ZDNet document security roundtable

In June, ZDNet Australia held a roundtable discussion about Document Security at Sydney's Aria restaurant.
Written by Brian Haverty, Contributor

In June, ZDNet Australia held a roundtable discussion about Document Security at Sydney's Aria restaurant.

The following people attended the roundtable:

  • Graham Pullen: vice president Asia Pacific, Open Text
  • John Duckett: general manager IT, DLA Piper
  • Stephen Pettitt: business analyst manager, Australian Hearing
  • Phil Vasic: regional director APAC, Clearswift
  • Youssef Moussa: data centre services and operations manager, Westpac
  • Ajoy Ghosh: chief security information security officer, Logica
  • James Turner: IBRS analyst
  • Neil Campbell: general manager, security, Dimension Data
  • Phil Dobbie: journalist
  • Brian Haverty: editorial director, ZDNet Australia

As is often the case when dealing with security issues, the topics discussed covered a wide range. Open Text's Graham Pullen started things off by saying "I think there are three disruptors in business today, from a document management viewpoint: the cloud, mobility and social networking".

Pullen also pointed out how the proliferation of devices was a huge concern to many organisations. "With mobility, content is moving to a whole raft of new devices. What happens when an employee loses one of these devices?"

DLA Piper's John Duckett also expressed how this was, indeed, changing the way in which his legal firm worked. "We are about to deploy 200 iPhones — half our people will have iPhones. Obviously, that's a management risk, and we need policies to handle that more effectively."

The discussion was not all about mobile, however. Stephen Pettitt of Australian Hearing spoke of the sheer increase in documents and how they affect a business's operations. "The biggest challenge we have is dealing with 60 years of documents in 100 hearing centres across Australia. One issue is rental space. The other is securing those documents against fire and theft."

Amidst this ever-increasing mountain of information, organisations are also faced with the difficult task of making qualitative decisions about data. And it's not only about prioritising information, it's about coming to terms with all the different places in which that information might reside — Facebook, for example. Graham Pullen put it this way: "If you use Facebook to go find something, you're talking to communities of interest. And it's immediately put into context why you're trying to find that information. Google, however, is still a search — it delivers thousands of answers and you can refine them, but that gets more complex."

Talk then turned to the growing popularity of collaborative tools, and the benefits that more efficient collaboration brings. But to reap those benefits, it's also necessary to provide access to important information.

According to IBRS analyst James Turner, this focuses concern on the "forgotten" security danger that organisations face. "I'm surprised by the number of IT managers that I'm talking to in government departments in Canberra, who are saying that people are using Facebook to communicate. Stakeholders, clients, customers, external parties. How are they tracking that data? You can put the technologies in place, but unless you are training the staff around the processes and policies that you want the organisation to follow, you're kind of flying into the wind."

The challenge seems to be finding the information access "sweet spot". According to John Duckett, "We're trying to get a balance between what is practical and what still allows people to work". What's one of the ways that might happen? According to Westpac's Youssef Moussa, "Systems need to become more complex, more intuitive ... and there's a greater need to access information on a real time basis".

Of course, if you get the priorities and access levels wrong, there is the chance for your important data to go where you don't want it to. And when that happens, it may not be all that apparent. Logica's Ajoy Ghosh looks at it from the consumer's point of view. "As a consumer, how do I know when my data has entered the public domain? Data breach reporting needs to be legislated in this country."

The recent security breaches involving RSA and Sony were hot topics around the table, and Ghosh thought they might even spur the government into drawing up new regulations. "I know for a fact that recent breaches, and the surrounding publicity, have caused the privacy commissioner to move much more rapidly than he otherwise would have."

Dimension Data's Neil Campbell had a slightly different take on the need for regulations. "I understand there's been quite an outcry about the delay in Sony releasing information about the breach to the public, but, without being an apologist for Sony, I think it can sometimes be very difficult to tell when a breach has actually happened. And accurate information must be gathered before it can be released to the media."

So while everyone seemed to feel that there were still issues to be dealt with in document security, there were solutions described in which headway is indeed being made.

Please sign up to the ZDNet newsletter for notifications of future roundtable discussions, and if you have ideas for topics, please send them to ZDNet Australia. We'd love to hear from you.

Editorial standards