This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
Recently I was engaged by a large corporation for a writing project to support a product launch. This project had a small team of people who needed to collaborate on developing some promotional materials using content that had to remain confidential until launch day.
The company was so protective of the content's secrecy that it provided me with a company-issued laptop computer, VPN access to their network, and a login ID for their network. In particular, I was given behind-the-firewall access to the SharePoint repository where the in-progress documents were kept. This way I was fully integrated into the internal team for the duration of the project, and the confidential documents would never have to leave the safety of the company's network.
That is, until the materials had to go outside the company for graphics design and printing. This portion of the work was being done pre-launch, so the confidentiality of the content was still a high priority. Nevertheless, the project manager emailed the documents to the graphics art company. And with the simple act of emailing the documents, the project team's efforts to protect the sensitive content seemed like a waste.
Everyone knows (or should know) that email is not a secure medium for transmitting documents with confidential content. Once the documents are sent as an attachment, there's no control over what happens to them. They can be forwarded, edited, printed, or viewed by unauthorized people—especially if the documents don't have any embedded security like digital rights management, or external controls such as encryption.
Fortunately, in this case, nothing happened to the documents once they left the safety of the SharePoint library, but clearly the treatment of these documents was against the company's data handling policies for confidential information.
The scenario I just described is certainly not unique. This kind of thing happens all the time because people need to get work done but they don't have easy access to the tools that can enable collaboration while simultaneously securing important information. Given a choice between keeping a project on track and stopping work to observe a corporate security policy, most people will plow ahead with the work, and the policy be damned!
But what if the information holds a protected class of data that is regulated by law? For instance, medical information regulated by HIPAA, or financial information under the regulation of SOX or GLBA? Choosing to ignore the security policies could have serious ramifications such as fines, lawsuits or even criminal prosecution.
Intralinks argues that there's no need to force a no-win choice between productivity or document security. The company says its Content Collaboration Network (CCN) makes it possible to have secure collaboration among internal workers and external parties, even if the documents are in a SharePoint repository behind a firewall. With CCN, it says, documents can be secured with encryption, rights management and access controls to satisfy corporate policies and regulatory requirements.
The Content Collaboration Network is based on the Intralinks cloud-based platform for document synchronization/sharing and collaboration (see Intralinks is built from the ground up for secure enterprise file sharing and collaboration). CCN provides additional capabilities on top of the already strong collaboration platform by adding API connectors for tight integration with enterprise storage systems such as SharePoint, FileNet and Documentum, and cloud services like Box and Dropbox. These integrations mean documents can be stored in an organization's existing storage repository while allowing a copy to be pulled into an Intralinks workspace for sharing and collaboration. If changes are made to a document in Intralinks, those changes can be synchronized back to SharePoint, FileNet, etc.
The Intralinks platform is built around the concept of a workspace. The owner of the workspace determines who is invited to come in and work with documents there. The invitation, which is sent via email, can go to internal or external people. The email contains a link to the cloud-based location of the workspace. There is no need for members of the workspace to download any agent. Their user identity, which is specified within the workspace, authenticates as they login.
The workspace owner assigns roles for the workspace users, and the roles determine what each person is permitted to do with various files: view, edit, print, etc. The roles create one layer of security for the documents in the workspace. Other layers are created with encryption and information rights management (IRM).
IRM is important as it embeds security into a document for the life of that document. It controls who can do what with the document, even if it is taken out of the Intralinks workspace. IRM forces a user to validate his credentials every time he accesses the document. If the credentials are no longer valid, the person cannot access the file. Say an employee downloads a document from the workspace to his laptop the day before he quits his job. He had permission to access that file before he resigned. Once the worker quit, the document owner could revoke all permissions for him to do anything with the document. His old credentials can't open the file anymore.
CCN layers in the ability to share documents for collaboration without having to abandon or duplicate the storage capabilities of existing data repositories. An enterprise that is heavily invested in SharePoint can simply add a piece of software called a connector to give a one-way or two-way link between documents in SharePoint and the Intralinks platform. The SharePoint connector is available now, and Intralinks will soon deliver connectors for FileNet, Documentum, Box and Dropbox.
Intralinks is known for providing secure workspaces for highly regulated industries and organizations that have high value intellectual property. In fact, one of the first organizations to utilize the SharePoint connecter of the Content Collaboration Network is a U.S. federal agency that has oversight of the U.S. banking industry. Financial institutions of a certain size are required to submit highly confidential information to this regulatory agency on a quarterly basis. The banks submit their documents to an Intralinks workspace, and the agency puts each bank's documents into a separate SharePoint library. In this way, the documents are secured throughout every step of the process.
The business world is going the way of content collaboration, where people from disparate organizations need to share and work with high value information. The Intralinks Content Collaboration Network makes it easier to fit secure processes into existing document infrastructures.