By Soujanya Madhurapantula, Senior Product Manager at NextLabs
I have had the same conversation with a lot of our customers… it keeps me awake at night.
Here is how many customers have described it to me:
We have millions of documents sitting in our enterprise application servers that we know are accessible to all our users. We are subject to regulations that require us to identify classified documents within these large sets of data, and segregate them into restricted servers. It is also important for us to restrict users from storing documents in the wrong servers. We are not sure how to segregate this data and put them into the right physical servers. This project is so complex, we do not even know where to start.
This is the problem of Content Segregation. We would all agree that Enterprise Content Management applications are very important in the day-to-day operations of the business: an essential part of the Global Collaborative business process. However, these applications have not adequately addressed the need for content segregation. Enterprise and Security Architects are looking for more sophisticated ways to secure and manage the data that is created, stored and shared and in these applications.
Content Segregation is necessary. Right Now.
Many organizations are fearful of or prohibited from placing data in certain physical servers or cloud storage due to restrictions on data access or compliance with government or industry regulations. These are often referred to as data residency or data sovereignty regulations.
For example, in the US, ITAR/EAR regulated data cannot be stored, backed-up or transferred through a server physically located outside of the US. Similarly, European data protection laws prohibit personal data from moving outside of the European Union (EU) or even specific country borders.
These regulations are different from the well-known and well understood access control rules. The problem these data owners and security architects are facing is not around access controls, but around physical storage of data when created, caching of data when accessed, and storage of data in transit.
Securing Content Access and Storage: Are these sufficient?
Enterprise and Security architects are often asked to implement solutions to make sure unauthorized users cannot access or use classified, sensitive data.
Most content management applications, such as SharePoint, address security concerns through features like access controls, rights management and audit logs. However, these controls only work to restrict users from accessing or using content, and tries to provide a trail of any such access. But they wouldn’t prevent the user from storing or caching the data in an unauthorized physical server.
Other applications provide data encryption or tokenization. These options get around the issues of data security, residency and privacy by obfuscating the data that goes into the servers. These techniques mask the content from the end users but do not address the data residency requirements.
Is data residency and content segregation a challenge for you?
How do we make sure our data is stored and cached in the right place?
How can we identify and segregate data automatically?
What would a complete solution look like? What are the key requirements?
I would be interested in your thoughts and feedback on what you do to address these issues.