprises are using a different approach—collaborative software—to safeguard highly sensitive documents.

Specific tools help secure data
Collaboration applications allow users to share information in an ad hoc electronic meeting, even though the actual file is not distributed to everyone.

There are many ways to do this, but a handful of services and products are getting more play than others. For instance, many companies are using Web-based services like those offered by WebEx Communications Inc. and PlaceWare Inc. Others are using Microsoft’s NetMeeting or Groove Networks Inc.’s desktop collaborative software to enable similar meetings.

These services let a manager organize an online meeting, invite participants to the meeting, and then present information—whether it’s a spreadsheet, a document, or a PowerPoint slide presentation—to meeting attendees simultaneously.

The advantage over the traditional approach, in which meeting leaders send each attendee a copy of the file, is that no one has the file in hand, and thus they can’t distribute it. Of course, users can write down the information and share it with others. But the online meeting approach can help curb the automatic forwarding of confidential data files.

In addition to presenting information to an entire group, most of these applications and services allow meeting members to chat, ask questions, and annotate the shared document.

Another interesting approach
An alternative to the online meeting approach is a service offered by Authentica Inc., which was described in a previous article.

Authentica specializes in digital rights management software and the protection of business intellectual property. Using Authentica’s MailRecall, PageRecall, and NetRecall, a company can share information through a number of methods, such as sending an e-mail message, sharing a file, or providing a link to a Web site. The recipient can view this information but can’t share it with others. In addition, the original sender can cut off access to the information after a certain point in time.

The main factor that CIOs need to remember is that securing information goes well beyond providing a secure transport conduit over the Internet or corporate networks. For some enterprises, tight control of files is one way to add a higher level of control above traditional encryption methods.

TechRepublic originally published this article on 15 August 2003.