Applications using Content Services Platforms (CSPs) aka Enterprise Content Management (ECM) systems in 2020 need to have a clear focus on security.
Well, duh. Let’s dive deeper…
Especially during the pandemic, with employees shifting from working inside offices to working from home, more and more companies are realizing that a CSP should not just be for organizing content. What’s even more important is understanding how these digital assets are being used, when they are being accessed, by whom, and for how long.
One of the most common mistakes we see with companies we work with is they think the best path forward for integrating a CSP into their organization is to try it within a single department or application area, and think it can then magically grow without much oversight or guidance or review. In reality, what makes a CSP effective in the first place is understanding the basic context of content access patterns by users within the company as a whole.
- What is the volume of content?
- What are the content access use cases?
- Where are the users located?
- How secure does this content need to be?
- How will the users search for content?
And there are usually multiple answers to these questions, which means the wrong approach is to go out and purchase an enterprise license and believe all the company’s needs will be satisfied.
If you are looking to expand CSP across your business, here are some questions you should ask to determine what the users’ expectations are:
1. Where should the content be located and what usage parameters should you be tracking?
The purpose of having CSP applications is to help team members get things done faster, find the information they are searching for, while at the same time protecting the information they have access to.
Most companies don’t know, however, that by tracking certain action steps, you can dramatically improve and optimize your efficiencies within the organization. For example, if you have a group of users in Malta who are working on a project, and they are requesting access to content based in Houston, you can actually detect whether they are experiencing slower response and bad performance, and move that content closer to them temporarily by using caching services.
CSP management capabilities should detect these sorts of inefficiencies, and then, based on the type of content being accessed, the administrators would be able to grant cache-type access. That way, the team in Malta isn’t using as much bandwidth and doesn’t have to wait as long, and, as a result, cost goes down and everyone ends up happier.
2. How sensitive is this content, and does it need to be restricted?
Another big inefficiency within businesses is feeling the need to put restrictions on all company content.
The reality is, not all content is going to need the same permissions over the content lifecycle. Some content can later live in an open SharePoint site instead of behind a document management repository, simply because it’s not that sensitive after public disclosure. There’s nothing confidential—even if it’s still intended for internal use only.
The takeaway here should be to then move those files to more accessible entry points, improve everyone’s response time, reduce the amount of network impact, and make better use of the CSP. That’s the intended use of a true CSP—not just organizing the files, but organizing them based on user access patterns and locations, role-based security, and accessibility.
3. Are the correct risks being balanced for each type of content?
If content is being classified incorrectly within a CSP, that’s an even bigger issue.
When that happens, you don’t have the correct permissions being applied to the risks associated with that content type. For example:
- Team members should be using at least two-factor authentication to access company content-sensitive information.
- Employees should be using a VPN for corporate activities.
- Personal devices should not be used to access confidential information within the company (especially in today’s world—you shouldn’t be able to pull the M&A business plan up on your personal iPad on the wifi at your favorite coffee establishments.).
Personal device usage and security is becoming a very serious problem within companies. According to a recent industry report, “Among those who are not self-employed and receive a work device from their employer, a slight majority (55%) also use their work device for personal use. It is common for the majority (55%) of Americans to use their employer-provided work device for personal use and over one-third (38%) consider an employer-provided work device to be their ‘primary’ device for use at home.”
Again, as more businesses have shifted to remote-first workforces, it’s this security and personal use component that is becoming a higher and higher priority. Not only do companies want to better understand the efficiencies of their remote workers. Are they doing ineffective, wildcard searches? Do they know where things are? Do they need additional training? But also, companies want to know how their content is being accessed outside of the office.
What content is being searched for, when?
And if someone is searching for something they shouldn’t be, is the system letting anyone know?
As companies continue to search for new ways to manage their employees, especially in remote environments, content management systems that simultaneously monitor security and measure performance will become more and more crucial. If there was ever a time to begin investing in these types of technologies, right now is it.
